1718d8b476750bb27e79861a85e7fc97191feb02d6dd04a219f34123673e2739

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b447a0869a20eff4560ef0ad23446ad0.exe
Size

47KB
MD5

b447a0869a20eff4560ef0ad23446ad0
SHA1

af64e24d35e97e572119e8a59210b0de097bcc40
SHA256

1718d8b476750bb27e79861a85e7fc97191feb02d6dd04a219f34123673e2739
SHA512

4be7d3a6bce00185a4426635dcf1b47efac4abdaefb169ba635d130d47bf439554af0d49a5068e4f45ed1b0608005933a30a01faf18ee7c948bad4f58a42e42b
SSDEEP

768:ptnVPu2lqjMlhiAij7n+7HwoKS1dTL0UZ5tOcoYmsPehaaxxha5hz:phVNlub5+7Q0dc05ApYh2haigz

Score

10^/10

aspackv2 persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe System.exe"	servicas.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000700000001e59e-5.dat	aspack_v212_v242

Executes dropped EXE 64 IoCs

pid	Process
2340	System.exe
920	servicas.exe
3144	System.exe
3916	System.exe
1716	System.exe
4372	System.exe
4548	System.exe
1420	System.exe
4144	System.exe
3180	System.exe
2240	System.exe
4128	System.exe
908	System.exe
4084	System.exe
4500	System.exe
1220	System.exe
4312	System.exe
2996	System.exe
4716	System.exe
2176	System.exe
4792	System.exe
2632	System.exe
3144	System.exe
4936	System.exe
4828	System.exe
2508	System.exe
1484	System.exe
4364	System.exe
4600	System.exe
1956	System.exe
544	System.exe
848	System.exe
632	System.exe
5012	System.exe
1812	System.exe
2952	System.exe
2632	System.exe
2484	System.exe
4696	System.exe
4396	System.exe
1672	System.exe
3044	System.exe
2272	System.exe
1136	System.exe
4364	System.exe
4128	System.exe
2468	System.exe
868	System.exe
2068	System.exe
4476	System.exe
4512	System.exe
4844	System.exe
2632	System.exe
4908	System.exe
1172	System.exe
4080	System.exe
4948	System.exe
4032	System.exe
1752	System.exe
2396	System.exe
3392	System.exe
904	System.exe
5056	System.exe
1144	System.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\System.exe	b447a0869a20eff4560ef0ad23446ad0.exe
File opened for modification	C:\Windows\SysWOW64\System.exe	b447a0869a20eff4560ef0ad23446ad0.exe
File created	C:\Windows\SysWOW64\System.exe	System.exe
File created	C:\Windows\SysWOW64\System.exe	servicas.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\servicas.exe	b447a0869a20eff4560ef0ad23446ad0.exe
File opened for modification	C:\Windows\servicas.exe	b447a0869a20eff4560ef0ad23446ad0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2340	2632	b447a0869a20eff4560ef0ad23446ad0.exe	88
PID 2632 wrote to memory of 2340	2632	b447a0869a20eff4560ef0ad23446ad0.exe	88
PID 2632 wrote to memory of 2340	2632	b447a0869a20eff4560ef0ad23446ad0.exe	88
PID 2632 wrote to memory of 920	2632	b447a0869a20eff4560ef0ad23446ad0.exe	91
PID 2632 wrote to memory of 920	2632	b447a0869a20eff4560ef0ad23446ad0.exe	91
PID 2632 wrote to memory of 920	2632	b447a0869a20eff4560ef0ad23446ad0.exe	91
PID 920 wrote to memory of 3144	920	servicas.exe	93
PID 920 wrote to memory of 3144	920	servicas.exe	93
PID 920 wrote to memory of 3144	920	servicas.exe	93
PID 920 wrote to memory of 3916	920	servicas.exe	96
PID 920 wrote to memory of 3916	920	servicas.exe	96
PID 920 wrote to memory of 3916	920	servicas.exe	96
PID 920 wrote to memory of 1716	920	servicas.exe	99
PID 920 wrote to memory of 1716	920	servicas.exe	99
PID 920 wrote to memory of 1716	920	servicas.exe	99
PID 920 wrote to memory of 4372	920	servicas.exe	100
PID 920 wrote to memory of 4372	920	servicas.exe	100
PID 920 wrote to memory of 4372	920	servicas.exe	100
PID 920 wrote to memory of 4548	920	servicas.exe	102
PID 920 wrote to memory of 4548	920	servicas.exe	102
PID 920 wrote to memory of 4548	920	servicas.exe	102
PID 920 wrote to memory of 1420	920	servicas.exe	103
PID 920 wrote to memory of 1420	920	servicas.exe	103
PID 920 wrote to memory of 1420	920	servicas.exe	103
PID 920 wrote to memory of 4144	920	servicas.exe	105
PID 920 wrote to memory of 4144	920	servicas.exe	105
PID 920 wrote to memory of 4144	920	servicas.exe	105
PID 920 wrote to memory of 3180	920	servicas.exe	106
PID 920 wrote to memory of 3180	920	servicas.exe	106
PID 920 wrote to memory of 3180	920	servicas.exe	106
PID 920 wrote to memory of 2240	920	servicas.exe	108
PID 920 wrote to memory of 2240	920	servicas.exe	108
PID 920 wrote to memory of 2240	920	servicas.exe	108
PID 920 wrote to memory of 4128	920	servicas.exe	109
PID 920 wrote to memory of 4128	920	servicas.exe	109
PID 920 wrote to memory of 4128	920	servicas.exe	109
PID 920 wrote to memory of 908	920	servicas.exe	110
PID 920 wrote to memory of 908	920	servicas.exe	110
PID 920 wrote to memory of 908	920	servicas.exe	110
PID 920 wrote to memory of 4084	920	servicas.exe	111
PID 920 wrote to memory of 4084	920	servicas.exe	111
PID 920 wrote to memory of 4084	920	servicas.exe	111
PID 920 wrote to memory of 4500	920	servicas.exe	112
PID 920 wrote to memory of 4500	920	servicas.exe	112
PID 920 wrote to memory of 4500	920	servicas.exe	112
PID 920 wrote to memory of 1220	920	servicas.exe	113
PID 920 wrote to memory of 1220	920	servicas.exe	113
PID 920 wrote to memory of 1220	920	servicas.exe	113
PID 920 wrote to memory of 4312	920	servicas.exe	114
PID 920 wrote to memory of 4312	920	servicas.exe	114
PID 920 wrote to memory of 4312	920	servicas.exe	114
PID 920 wrote to memory of 2996	920	servicas.exe	115
PID 920 wrote to memory of 2996	920	servicas.exe	115
PID 920 wrote to memory of 2996	920	servicas.exe	115
PID 920 wrote to memory of 4716	920	servicas.exe	116
PID 920 wrote to memory of 4716	920	servicas.exe	116
PID 920 wrote to memory of 4716	920	servicas.exe	116
PID 920 wrote to memory of 2176	920	servicas.exe	117
PID 920 wrote to memory of 2176	920	servicas.exe	117
PID 920 wrote to memory of 2176	920	servicas.exe	117
PID 920 wrote to memory of 4792	920	servicas.exe	118
PID 920 wrote to memory of 4792	920	servicas.exe	118
PID 920 wrote to memory of 4792	920	servicas.exe	118
PID 920 wrote to memory of 2632	920	servicas.exe	119

C:\Users\Admin\AppData\Local\Temp\b447a0869a20eff4560ef0ad23446ad0.exe
"C:\Users\Admin\AppData\Local\Temp\b447a0869a20eff4560ef0ad23446ad0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\System.exe
  C:\Windows\system32\System.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2340
- C:\Windows\servicas.exe
  C:\Windows\servicas.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3144
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3916
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1716
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4372
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4548
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1420
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4144
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3180
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2240
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4128
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:908
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4084
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4500
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1220
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4312
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2996
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4716
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2176
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4792
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2632
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3144
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4936
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4828
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2508
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1484
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4364
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4600
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1956
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:544
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:848
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:632
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:5012
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1812
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2952
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2632
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2484
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4696
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4396
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1672
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3044
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2272
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1136
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4364
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4128
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2468
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:868
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2068
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4476
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4512
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4844
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2632
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4908
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1172
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4080
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4948
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:4032
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1752
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:2396
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:3392
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:904
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:5056
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    - Executes dropped EXE
    PID:1144
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3092
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1628
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:908
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4992
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3740
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3924
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4820
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1044
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4412
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4392
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1716
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1952
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2524
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4432
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4828
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4512
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1576
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4068
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1848
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3888
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1020
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1640
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2464
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1144
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:624
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:848
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:812
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3328
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1888
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:792
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1312
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4512
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3684
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:1432
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4032
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:2396
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:4356
- - C:\Windows\SysWOW64\System.exe
    C:\Windows\system32\System.exe
    3⤵
    PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\System.exe

Filesize
47KB

MD5
b447a0869a20eff4560ef0ad23446ad0

SHA1
af64e24d35e97e572119e8a59210b0de097bcc40

SHA256
1718d8b476750bb27e79861a85e7fc97191feb02d6dd04a219f34123673e2739

SHA512
4be7d3a6bce00185a4426635dcf1b47efac4abdaefb169ba635d130d47bf439554af0d49a5068e4f45ed1b0608005933a30a01faf18ee7c948bad4f58a42e42b

Download Submit
memory/544-93-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/632-98-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-95-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-96-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/868-139-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/904-179-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/908-191-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/908-43-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-13-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-126-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-90-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-148-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-32-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-70-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-108-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-41-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/920-51-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1044-202-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1136-127-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1144-182-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1144-184-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1172-157-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1220-53-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1420-29-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1420-28-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1484-81-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1576-225-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1628-189-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1628-210-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1672-118-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1716-22-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1716-209-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1752-170-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1812-103-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1952-211-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1956-89-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2068-142-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2068-141-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2176-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2240-37-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2272-124-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2340-9-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2396-172-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2468-137-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2484-111-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2508-79-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2524-213-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2524-215-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2632-109-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2632-68-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2632-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2632-14-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2632-153-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2952-105-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2996-57-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3044-120-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3044-121-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3092-187-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3144-16-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3144-71-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3180-35-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3392-176-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3740-195-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3916-19-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3924-197-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4032-167-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4080-160-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4084-46-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4128-40-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4128-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4144-31-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4312-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4364-84-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4364-131-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4372-24-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4392-207-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4396-115-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4412-205-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4432-217-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4476-145-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4476-144-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4500-48-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4512-147-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4512-223-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4548-26-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4600-87-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4696-113-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4716-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4792-64-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4792-65-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4820-199-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4828-77-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4828-221-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4844-151-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4908-155-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4936-75-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4948-162-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4992-193-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4992-216-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5012-101-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5056-204-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5056-181-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads