454a93f9001bdcd5882032621ad317f4f02cfe010c09c25211bcaeb623b08847

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
Size

432KB
MD5

f43e5d9af312cbf4b6fe54c8493e0461
SHA1

a134b90b4a6ef9316679711ef273da410a7c8a19
SHA256

454a93f9001bdcd5882032621ad317f4f02cfe010c09c25211bcaeb623b08847
SHA512

0240c72ea13fa520eb4b030d7f977732707962607459c4677d187eea21a9fad506b8fd18a57ccdd2889b6393de73486c9336128e948fcea457c5ec5bbacc58e6
SSDEEP

6144:OJRFTYCpsu2v3BeRUyqinBazIVDNPHRCHMi9KQsa7WOwofXbCQ:Wh8v8UknBasVDN5Cl9tJ73XX

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Drivers\Dbgv.sys	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\DBGV\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\Dbgv.sys"	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\DBGV\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\Dbgv.sys"	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\Q:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\U:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\W:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\X:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\E:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\O:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\P:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\S:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\T:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\Y:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\M:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\K:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\Z:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\J:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\I:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\L:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\N:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\R:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\V:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened (read-only)	\??\H:	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\wbengine.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\lsass.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\locator.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\vds.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\tieringengineservice.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\Appvclient.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\msiexec.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\spectrum.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\Agentservice.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.ivr	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\fxssvc.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\sensordataservice.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\sgrmbroker.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\msiexec.ivr	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\vssvc.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\dllhost.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\diagsvcs\diagnosticshub.standardcollector.service.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\wbem\wmiApsrv.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\perceptionsimulation\perceptionsimulationservice.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\perfhost.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\searchindexer.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\msdtc.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\snmptrap.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\openssh\ssh-agent.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\program files\windows media player\wmpnetwk.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\misc.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
File opened for modification	\??\c:\windows\servicing\trustedinstaller.exe	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
3492	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
3492	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	3492	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	3492	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	3492	f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f43e5d9af312cbf4b6fe54c8493e0461_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Filesize
618KB

MD5
0bd9446dd805382b802cbf9bb345bceb

SHA1
090cc43c4b384b728e516207087972371b0ca651

SHA256
56412e8f43213d6d081e7e4f73986cc8a81e7b807a4d9acf48be767b28b6b3ff

SHA512
693289bf7a33c9091e0733dd33e16cba859c60b6c7697ae41208350d7d80309bcfab7e5978eb0bdcce6209cdffa28798ea490f0fd6b879abe19eea05a1e2b405

Download Submit
C:\Windows\SysWOW64\msiexec.ivr

Filesize
254KB

MD5
e42d7dbaf78740252d58bb068b079c59

SHA1
612da61a888105d819e67d17d43ed98d24db8f4a

SHA256
3d32bf28b98d00ca65c4ec019b565866bd6b0abfef343baad3db1bb479143c3e

SHA512
f724ae7a70c8d65dd35c2eac954a20e64ed044174f7450a5070b6bd42b7e09a575ae83832e130ff389949d0f60be86fb33834ec6587d82a66db43127b06403b6

Download Submit
memory/3492-0-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads