metasploit | 2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
Size

529KB
MD5

fbb58548bfeccd6a4527afe7c54dfb40
SHA1

f405d936bfb4765a9dbfcf4f658b097aafdeef6e
SHA256

2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca
SHA512

9e55ae83a08b12da9cd17cdcf01f2cd12ae9064c4d899f9086bd049764a83a21ce5d18274eb612fea357eca652c44b85ab1996c537b34809884bac4375490db1
SSDEEP

12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZZZZZZZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETOp

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Executes dropped EXE 10 IoCs

Processes:

csrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.exe

pid process

2156 csrs.exe
576 csrs.exe
3000 csrs.exe
3012 csrs.exe
1980 csrs.exe
2264 csrs.exe
276 csrs.exe
2324 csrs.exe
928 csrs.exe
2628 csrs.exe

pid	process
2156	csrs.exe
576	csrs.exe
3000	csrs.exe
3012	csrs.exe
1980	csrs.exe
2264	csrs.exe
276	csrs.exe
2324	csrs.exe
928	csrs.exe
2628	csrs.exe

Identifies Wine through registry keys 2 TTPs 11 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

csrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.exefbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.execsrs.execsrs.execsrs.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe
Key opened	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Wine	csrs.exe

Loads dropped DLL 20 IoCs

Processes:

fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.exe

pid	process
2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
2156	csrs.exe
2156	csrs.exe
576	csrs.exe
576	csrs.exe
3000	csrs.exe
3000	csrs.exe
3012	csrs.exe
3012	csrs.exe
1980	csrs.exe
1980	csrs.exe
2264	csrs.exe
2264	csrs.exe
276	csrs.exe
276	csrs.exe
2324	csrs.exe
2324	csrs.exe
928	csrs.exe
928	csrs.exe

Drops file in System32 directory 22 IoCs

Processes:

csrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.exefbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File created	C:\Windows\SysWOW64\csrs.exe	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe
File opened for modification	C:\Windows\SysWOW64\csrs.exe	csrs.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.execsrs.exe

description	pid	process	target process
PID 2184 wrote to memory of 2156	2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe	csrs.exe
PID 2184 wrote to memory of 2156	2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe	csrs.exe
PID 2184 wrote to memory of 2156	2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe	csrs.exe
PID 2184 wrote to memory of 2156	2184	fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe	csrs.exe
PID 2156 wrote to memory of 576	2156	csrs.exe	csrs.exe
PID 2156 wrote to memory of 576	2156	csrs.exe	csrs.exe
PID 2156 wrote to memory of 576	2156	csrs.exe	csrs.exe
PID 2156 wrote to memory of 576	2156	csrs.exe	csrs.exe
PID 576 wrote to memory of 3000	576	csrs.exe	csrs.exe
PID 576 wrote to memory of 3000	576	csrs.exe	csrs.exe
PID 576 wrote to memory of 3000	576	csrs.exe	csrs.exe
PID 576 wrote to memory of 3000	576	csrs.exe	csrs.exe
PID 3000 wrote to memory of 3012	3000	csrs.exe	csrs.exe
PID 3000 wrote to memory of 3012	3000	csrs.exe	csrs.exe
PID 3000 wrote to memory of 3012	3000	csrs.exe	csrs.exe
PID 3000 wrote to memory of 3012	3000	csrs.exe	csrs.exe
PID 3012 wrote to memory of 1980	3012	csrs.exe	csrs.exe
PID 3012 wrote to memory of 1980	3012	csrs.exe	csrs.exe
PID 3012 wrote to memory of 1980	3012	csrs.exe	csrs.exe
PID 3012 wrote to memory of 1980	3012	csrs.exe	csrs.exe
PID 1980 wrote to memory of 2264	1980	csrs.exe	csrs.exe
PID 1980 wrote to memory of 2264	1980	csrs.exe	csrs.exe
PID 1980 wrote to memory of 2264	1980	csrs.exe	csrs.exe
PID 1980 wrote to memory of 2264	1980	csrs.exe	csrs.exe
PID 2264 wrote to memory of 276	2264	csrs.exe	csrs.exe
PID 2264 wrote to memory of 276	2264	csrs.exe	csrs.exe
PID 2264 wrote to memory of 276	2264	csrs.exe	csrs.exe
PID 2264 wrote to memory of 276	2264	csrs.exe	csrs.exe
PID 276 wrote to memory of 2324	276	csrs.exe	csrs.exe
PID 276 wrote to memory of 2324	276	csrs.exe	csrs.exe
PID 276 wrote to memory of 2324	276	csrs.exe	csrs.exe
PID 276 wrote to memory of 2324	276	csrs.exe	csrs.exe
PID 2324 wrote to memory of 928	2324	csrs.exe	csrs.exe
PID 2324 wrote to memory of 928	2324	csrs.exe	csrs.exe
PID 2324 wrote to memory of 928	2324	csrs.exe	csrs.exe
PID 2324 wrote to memory of 928	2324	csrs.exe	csrs.exe
PID 928 wrote to memory of 2628	928	csrs.exe	csrs.exe
PID 928 wrote to memory of 2628	928	csrs.exe	csrs.exe
PID 928 wrote to memory of 2628	928	csrs.exe	csrs.exe
PID 928 wrote to memory of 2628	928	csrs.exe	csrs.exe

C:\Users\Admin\AppData\Local\Temp\fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2184

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 700 "C:\Users\Admin\AppData\Local\Temp\fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118.exe"
2⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2156

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 684 "C:\Windows\SysWOW64\csrs.exe"
3⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:576

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 692 "C:\Windows\SysWOW64\csrs.exe"
4⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3000

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 688 "C:\Windows\SysWOW64\csrs.exe"
5⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3012

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 696 "C:\Windows\SysWOW64\csrs.exe"
6⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1980

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 708 "C:\Windows\SysWOW64\csrs.exe"
7⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2264

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 712 "C:\Windows\SysWOW64\csrs.exe"
8⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:276

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 716 "C:\Windows\SysWOW64\csrs.exe"
9⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2324

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 724 "C:\Windows\SysWOW64\csrs.exe"
10⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:928

C:\Windows\SysWOW64\csrs.exe
C:\Windows\system32\csrs.exe 720 "C:\Windows\SysWOW64\csrs.exe"
11⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Drops file in System32 directory
PID:2628

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\csrs.exe
Filesize
529KB

MD5
fbb58548bfeccd6a4527afe7c54dfb40

SHA1
f405d936bfb4765a9dbfcf4f658b097aafdeef6e

SHA256
2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca

SHA512
9e55ae83a08b12da9cd17cdcf01f2cd12ae9064c4d899f9086bd049764a83a21ce5d18274eb612fea357eca652c44b85ab1996c537b34809884bac4375490db1

Download Submit
memory/276-186-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/276-192-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/576-77-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/576-69-0x0000000003D00000-0x0000000003D01000-memory.dmp

Filesize
4KB

Download
memory/576-56-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/576-54-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/576-76-0x0000000004950000-0x0000000004B28000-memory.dmp

Filesize
1.8MB

Download
memory/576-74-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

Filesize
4KB

Download
memory/576-71-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/576-65-0x0000000003D40000-0x0000000003D42000-memory.dmp

Filesize
8KB

Download
memory/576-66-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

Filesize
4KB

Download
memory/576-67-0x0000000003DC0000-0x0000000003DC1000-memory.dmp

Filesize
4KB

Download
memory/576-68-0x0000000003DB0000-0x0000000003DB2000-memory.dmp

Filesize
8KB

Download
memory/576-57-0x0000000003DD0000-0x0000000003DD2000-memory.dmp

Filesize
8KB

Download
memory/576-70-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/576-63-0x0000000003D50000-0x0000000003D51000-memory.dmp

Filesize
4KB

Download
memory/576-64-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/576-60-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/576-62-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

Filesize
4KB

Download
memory/576-58-0x0000000003DE0000-0x0000000003DE1000-memory.dmp

Filesize
4KB

Download
memory/576-61-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

Filesize
4KB

Download
memory/576-59-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/928-230-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/1980-148-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/1980-141-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-28-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-40-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/2156-39-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2156-38-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/2156-37-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2156-35-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2156-34-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/2156-33-0x0000000003DC0000-0x0000000003DC1000-memory.dmp

Filesize
4KB

Download
memory/2156-32-0x0000000003DB0000-0x0000000003DB2000-memory.dmp

Filesize
8KB

Download
memory/2156-31-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-46-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-48-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2156-50-0x0000000004AF0000-0x0000000004CC8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-52-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-41-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

Filesize
4KB

Download
memory/2156-53-0x0000000004AF0000-0x0000000004CC8000-memory.dmp

Filesize
1.8MB

Download
memory/2156-42-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

Filesize
4KB

Download
memory/2156-43-0x0000000003D90000-0x0000000003D92000-memory.dmp

Filesize
8KB

Download
memory/2156-44-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

Filesize
4KB

Download
memory/2156-45-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/2156-36-0x0000000003E10000-0x0000000003E11000-memory.dmp

Filesize
4KB

Download
memory/2184-3-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

Filesize
4KB

Download
memory/2184-8-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/2184-20-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2184-19-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/2184-1-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2184-2-0x0000000003DE0000-0x0000000003DE2000-memory.dmp

Filesize
8KB

Download
memory/2184-29-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2184-4-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/2184-5-0x0000000003D40000-0x0000000003D41000-memory.dmp

Filesize
4KB

Download
memory/2184-6-0x0000000003E00000-0x0000000003E01000-memory.dmp

Filesize
4KB

Download
memory/2184-7-0x0000000003C90000-0x0000000003C91000-memory.dmp

Filesize
4KB

Download
memory/2184-11-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

Filesize
4KB

Download
memory/2184-9-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/2184-10-0x0000000003D00000-0x0000000003D02000-memory.dmp

Filesize
8KB

Download
memory/2184-15-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

Filesize
4KB

Download
memory/2184-0-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2184-12-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

Filesize
4KB

Download
memory/2184-14-0x0000000003D80000-0x0000000003D82000-memory.dmp

Filesize
8KB

Download
memory/2184-13-0x0000000003DD0000-0x0000000003DD1000-memory.dmp

Filesize
4KB

Download
memory/2264-164-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/2324-207-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/3000-79-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/3000-94-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/3000-83-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/3000-84-0x0000000003E00000-0x0000000003E01000-memory.dmp

Filesize
4KB

Download
memory/3000-85-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/3000-82-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/3000-80-0x0000000003DE0000-0x0000000003DE2000-memory.dmp

Filesize
8KB

Download
memory/3000-81-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

Filesize
4KB

Download
memory/3000-78-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/3012-118-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/3012-124-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads