resource	yara_rule
behavioral4/memory/3028-0-0x0000022E9D920000-0x0000022E9D958000-memory.dmp	family_gurcu_v3
behavioral4/files/0x000400000002a735-6.dat	family_gurcu_v3

resource	yara_rule
behavioral4/memory/3028-0-0x0000022E9D920000-0x0000022E9D958000-memory.dmp	family_zgrat_v1
behavioral4/files/0x000400000002a735-6.dat	family_zgrat_v1

pid	Process
1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3704	tor.exe
4736	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1996	tor.exe
3168	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4352	tor.exe
4848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3648	tor.exe
2188	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4908	tor.exe
1816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1040	tor.exe
4144	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2092	tor.exe
392	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3568	tor.exe
1160	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
756	tor.exe
4724	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4444	tor.exe
5072	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
5088	tor.exe
3816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2080	tor.exe
4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3140	tor.exe
396	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2260	tor.exe
3020	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3444	tor.exe
2492	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2224	tor.exe
3908	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3660	tor.exe
1288	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3632	tor.exe
4656	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2012	tor.exe
3136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
560	tor.exe
4540	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
1592	tor.exe
2136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
4944	tor.exe
1680	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2396	tor.exe
3928	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3060	tor.exe
4796	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2940	tor.exe
232	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3164	tor.exe
4080	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2344	tor.exe
4412	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
2700	tor.exe
3856	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3116	tor.exe
4084	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
3644	tor.exe
4276	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Key opened	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe

description	pid	Process
Token: SeDebugPrivilege	3028	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4736	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3168	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2188	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4144	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	392	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1160	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4724	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	5072	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	396	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3020	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2492	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3908	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1288	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4656	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4540	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	2136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	1680	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3928	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4796	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	232	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4080	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4412	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	3856	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4084	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe
Token: SeDebugPrivilege	4276	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe

description	pid	Process	procid_target
PID 3028 wrote to memory of 4144	3028	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	78
PID 3028 wrote to memory of 4144	3028	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	78
PID 4144 wrote to memory of 3872	4144	cmd.exe	80
PID 4144 wrote to memory of 3872	4144	cmd.exe	80
PID 4144 wrote to memory of 2272	4144	cmd.exe	81
PID 4144 wrote to memory of 2272	4144	cmd.exe	81
PID 4144 wrote to memory of 3660	4144	cmd.exe	82
PID 4144 wrote to memory of 3660	4144	cmd.exe	82
PID 4144 wrote to memory of 1600	4144	cmd.exe	83
PID 4144 wrote to memory of 1600	4144	cmd.exe	83
PID 1600 wrote to memory of 4620	1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	85
PID 1600 wrote to memory of 4620	1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	85
PID 1600 wrote to memory of 3704	1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	87
PID 1600 wrote to memory of 3704	1600	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	87
PID 4736 wrote to memory of 1996	4736	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	94
PID 4736 wrote to memory of 1996	4736	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	94
PID 3168 wrote to memory of 4352	3168	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	100
PID 3168 wrote to memory of 4352	3168	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	100
PID 4848 wrote to memory of 3648	4848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	104
PID 4848 wrote to memory of 3648	4848	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	104
PID 2188 wrote to memory of 4908	2188	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	110
PID 2188 wrote to memory of 4908	2188	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	110
PID 1816 wrote to memory of 1040	1816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	115
PID 1816 wrote to memory of 1040	1816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	115
PID 4144 wrote to memory of 2092	4144	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	119
PID 4144 wrote to memory of 2092	4144	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	119
PID 392 wrote to memory of 3568	392	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	125
PID 392 wrote to memory of 3568	392	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	125
PID 1160 wrote to memory of 756	1160	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	129
PID 1160 wrote to memory of 756	1160	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	129
PID 4724 wrote to memory of 4444	4724	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	134
PID 4724 wrote to memory of 4444	4724	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	134
PID 5072 wrote to memory of 5088	5072	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	139
PID 5072 wrote to memory of 5088	5072	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	139
PID 3816 wrote to memory of 2080	3816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	144
PID 3816 wrote to memory of 2080	3816	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	144
PID 4108 wrote to memory of 3140	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	149
PID 4108 wrote to memory of 3140	4108	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	149
PID 396 wrote to memory of 2260	396	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	155
PID 396 wrote to memory of 2260	396	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	155
PID 3020 wrote to memory of 3444	3020	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	159
PID 3020 wrote to memory of 3444	3020	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	159
PID 2492 wrote to memory of 2224	2492	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	164
PID 2492 wrote to memory of 2224	2492	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	164
PID 3908 wrote to memory of 3660	3908	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	170
PID 3908 wrote to memory of 3660	3908	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	170
PID 1288 wrote to memory of 3632	1288	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	175
PID 1288 wrote to memory of 3632	1288	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	175
PID 4656 wrote to memory of 2012	4656	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	179
PID 4656 wrote to memory of 2012	4656	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	179
PID 3136 wrote to memory of 560	3136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	184
PID 3136 wrote to memory of 560	3136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	184
PID 4540 wrote to memory of 1592	4540	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	189
PID 4540 wrote to memory of 1592	4540	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	189
PID 2136 wrote to memory of 4944	2136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	193
PID 2136 wrote to memory of 4944	2136	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	193
PID 1680 wrote to memory of 2396	1680	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	199
PID 1680 wrote to memory of 2396	1680	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	199
PID 3928 wrote to memory of 3060	3928	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	204
PID 3928 wrote to memory of 3060	3928	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	204
PID 4796 wrote to memory of 2940	4796	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	209
PID 4796 wrote to memory of 2940	4796	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	209
PID 232 wrote to memory of 3164	232	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	214
PID 232 wrote to memory of 3164	232	dba803bf0917907fad2aa9163b78a20ba8ba2b9a79cf105dede3a5acd821236aexe_JC.exe	214

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads