metasploit | 032201b193518134e290da8a9e8583f19a08b6ad8f51a3e8ff709a10dd8eb359

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
Size

1.3MB
MD5

fb203d24beb6e6501aa7e3433e9ca60e
SHA1

96c7caeda68cc87e74e668408112d0a85b49a5eb
SHA256

032201b193518134e290da8a9e8583f19a08b6ad8f51a3e8ff709a10dd8eb359
SHA512

6d131dafe0099df2cb4902e745a77ca7e882b0de89ec97d0ef1efdca9b822ff09f2cbd40fddca79c157343eff98a36631a66dc3cec90163ea6426ba92e268b0c
SSDEEP

24576:t2+gMsqI5kLRBnQf7JI2QKUOQrNiu14R/BNOXGznJ/QYD:t1gPqRtQf7m/KUtrzIvZ

Score

10^/10

metasploit backdoor themida trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 10 IoCs

Processes:

psconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exe

pid	process
2632	psconfig.exe
2688	psconfig.exe
2404	psconfig.exe
912	psconfig.exe
3056	psconfig.exe
2620	psconfig.exe
1084	psconfig.exe
2004	psconfig.exe
856	psconfig.exe
2132	psconfig.exe

Loads dropped DLL 20 IoCs

Processes:

fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exe

pid	process
2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
2632	psconfig.exe
2632	psconfig.exe
2688	psconfig.exe
2688	psconfig.exe
2404	psconfig.exe
2404	psconfig.exe
912	psconfig.exe
912	psconfig.exe
3056	psconfig.exe
3056	psconfig.exe
2620	psconfig.exe
2620	psconfig.exe
1084	psconfig.exe
1084	psconfig.exe
2004	psconfig.exe
2004	psconfig.exe
856	psconfig.exe
856	psconfig.exe

Themida packer 20 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
\Windows\SysWOW64\psconfig.exe	themida
behavioral1/memory/2224-3-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2224-25-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2632-30-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2632-43-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2632-51-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2688-55-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2688-67-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2688-73-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2404-76-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2404-89-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/912-112-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/912-117-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/3056-134-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2620-158-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2620-167-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/1084-181-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/2004-203-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/856-227-0x0000000000400000-0x000000000074A000-memory.dmp	themida
behavioral1/memory/856-232-0x0000000000400000-0x000000000074A000-memory.dmp	themida

Drops file in System32 directory 22 IoCs

Processes:

psconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exefb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exepsconfig.exepsconfig.exe

description	ioc	process
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File created	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe
File opened for modification	C:\Windows\SysWOW64\psconfig.exe	psconfig.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exe

pid	process
2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
2632	psconfig.exe
2688	psconfig.exe
2404	psconfig.exe
912	psconfig.exe
3056	psconfig.exe
2620	psconfig.exe
1084	psconfig.exe
2004	psconfig.exe
856	psconfig.exe
2132	psconfig.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exepsconfig.exe

description	pid	process	target process
PID 2224 wrote to memory of 2632	2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe	psconfig.exe
PID 2224 wrote to memory of 2632	2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe	psconfig.exe
PID 2224 wrote to memory of 2632	2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe	psconfig.exe
PID 2224 wrote to memory of 2632	2224	fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe	psconfig.exe
PID 2632 wrote to memory of 2688	2632	psconfig.exe	psconfig.exe
PID 2632 wrote to memory of 2688	2632	psconfig.exe	psconfig.exe
PID 2632 wrote to memory of 2688	2632	psconfig.exe	psconfig.exe
PID 2632 wrote to memory of 2688	2632	psconfig.exe	psconfig.exe
PID 2688 wrote to memory of 2404	2688	psconfig.exe	psconfig.exe
PID 2688 wrote to memory of 2404	2688	psconfig.exe	psconfig.exe
PID 2688 wrote to memory of 2404	2688	psconfig.exe	psconfig.exe
PID 2688 wrote to memory of 2404	2688	psconfig.exe	psconfig.exe
PID 2404 wrote to memory of 912	2404	psconfig.exe	psconfig.exe
PID 2404 wrote to memory of 912	2404	psconfig.exe	psconfig.exe
PID 2404 wrote to memory of 912	2404	psconfig.exe	psconfig.exe
PID 2404 wrote to memory of 912	2404	psconfig.exe	psconfig.exe
PID 912 wrote to memory of 3056	912	psconfig.exe	psconfig.exe
PID 912 wrote to memory of 3056	912	psconfig.exe	psconfig.exe
PID 912 wrote to memory of 3056	912	psconfig.exe	psconfig.exe
PID 912 wrote to memory of 3056	912	psconfig.exe	psconfig.exe
PID 3056 wrote to memory of 2620	3056	psconfig.exe	psconfig.exe
PID 3056 wrote to memory of 2620	3056	psconfig.exe	psconfig.exe
PID 3056 wrote to memory of 2620	3056	psconfig.exe	psconfig.exe
PID 3056 wrote to memory of 2620	3056	psconfig.exe	psconfig.exe
PID 2620 wrote to memory of 1084	2620	psconfig.exe	psconfig.exe
PID 2620 wrote to memory of 1084	2620	psconfig.exe	psconfig.exe
PID 2620 wrote to memory of 1084	2620	psconfig.exe	psconfig.exe
PID 2620 wrote to memory of 1084	2620	psconfig.exe	psconfig.exe
PID 1084 wrote to memory of 2004	1084	psconfig.exe	psconfig.exe
PID 1084 wrote to memory of 2004	1084	psconfig.exe	psconfig.exe
PID 1084 wrote to memory of 2004	1084	psconfig.exe	psconfig.exe
PID 1084 wrote to memory of 2004	1084	psconfig.exe	psconfig.exe
PID 2004 wrote to memory of 856	2004	psconfig.exe	psconfig.exe
PID 2004 wrote to memory of 856	2004	psconfig.exe	psconfig.exe
PID 2004 wrote to memory of 856	2004	psconfig.exe	psconfig.exe
PID 2004 wrote to memory of 856	2004	psconfig.exe	psconfig.exe
PID 856 wrote to memory of 2132	856	psconfig.exe	psconfig.exe
PID 856 wrote to memory of 2132	856	psconfig.exe	psconfig.exe
PID 856 wrote to memory of 2132	856	psconfig.exe	psconfig.exe
PID 856 wrote to memory of 2132	856	psconfig.exe	psconfig.exe

C:\Users\Admin\AppData\Local\Temp\fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 652 "C:\Users\Admin\AppData\Local\Temp\fb203d24beb6e6501aa7e3433e9ca60e_JaffaCakes118.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2632

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 708 "C:\Windows\SysWOW64\psconfig.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2688

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 712 "C:\Windows\SysWOW64\psconfig.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2404

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 716 "C:\Windows\SysWOW64\psconfig.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:912

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 720 "C:\Windows\SysWOW64\psconfig.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 724 "C:\Windows\SysWOW64\psconfig.exe"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2620

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 728 "C:\Windows\SysWOW64\psconfig.exe"
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1084

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 736 "C:\Windows\SysWOW64\psconfig.exe"
9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2004

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 732 "C:\Windows\SysWOW64\psconfig.exe"
10⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:856

C:\Windows\SysWOW64\psconfig.exe
C:\Windows\system32\psconfig.exe 756 "C:\Windows\SysWOW64\psconfig.exe"
11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2132

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\psconfig.exe
Filesize
1.3MB

MD5
fb203d24beb6e6501aa7e3433e9ca60e

SHA1
96c7caeda68cc87e74e668408112d0a85b49a5eb

SHA256
032201b193518134e290da8a9e8583f19a08b6ad8f51a3e8ff709a10dd8eb359

SHA512
6d131dafe0099df2cb4902e745a77ca7e882b0de89ec97d0ef1efdca9b822ff09f2cbd40fddca79c157343eff98a36631a66dc3cec90163ea6426ba92e268b0c

Download Submit
memory/856-227-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/856-232-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/912-117-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/912-112-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/1084-181-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2004-203-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2224-26-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/2224-15-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/2224-1-0x0000000001F80000-0x0000000002061000-memory.dmp

Filesize
900KB

Download
memory/2224-4-0x00000000044B0000-0x00000000044B1000-memory.dmp

Filesize
4KB

Download
memory/2224-9-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/2224-21-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2224-10-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/2224-24-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2224-8-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download
memory/2224-25-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2224-11-0x00000000042C0000-0x00000000042C2000-memory.dmp

Filesize
8KB

Download
memory/2224-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2224-2-0x00000000044A0000-0x00000000044A2000-memory.dmp

Filesize
8KB

Download
memory/2224-23-0x0000000004480000-0x0000000004482000-memory.dmp

Filesize
8KB

Download
memory/2224-12-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/2224-49-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/2224-13-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2404-79-0x0000000004460000-0x0000000004461000-memory.dmp

Filesize
4KB

Download
memory/2404-81-0x00000000042D0000-0x00000000042D1000-memory.dmp

Filesize
4KB

Download
memory/2404-89-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2404-85-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/2404-84-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download
memory/2404-83-0x00000000042C0000-0x00000000042C1000-memory.dmp

Filesize
4KB

Download
memory/2404-82-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/2404-75-0x00000000044B0000-0x00000000044B2000-memory.dmp

Filesize
8KB

Download
memory/2404-80-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/2404-74-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2404-78-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download
memory/2404-77-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2404-76-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2620-167-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2620-158-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2632-28-0x00000000044A0000-0x00000000044A2000-memory.dmp

Filesize
8KB

Download
memory/2632-38-0x00000000042D0000-0x00000000042D1000-memory.dmp

Filesize
4KB

Download
memory/2632-27-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2632-30-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2632-31-0x00000000044B0000-0x00000000044B1000-memory.dmp

Filesize
4KB

Download
memory/2632-32-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download
memory/2632-33-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/2632-35-0x00000000042E0000-0x00000000042E1000-memory.dmp

Filesize
4KB

Download
memory/2632-36-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2632-34-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/2632-37-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/2632-40-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2632-39-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/2632-41-0x0000000004480000-0x0000000004482000-memory.dmp

Filesize
8KB

Download
memory/2632-42-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/2632-43-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2632-51-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2632-50-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2632-47-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2632-48-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/2688-66-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/2688-65-0x0000000004480000-0x0000000004482000-memory.dmp

Filesize
8KB

Download
memory/2688-72-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/2688-73-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2688-71-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2688-67-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2688-55-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/2688-56-0x00000000044B0000-0x00000000044B1000-memory.dmp

Filesize
4KB

Download
memory/2688-54-0x00000000044A0000-0x00000000044A2000-memory.dmp

Filesize
8KB

Download
memory/2688-52-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2688-59-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/2688-58-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/2688-57-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download
memory/2688-60-0x0000000004420000-0x0000000004421000-memory.dmp

Filesize
4KB

Download
memory/2688-61-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/2688-62-0x00000000042C0000-0x00000000042C1000-memory.dmp

Filesize
4KB

Download
memory/2688-63-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2688-64-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/3056-134-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads