blackbasta | 58edd2a0980b15f7fc6c892011751a30c134757142a54c2cedcbba4af2cbf855

General

Target

2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
Size

1.7MB
MD5

4d9374c7352452ff60805fd2026288ef
SHA1

51408ccb2074ef28a8f5342074047afa0dfca40f
SHA256

58edd2a0980b15f7fc6c892011751a30c134757142a54c2cedcbba4af2cbf855
SHA512

992621093ecccc2facdad80e28da361f7e6d9fe296d398c061095127f5713a3c18ef6cf971aa7b52d5b1ef87253edf654feb2fc67ad722c89a8195dbb4b8adf9
SSDEEP

49152:jPNi7z6QzqIStJV/GYZ1zkm5BUm9SFadRd:jPNiX6QzqISppZ1zlSUdRd

Score

10^/10

blackbasta persistence ransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\instructions_read_me.txt

Family

blackbasta

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 917af89f-7b90-4dee-89e8-9adb52df735b *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Signatures

Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
ransomware blackbasta
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Detects command variations typically used by ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3028-1-0x0000000002A30000-0x0000000002B14000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3028-3-0x0000000002A30000-0x0000000002B14000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware
behavioral2/memory/3028-4-0x0000000002A30000-0x0000000002B14000-memory.dmp	INDICATOR_SUSPICIOUS_GENRansomware

Renames multiple (4287) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Skype = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe"	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

Drops file in Program Files directory 64 IoCs

Processes:

2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\wintlim.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-16_altform-unplated_contrast-white.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-white.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\SolitaireLiveTileUpdater.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_contrast-high.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\logo.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Text.Encoding.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-black.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-16.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-fullcolor.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\NotebookIconAnimation.ttf	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-48_altform-colorize.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-400.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\instructions_read_me.txt	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square71x71Logo.scale-125.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-72.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\msvcp140_app.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\virtualAgentSmall.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.Common.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-36_altform-lightunplated.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnssci.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AriaWrapper.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\proof.en-us.msi.16.en-us.vreg.dat	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100_contrast-black.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\EnableExport.midi	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File created	C:\Program Files (x86)\Windows Multimedia Platform\instructions_read_me.txt	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Mira.Services.UWP.OopBackgroundTask.winmd	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\instructions_read_me.txt	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\resources.pri	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36_altform-lightunplated.png	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

4880 vssadmin.exe

pid	process
4880	vssadmin.exe

Modifies registry class 3 IoCs

Processes:

2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.y5ht64b6e	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.y5ht64b6e\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fkdjsadasd.ico"	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.y5ht64b6e\DefaultIcon	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 3756 vssvc.exe
Token: SeRestorePrivilege 3756 vssvc.exe
Token: SeAuditPrivilege 3756 vssvc.exe

description	pid	process
Token: SeBackupPrivilege	3756	vssvc.exe
Token: SeRestorePrivilege	3756	vssvc.exe
Token: SeAuditPrivilege	3756	vssvc.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.execmd.exe

description	pid	process	target process
PID 3028 wrote to memory of 4056	3028	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe	cmd.exe
PID 3028 wrote to memory of 4056	3028	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe	cmd.exe
PID 3028 wrote to memory of 4056	3028	2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe	cmd.exe
PID 4056 wrote to memory of 4880	4056	cmd.exe	vssadmin.exe
PID 4056 wrote to memory of 4880	4056	cmd.exe	vssadmin.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-17_4d9374c7352452ff60805fd2026288ef_magniber.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Windows\system32\vssadmin.exe
    C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:4880

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Indicator Removal

2

T1070

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\instructions_read_me.txt

Filesize
1KB

MD5
ad2904845489bf13e65c1f650227bfac

SHA1
7f93e9214faff74dbd506173f1e2afcae5fd603d

SHA256
b01c1765e4d0ebe528ada7933bf0dea86c8a392e3a21b6a25ae51ee79fdd3fb5

SHA512
f3b4f0e1bb660abc435c500ae9876c2143afee8877d428b4103d165593ad546229d63fe9d582900b68655ff56345983bc9a8e35428c2103c65bb2c6f15b0b9c9

Download Submit
memory/3028-0-0x00000000001C0000-0x0000000000383000-memory.dmp

Filesize
1.8MB

Download
memory/3028-1-0x0000000002A30000-0x0000000002B14000-memory.dmp

Filesize
912KB

Download
memory/3028-3-0x0000000002A30000-0x0000000002B14000-memory.dmp

Filesize
912KB

Download
memory/3028-4-0x0000000002A30000-0x0000000002B14000-memory.dmp

Filesize
912KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads