colibri | 1c6643b479614340097a8071c9f880688af5a82db7b6e755beafe7301eea1abf

Analysis

max time kernel
15s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jfilyg7.exe
Size

383KB
MD5

96b5dcad2ade88e0c99e84b4869224e7
SHA1

f23d4988ca9ef6fcf9e219dd249eff9988d5f7c5
SHA256

722c36abd195cce70ee25b48d6e64873262e046eae7433976120a1496f01487d
SHA512

8ed9e7fa921b1c75ac6aec5016c138f213b0ff6341d263783d716db530da076794336bc02d6c9b141850d0250bf11b60d0ac401425dbfd13d8904a359284fb85
SSDEEP

6144:9NYLVv8Annhw3I54dDhfZfx6k/ZuCsmK4XShgtf:tIidDBZflr

Score

10^/10

colibri warzonerat build1 infostealer loader persistence rat

Malware Config

Extracted

Family

warzonerat

darkfox.ddns.net:443

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

rc4.plain

Signatures

Colibri Loader
A loader sold as MaaS first seen in August 2021.
loader colibri
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT payload 41 IoCs

rat

resource	yara_rule
behavioral2/memory/2388-3-0x0000000001350000-0x0000000001450000-memory.dmp	warzonerat
behavioral2/memory/2388-7-0x0000000001350000-0x0000000001450000-memory.dmp	warzonerat
behavioral2/memory/1648-10-0x0000000000400000-0x000000000055A000-memory.dmp	warzonerat
behavioral2/memory/3080-14-0x0000000001540000-0x0000000001640000-memory.dmp	warzonerat
behavioral2/memory/1648-17-0x0000000000400000-0x000000000055A000-memory.dmp	warzonerat
behavioral2/memory/1648-18-0x0000000000400000-0x000000000055A000-memory.dmp	warzonerat
behavioral2/memory/1648-30-0x0000000000400000-0x000000000055A000-memory.dmp	warzonerat
behavioral2/memory/1500-29-0x00000000011A0000-0x00000000012A0000-memory.dmp	warzonerat
behavioral2/memory/3196-35-0x0000000000780000-0x0000000000880000-memory.dmp	warzonerat
behavioral2/memory/3196-36-0x0000000000780000-0x0000000000880000-memory.dmp	warzonerat
behavioral2/memory/376-46-0x0000000000CB0000-0x0000000000DB0000-memory.dmp	warzonerat
behavioral2/memory/1976-41-0x0000000000A70000-0x0000000000B70000-memory.dmp	warzonerat
behavioral2/memory/376-49-0x0000000000CB0000-0x0000000000DB0000-memory.dmp	warzonerat
behavioral2/memory/2964-59-0x0000000000E80000-0x0000000000F80000-memory.dmp	warzonerat
behavioral2/memory/2028-68-0x0000000000B50000-0x0000000000C50000-memory.dmp	warzonerat
behavioral2/memory/4464-70-0x00000000011A0000-0x00000000012A0000-memory.dmp	warzonerat
behavioral2/memory/4664-80-0x0000000000B30000-0x0000000000C30000-memory.dmp	warzonerat
behavioral2/memory/4664-84-0x0000000000B30000-0x0000000000C30000-memory.dmp	warzonerat
behavioral2/memory/4140-86-0x0000000000B00000-0x0000000000C00000-memory.dmp	warzonerat
behavioral2/memory/4140-88-0x0000000000B00000-0x0000000000C00000-memory.dmp	warzonerat
behavioral2/memory/4332-92-0x0000000000CF0000-0x0000000000DF0000-memory.dmp	warzonerat
behavioral2/memory/4332-96-0x0000000000CF0000-0x0000000000DF0000-memory.dmp	warzonerat
behavioral2/memory/2028-100-0x0000000000B50000-0x0000000000C50000-memory.dmp	warzonerat
behavioral2/memory/3328-108-0x0000000000790000-0x0000000000890000-memory.dmp	warzonerat
behavioral2/memory/1940-111-0x00000000009C0000-0x0000000000AC0000-memory.dmp	warzonerat
behavioral2/memory/4664-121-0x0000000000B30000-0x0000000000C30000-memory.dmp	warzonerat
behavioral2/memory/984-127-0x00000000007A0000-0x00000000008A0000-memory.dmp	warzonerat
behavioral2/memory/4140-131-0x0000000000B00000-0x0000000000C00000-memory.dmp	warzonerat
behavioral2/memory/2232-133-0x00000000008F0000-0x00000000009F0000-memory.dmp	warzonerat
behavioral2/memory/2232-138-0x00000000008F0000-0x00000000009F0000-memory.dmp	warzonerat
behavioral2/memory/436-146-0x0000000000CF0000-0x0000000000DF0000-memory.dmp	warzonerat
behavioral2/memory/4332-139-0x0000000000CF0000-0x0000000000DF0000-memory.dmp	warzonerat
behavioral2/memory/2464-119-0x0000000001380000-0x0000000001480000-memory.dmp	warzonerat
behavioral2/memory/4932-114-0x0000000000E60000-0x0000000000F60000-memory.dmp	warzonerat
behavioral2/memory/4464-105-0x00000000011A0000-0x00000000012A0000-memory.dmp	warzonerat
behavioral2/memory/2964-99-0x0000000000E80000-0x0000000000F80000-memory.dmp	warzonerat
behavioral2/memory/4052-98-0x0000000000970000-0x0000000000A70000-memory.dmp	warzonerat
behavioral2/memory/4932-78-0x0000000000E60000-0x0000000000F60000-memory.dmp	warzonerat
behavioral2/memory/2964-62-0x0000000000E80000-0x0000000000F80000-memory.dmp	warzonerat
behavioral2/memory/1304-54-0x00000000006F0000-0x00000000007F0000-memory.dmp	warzonerat
behavioral2/memory/1304-53-0x00000000006F0000-0x00000000007F0000-memory.dmp	warzonerat

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat	jfilyg7.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start	jfilyg7.exe

Executes dropped EXE 64 IoCs

pid	Process
3080	conhost.exe
408	conhost.exe
1500	MSCommonDriver.exe
3196	MSCommonDriver.exe
1976	MSCommonDriver.exe
376	MSCommonDriver.exe
1304	MSCommonDriver.exe
2964	MSCommonDriver.exe
2028	MSCommonDriver.exe
4464	MSCommonDriver.exe
4932	MSCommonDriver.exe
4664	MSCommonDriver.exe
4140	MSCommonDriver.exe
4332	MSCommonDriver.exe
4052	MSCommonDriver.exe
3328	MSCommonDriver.exe
1940	MSCommonDriver.exe
2464	MSCommonDriver.exe
3324	MSCommonDriver.exe
984	MSCommonDriver.exe
2232	MSCommonDriver.exe
5084	MSCommonDriver.exe
436	MSCommonDriver.exe
756	conhost.exe
1492	MSCommonDriver.exe
3308	conhost.exe
4000	MSCommonDriver.exe
4956	conhost.exe
1132	MSCommonDriver.exe
3208	MSCommonDriver.exe
3724	MSCommonDriver.exe
4516	MSCommonDriver.exe
2816	MSCommonDriver.exe
4336	MSCommonDriver.exe
3296	MSCommonDriver.exe
4092	MSCommonDriver.exe
1008	MSCommonDriver.exe
3180	MSCommonDriver.exe
3396	MSCommonDriver.exe
4212	MSCommonDriver.exe
1964	MSCommonDriver.exe
4472	MSCommonDriver.exe
4476	MSCommonDriver.exe
3716	MSCommonDriver.exe
376	MSCommonDriver.exe
4012	MSCommonDriver.exe
5068	MSCommonDriver.exe
2872	MSCommonDriver.exe
3680	MSCommonDriver.exe
4664	MSCommonDriver.exe
2996	MSCommonDriver.exe
3272	MSCommonDriver.exe
4428	MSCommonDriver.exe
4924	MSCommonDriver.exe
5052	MSCommonDriver.exe
1320	MSCommonDriver.exe
3096	MSCommonDriver.exe
1012	MSCommonDriver.exe
1100	MSCommonDriver.exe
3436	MSCommonDriver.exe
4048	MSCommonDriver.exe
460	MSCommonDriver.exe
756	MSCommonDriver.exe
4184	MSCommonDriver.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSCommonDriver = "C:\\Users\\Admin\\Documents\\MSCommonDriver.exe"	jfilyg7.exe

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 2388 set thread context of 1648	2388	jfilyg7.exe	86
PID 3080 set thread context of 408	3080	conhost.exe	87
PID 3308 set thread context of 4956	3308	conhost.exe	116
PID 3984 set thread context of 4592	3984	conhost.exe	160
PID 3396 set thread context of 4368	3396	conhost.exe	208

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Documents\Documents:ApplicationData	jfilyg7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3080	2388	jfilyg7.exe	85
PID 2388 wrote to memory of 3080	2388	jfilyg7.exe	85
PID 2388 wrote to memory of 3080	2388	jfilyg7.exe	85
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 2388 wrote to memory of 1648	2388	jfilyg7.exe	86
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 3080 wrote to memory of 408	3080	conhost.exe	87
PID 1648 wrote to memory of 1500	1648	jfilyg7.exe	91
PID 1648 wrote to memory of 1500	1648	jfilyg7.exe	91
PID 1648 wrote to memory of 1500	1648	jfilyg7.exe	91
PID 1500 wrote to memory of 3196	1500	MSCommonDriver.exe	92
PID 1500 wrote to memory of 3196	1500	MSCommonDriver.exe	92
PID 1500 wrote to memory of 3196	1500	MSCommonDriver.exe	92
PID 3196 wrote to memory of 1976	3196	MSCommonDriver.exe	93
PID 3196 wrote to memory of 1976	3196	MSCommonDriver.exe	93
PID 3196 wrote to memory of 1976	3196	MSCommonDriver.exe	93
PID 1976 wrote to memory of 376	1976	MSCommonDriver.exe	94
PID 1976 wrote to memory of 376	1976	MSCommonDriver.exe	94
PID 1976 wrote to memory of 376	1976	MSCommonDriver.exe	94
PID 376 wrote to memory of 1304	376	MSCommonDriver.exe	95
PID 376 wrote to memory of 1304	376	MSCommonDriver.exe	95
PID 376 wrote to memory of 1304	376	MSCommonDriver.exe	95
PID 1304 wrote to memory of 2964	1304	MSCommonDriver.exe	96
PID 1304 wrote to memory of 2964	1304	MSCommonDriver.exe	96
PID 1304 wrote to memory of 2964	1304	MSCommonDriver.exe	96
PID 2964 wrote to memory of 2028	2964	MSCommonDriver.exe	97
PID 2964 wrote to memory of 2028	2964	MSCommonDriver.exe	97
PID 2964 wrote to memory of 2028	2964	MSCommonDriver.exe	97
PID 2028 wrote to memory of 4464	2028	MSCommonDriver.exe	98
PID 2028 wrote to memory of 4464	2028	MSCommonDriver.exe	98
PID 2028 wrote to memory of 4464	2028	MSCommonDriver.exe	98
PID 4464 wrote to memory of 4932	4464	MSCommonDriver.exe	99
PID 4464 wrote to memory of 4932	4464	MSCommonDriver.exe	99
PID 4464 wrote to memory of 4932	4464	MSCommonDriver.exe	99
PID 4932 wrote to memory of 4664	4932	MSCommonDriver.exe	100
PID 4932 wrote to memory of 4664	4932	MSCommonDriver.exe	100
PID 4932 wrote to memory of 4664	4932	MSCommonDriver.exe	100
PID 4664 wrote to memory of 4140	4664	MSCommonDriver.exe	101
PID 4664 wrote to memory of 4140	4664	MSCommonDriver.exe	101
PID 4664 wrote to memory of 4140	4664	MSCommonDriver.exe	101
PID 4140 wrote to memory of 4332	4140	MSCommonDriver.exe	102
PID 4140 wrote to memory of 4332	4140	MSCommonDriver.exe	102
PID 4140 wrote to memory of 4332	4140	MSCommonDriver.exe	102
PID 4332 wrote to memory of 4052	4332	MSCommonDriver.exe	103
PID 4332 wrote to memory of 4052	4332	MSCommonDriver.exe	103
PID 4332 wrote to memory of 4052	4332	MSCommonDriver.exe	103
PID 4052 wrote to memory of 3328	4052	MSCommonDriver.exe	104
PID 4052 wrote to memory of 3328	4052	MSCommonDriver.exe	104
PID 4052 wrote to memory of 3328	4052	MSCommonDriver.exe	104
PID 3328 wrote to memory of 1940	3328	MSCommonDriver.exe	105

C:\Users\Admin\AppData\Local\Temp\jfilyg7.exe
"C:\Users\Admin\AppData\Local\Temp\jfilyg7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2388
- C:\ProgramData\conhost.exe
  "C:\ProgramData\conhost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3080
- - C:\ProgramData\conhost.exe
    "C:\ProgramData\conhost.exe"
    3⤵
    - Executes dropped EXE
    PID:408
- C:\Users\Admin\AppData\Local\Temp\jfilyg7.exe
  "C:\Users\Admin\AppData\Local\Temp\jfilyg7.exe"
  2⤵
  - Drops startup file
  - Adds Run key to start application
  - NTFS ADS
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\Documents\MSCommonDriver.exe
    "C:\Users\Admin\Documents\MSCommonDriver.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1500
  - - C:\Users\Admin\Documents\MSCommonDriver.exe
      "C:\Users\Admin\Documents\MSCommonDriver.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3196
    - - C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1976
      - C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:376
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1304
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2964
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4464
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4932
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4664
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4140
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4332
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4052
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3328
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        17⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        18⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        19⤵
        Executes dropped EXE
        
        PID:3324
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        20⤵
        Executes dropped EXE
        
        PID:984
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        21⤵
        Executes dropped EXE
        
        PID:2232
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        22⤵
        Executes dropped EXE
        
        PID:5084
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        23⤵
        Executes dropped EXE
        
        PID:436
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        24⤵
        Executes dropped EXE
        
        PID:756
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3308
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        26⤵
        Executes dropped EXE
        
        PID:4956
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        24⤵
        Executes dropped EXE
        
        PID:1492
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        25⤵
        Executes dropped EXE
        
        PID:4000
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        26⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        27⤵
        Executes dropped EXE
        
        PID:3208
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        28⤵
        Executes dropped EXE
        
        PID:3724
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        29⤵
        Executes dropped EXE
        
        PID:4516
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        30⤵
        Executes dropped EXE
        
        PID:2816
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        31⤵
        Executes dropped EXE
        
        PID:4336
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        32⤵
        Executes dropped EXE
        
        PID:3296
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        33⤵
        Executes dropped EXE
        
        PID:4092
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        34⤵
        Executes dropped EXE
        
        PID:1008
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        35⤵
        Executes dropped EXE
        
        PID:3180
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        36⤵
        Executes dropped EXE
        
        PID:3396
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        37⤵
        Executes dropped EXE
        
        PID:4212
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        38⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        39⤵
        Executes dropped EXE
        
        PID:4472
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        40⤵
        Executes dropped EXE
        
        PID:4476
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        41⤵
        Executes dropped EXE
        
        PID:3716
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        42⤵
        Executes dropped EXE
        
        PID:376
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        43⤵
        Executes dropped EXE
        
        PID:4012
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        44⤵
        Executes dropped EXE
        
        PID:5068
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        45⤵
        Executes dropped EXE
        
        PID:2872
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        46⤵
        Executes dropped EXE
        
        PID:3680
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        47⤵
        Executes dropped EXE
        
        PID:4664
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        48⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        49⤵
        Executes dropped EXE
        
        PID:3272
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        50⤵
        Executes dropped EXE
        
        PID:4428
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        51⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        52⤵
        Executes dropped EXE
        
        PID:5052
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        53⤵
        Executes dropped EXE
        
        PID:1320
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        54⤵
        Executes dropped EXE
        
        PID:3096
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        55⤵
        Executes dropped EXE
        
        PID:1012
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        56⤵
        Executes dropped EXE
        
        PID:1100
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        57⤵
        Executes dropped EXE
        
        PID:3436
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        58⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        59⤵
        Executes dropped EXE
        
        PID:460
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        60⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        61⤵
        Executes dropped EXE
        
        PID:4184
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        62⤵
        
        PID:4656
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        63⤵
        
        PID:1444
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        64⤵
        
        PID:436
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        65⤵
        Suspicious use of SetThreadContext
        
        PID:3984
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        66⤵
        
        PID:4592
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        65⤵
        
        PID:3208
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        66⤵
        
        PID:3548
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        67⤵
        
        PID:2816
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        68⤵
        
        PID:4936
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        69⤵
        
        PID:2388
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        70⤵
        
        PID:3344
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        71⤵
        
        PID:2896
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        72⤵
        
        PID:4388
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        73⤵
        
        PID:4320
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        74⤵
        
        PID:4044
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        75⤵
        
        PID:4364
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        76⤵
        
        PID:2628
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        77⤵
        
        PID:4704
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        78⤵
        
        PID:4520
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        79⤵
        
        PID:2156
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        80⤵
        
        PID:1616
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        81⤵
        
        PID:2248
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        82⤵
        
        PID:1120
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        83⤵
        
        PID:1568
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        84⤵
        
        PID:988
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        85⤵
        
        PID:508
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        86⤵
        
        PID:4796
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        87⤵
        
        PID:4924
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        88⤵
        
        PID:4408
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        89⤵
        
        PID:1848
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        90⤵
        
        PID:2644
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        91⤵
        
        PID:3568
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        92⤵
        
        PID:4196
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        93⤵
        
        PID:4372
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        94⤵
        
        PID:4960
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        95⤵
        
        PID:4996
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        96⤵
        
        PID:1760
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        97⤵
        
        PID:4396
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        98⤵
        
        PID:2160
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        99⤵
        
        PID:3624
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        100⤵
        
        PID:3700
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        101⤵
        
        PID:3004
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        102⤵
        
        PID:3412
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        103⤵
        
        PID:3724
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        104⤵
        
        PID:1972
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        105⤵
        
        PID:4200
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        106⤵
        
        PID:396
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        107⤵
        
        PID:3080
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        108⤵
        
        PID:2692
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        109⤵
        Suspicious use of SetThreadContext
        
        PID:3396
        
        C:\ProgramData\conhost.exe
        
        "C:\ProgramData\conhost.exe"
        110⤵
        
        PID:4368
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        108⤵
        
        PID:4892
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        109⤵
        
        PID:1764
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        110⤵
        
        PID:4116
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        111⤵
        
        PID:1304
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        112⤵
        
        PID:2872
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        113⤵
        
        PID:3748
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        114⤵
        
        PID:4492
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        115⤵
        
        PID:748
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        116⤵
        
        PID:1520
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        117⤵
        
        PID:1332
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        118⤵
        
        PID:3420
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        119⤵
        
        PID:2732
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        120⤵
        
        PID:4924
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        121⤵
        
        PID:532
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        122⤵
        
        PID:1012
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        123⤵
        
        PID:2232
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        124⤵
        
        PID:1100
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        125⤵
        
        PID:888
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        126⤵
        
        PID:380
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        127⤵
        
        PID:2468
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        128⤵
        
        PID:4644
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        129⤵
        
        PID:1408
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        130⤵
        
        PID:4432
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        131⤵
        
        PID:4956
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        132⤵
        
        PID:1656
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        133⤵
        
        PID:3232
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        134⤵
        
        PID:1388
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        135⤵
        
        PID:3208
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        136⤵
        
        PID:3724
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        137⤵
        
        PID:4352
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        138⤵
        
        PID:5064
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        139⤵
        
        PID:912
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        140⤵
        
        PID:2012
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        141⤵
        
        PID:1204
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        142⤵
        
        PID:1192
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        143⤵
        
        PID:1008
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        144⤵
        
        PID:1564
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        145⤵
        
        PID:1584
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        146⤵
        
        PID:2132
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        147⤵
        
        PID:4704
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        148⤵
        
        PID:2552
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        149⤵
        
        PID:4140
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        150⤵
        
        PID:4240
        
        C:\Users\Admin\Documents\MSCommonDriver.exe
        
        "C:\Users\Admin\Documents\MSCommonDriver.exe"
        151⤵
        
        PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\conhost.exe

Filesize
52KB

MD5
d8e1495b46cded57eb1423b8bb789834

SHA1
db64bc20550e51c602dbb92d07c8f02842efebcc

SHA256
aa2d97b5be06be67ec04774ad681da6113ee2b4929c0539929bbac19926682c8

SHA512
8b785d7f8d5fdf12dd9a5414050d403e861fd3f9ac09bceebc57b2f178c6f145389783ed1035b5e6f9b627b3d4d978f3ad9bf8195d92e20f585ef92667e4cabb

Download Submit
C:\Users\Admin\Documents\MSCommonDriver.exe

Filesize
383KB

MD5
96b5dcad2ade88e0c99e84b4869224e7

SHA1
f23d4988ca9ef6fcf9e219dd249eff9988d5f7c5

SHA256
722c36abd195cce70ee25b48d6e64873262e046eae7433976120a1496f01487d

SHA512
8ed9e7fa921b1c75ac6aec5016c138f213b0ff6341d263783d716db530da076794336bc02d6c9b141850d0250bf11b60d0ac401425dbfd13d8904a359284fb85

Download Submit
memory/376-49-0x0000000000CB0000-0x0000000000DB0000-memory.dmp

Filesize
1024KB

Download
memory/376-44-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/376-46-0x0000000000CB0000-0x0000000000DB0000-memory.dmp

Filesize
1024KB

Download
memory/408-52-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/408-16-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/408-13-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/436-142-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/436-146-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/984-125-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/984-127-0x00000000007A0000-0x00000000008A0000-memory.dmp

Filesize
1024KB

Download
memory/1304-50-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/1304-54-0x00000000006F0000-0x00000000007F0000-memory.dmp

Filesize
1024KB

Download
memory/1304-53-0x00000000006F0000-0x00000000007F0000-memory.dmp

Filesize
1024KB

Download
memory/1500-28-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/1500-29-0x00000000011A0000-0x00000000012A0000-memory.dmp

Filesize
1024KB

Download
memory/1648-10-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1648-30-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1648-18-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1648-17-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1940-111-0x00000000009C0000-0x0000000000AC0000-memory.dmp

Filesize
1024KB

Download
memory/1940-110-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/1976-39-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/1976-41-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/2028-100-0x0000000000B50000-0x0000000000C50000-memory.dmp

Filesize
1024KB

Download
memory/2028-64-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/2028-68-0x0000000000B50000-0x0000000000C50000-memory.dmp

Filesize
1024KB

Download
memory/2232-130-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/2232-138-0x00000000008F0000-0x00000000009F0000-memory.dmp

Filesize
1024KB

Download
memory/2232-133-0x00000000008F0000-0x00000000009F0000-memory.dmp

Filesize
1024KB

Download
memory/2388-3-0x0000000001350000-0x0000000001450000-memory.dmp

Filesize
1024KB

Download
memory/2388-7-0x0000000001350000-0x0000000001450000-memory.dmp

Filesize
1024KB

Download
memory/2388-2-0x0000000000D60000-0x0000000000DC3000-memory.dmp

Filesize
396KB

Download
memory/2464-119-0x0000000001380000-0x0000000001480000-memory.dmp

Filesize
1024KB

Download
memory/2464-116-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/2964-99-0x0000000000E80000-0x0000000000F80000-memory.dmp

Filesize
1024KB

Download
memory/2964-59-0x0000000000E80000-0x0000000000F80000-memory.dmp

Filesize
1024KB

Download
memory/2964-57-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/2964-62-0x0000000000E80000-0x0000000000F80000-memory.dmp

Filesize
1024KB

Download
memory/3080-11-0x0000000000D50000-0x0000000000D60000-memory.dmp

Filesize
64KB

Download
memory/3080-14-0x0000000001540000-0x0000000001640000-memory.dmp

Filesize
1024KB

Download
memory/3196-36-0x0000000000780000-0x0000000000880000-memory.dmp

Filesize
1024KB

Download
memory/3196-33-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/3196-35-0x0000000000780000-0x0000000000880000-memory.dmp

Filesize
1024KB

Download
memory/3324-124-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/3328-108-0x0000000000790000-0x0000000000890000-memory.dmp

Filesize
1024KB

Download
memory/3328-103-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4052-95-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4052-98-0x0000000000970000-0x0000000000A70000-memory.dmp

Filesize
1024KB

Download
memory/4140-88-0x0000000000B00000-0x0000000000C00000-memory.dmp

Filesize
1024KB

Download
memory/4140-131-0x0000000000B00000-0x0000000000C00000-memory.dmp

Filesize
1024KB

Download
memory/4140-86-0x0000000000B00000-0x0000000000C00000-memory.dmp

Filesize
1024KB

Download
memory/4140-83-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4332-90-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4332-96-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/4332-139-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/4332-92-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/4464-67-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4464-105-0x00000000011A0000-0x00000000012A0000-memory.dmp

Filesize
1024KB

Download
memory/4464-70-0x00000000011A0000-0x00000000012A0000-memory.dmp

Filesize
1024KB

Download
memory/4664-121-0x0000000000B30000-0x0000000000C30000-memory.dmp

Filesize
1024KB

Download
memory/4664-84-0x0000000000B30000-0x0000000000C30000-memory.dmp

Filesize
1024KB

Download
memory/4664-80-0x0000000000B30000-0x0000000000C30000-memory.dmp

Filesize
1024KB

Download
memory/4664-77-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/4932-114-0x0000000000E60000-0x0000000000F60000-memory.dmp

Filesize
1024KB

Download
memory/4932-78-0x0000000000E60000-0x0000000000F60000-memory.dmp

Filesize
1024KB

Download
memory/4932-73-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download
memory/5084-136-0x0000000000490000-0x00000000004F3000-memory.dmp

Filesize
396KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads