resource	yara_rule
behavioral4/memory/260-0-0x000002DCF2D20000-0x000002DCF2D58000-memory.dmp	family_gurcu_v3
behavioral4/files/0x000200000002a79c-8.dat	family_gurcu_v3
behavioral4/memory/1780-166-0x0000012E38D20000-0x0000012E38D30000-memory.dmp	family_gurcu_v3

resource	yara_rule
behavioral4/memory/260-0-0x000002DCF2D20000-0x000002DCF2D58000-memory.dmp	family_zgrat_v1
behavioral4/files/0x000200000002a79c-8.dat	family_zgrat_v1

pid	Process
2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1224	tor.exe
1156	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4244	tor.exe
1032	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4092	tor.exe
2148	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2780	tor.exe
2436	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1160	tor.exe
2416	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4324	tor.exe
2252	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1944	tor.exe
2800	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
872	tor.exe
3456	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4200	tor.exe
1780	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1544	tor.exe
4064	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
260	tor.exe
2316	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1624	tor.exe
4220	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
876	tor.exe
848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
420	tor.exe
3016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
492	tor.exe
4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1196	tor.exe
2612	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2780	tor.exe
3308	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3808	tor.exe
728	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1820	tor.exe
4560	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4800	tor.exe
4016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4648	tor.exe

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe

description	pid	Process
Token: SeDebugPrivilege	260	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1156	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1032	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2148	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2436	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2416	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2252	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2800	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3456	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1780	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4064	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2316	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4220	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2612	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3308	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	728	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4560	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe

description	pid	Process	procid_target
PID 260 wrote to memory of 1508	260	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	78
PID 260 wrote to memory of 1508	260	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	78
PID 1508 wrote to memory of 3016	1508	cmd.exe	80
PID 1508 wrote to memory of 3016	1508	cmd.exe	80
PID 1508 wrote to memory of 884	1508	cmd.exe	81
PID 1508 wrote to memory of 884	1508	cmd.exe	81
PID 1508 wrote to memory of 2648	1508	cmd.exe	82
PID 1508 wrote to memory of 2648	1508	cmd.exe	82
PID 1508 wrote to memory of 2476	1508	cmd.exe	83
PID 1508 wrote to memory of 2476	1508	cmd.exe	83
PID 2476 wrote to memory of 420	2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	85
PID 2476 wrote to memory of 420	2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	85
PID 2476 wrote to memory of 1224	2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	87
PID 2476 wrote to memory of 1224	2476	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	87
PID 1156 wrote to memory of 4244	1156	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	90
PID 1156 wrote to memory of 4244	1156	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	90
PID 1032 wrote to memory of 4092	1032	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	100
PID 1032 wrote to memory of 4092	1032	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	100
PID 2148 wrote to memory of 2780	2148	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	104
PID 2148 wrote to memory of 2780	2148	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	104
PID 2436 wrote to memory of 1160	2436	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	110
PID 2436 wrote to memory of 1160	2436	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	110
PID 2416 wrote to memory of 4324	2416	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	114
PID 2416 wrote to memory of 4324	2416	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	114
PID 2252 wrote to memory of 1944	2252	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	119
PID 2252 wrote to memory of 1944	2252	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	119
PID 2800 wrote to memory of 872	2800	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	124
PID 2800 wrote to memory of 872	2800	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	124
PID 3456 wrote to memory of 4200	3456	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	130
PID 3456 wrote to memory of 4200	3456	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	130
PID 1780 wrote to memory of 1544	1780	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	134
PID 1780 wrote to memory of 1544	1780	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	134
PID 4064 wrote to memory of 260	4064	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	140
PID 4064 wrote to memory of 260	4064	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	140
PID 2316 wrote to memory of 1624	2316	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	145
PID 2316 wrote to memory of 1624	2316	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	145
PID 4220 wrote to memory of 876	4220	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	148
PID 4220 wrote to memory of 876	4220	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	148
PID 848 wrote to memory of 420	848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	153
PID 848 wrote to memory of 420	848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	153
PID 3016 wrote to memory of 492	3016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	159
PID 3016 wrote to memory of 492	3016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	159
PID 4108 wrote to memory of 1196	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	165
PID 4108 wrote to memory of 1196	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	165
PID 2612 wrote to memory of 2780	2612	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	169
PID 2612 wrote to memory of 2780	2612	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	169
PID 3308 wrote to memory of 3808	3308	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	174
PID 3308 wrote to memory of 3808	3308	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	174
PID 728 wrote to memory of 1820	728	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	180
PID 728 wrote to memory of 1820	728	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	180
PID 4560 wrote to memory of 4800	4560	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	184
PID 4560 wrote to memory of 4800	4560	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	184
PID 4016 wrote to memory of 4648	4016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	190
PID 4016 wrote to memory of 4648	4016	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	190

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads