glupteba | b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a

Analysis

max time kernel
0s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23/04/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a.exe
Size

4.2MB
MD5

3ee53b780db8dad93a60422a509a2aa9
SHA1

b541dca1b996d34eb8d9ab2c63dbc4f41b726df0
SHA256

b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a
SHA512

7459ffc01a7d7e22e4e22f6d58325bf40131a5e5581f501b3a541d64c3a1293ccc48d23df083f380d5af09fcd93739dc1afa9ad2f4d6ce1c4f229e916b0d4cd6
SSDEEP

98304:5qdGPkkbrXdSMuO9HY5zkH9t6u095DfLzJg8Yl1VLog:tbrX/ubObB/

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 16 IoCs

resource	yara_rule
behavioral2/memory/2176-2-0x00000000065A0000-0x0000000006E8B000-memory.dmp	family_glupteba
behavioral2/memory/2176-49-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/2136-145-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-239-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-240-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-241-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-250-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-252-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-254-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-256-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-258-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-260-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-262-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-264-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-266-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba
behavioral2/memory/4756-268-0x0000000000400000-0x0000000004427000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
804	netsh.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000200000002aa07-245.dat	upx
behavioral2/memory/2492-248-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1848-251-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1848-255-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3020	sc.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3080	2176	WerFault.exe	79
3924	2136	WerFault.exe	86

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4548	schtasks.exe
1056	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a.exe
"C:\Users\Admin\AppData\Local\Temp\b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a.exe"
1⤵
PID:2176
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:816
- C:\Users\Admin\AppData\Local\Temp\b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a.exe
  "C:\Users\Admin\AppData\Local\Temp\b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a.exe"
  2⤵
  PID:2136
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4628
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:804
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:1636
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:4756
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:408
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:4548
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:804
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:1056
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:2492
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:3396
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:3020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 920
    3⤵
    - Program crash
    PID:3924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 760
  2⤵
  - Program crash
  PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2176 -ip 2176
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2136 -ip 2136
1⤵
PID:492

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mqaglw5h.a5p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
ac4917a885cf6050b1a483e4bc4d2ea5

SHA1
b1c0a9f27bd21c6bbb8e9be70db8777b4a2a640f

SHA256
e39062a62c3c7617feeeff95ea8a0be51104a0d36f46e44eea22556fda74d8d9

SHA512
092c67a3ecae1d187cad72a8ea1ea37cb78a0cf79c2cd7fb88953e5990669a2e871267015762fd46d274badb88ac0c1d73b00f1df7394d89bed48a3a45c2ba3d

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
87af1aa14e3d6237e156d33045e1c867

SHA1
700fe46eafcf7868e6dbb2ded029ab1919d955fd

SHA256
f48f5aa47ea4c5f6cd5f943887ec422330b94e3f4cc13bc70d832564a1af4cb9

SHA512
a135e8f58cb05ddecd4fd0227e93c872079d632e44f95680583c1fc9f66a836bdb1bcfc0b56387fa398e66926b925d9ecfaf871c323d070c05875e04bdcbc2da

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
9a15ba915c7d34b29b3b12e92b42629a

SHA1
8e00949aeaa729af0186c654f3ba3598b0d13183

SHA256
acbdb48ce2ff8e45e52496fef1b46c3cb33edd304039fbac848cdbffced35f27

SHA512
d992ccb0076574644a33bbb4d88b8962b92135f6b3c9ad9c00ebd31fd16f13f373126267a5e9899d1ce94e32f9cecb8081e269610a7a124672fa79d8070a7d1c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
6318b850ba02ceb5814a8235192c6898

SHA1
1371d5c9cdfd34a612b8ebac6f345bd0f75eb8d6

SHA256
0e395268da1c1dfe4b10592ed7ee13223b89c1d0348b74434dc027a7388ed114

SHA512
32b5deac299e0d122ad7338b38274fb790487ed4f8eb7f2e7125ff347ca0018432cb6bae20541a55a6d9c9806d980ec4af90ef3f0361e985183c6a7212711c3e

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
d2d6a91fb9ca1a9538dd2d635d56103f

SHA1
307d314c4fa459ab5c5ebe6125d6c744621d72b3

SHA256
9735fb530a04fecf6dac18ad823a99885b70234d18d2abeb49fbce256232119e

SHA512
90312ebd79a141da112848eaeec2716e6f52f9c32c4d074839c8dfb1e8fbecbbf7661e8315ab8b7735a6d2aa412643b6d71365e3247f16390db5be9a9b7ed1bf

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
fa9c56742d52a533ef72fff90553a020

SHA1
64c83fc39572e0160f7d99c959200848529ea097

SHA256
b5da9b85b93ef4e4a2b016e1d9940300027948bdc39cefde74280a7e98a99476

SHA512
ac6ecba995e6f90e5abf8f92227ed60177998c338632bbee9ee88a2284e9b72afd4b1a132450bbfbbfa88013ebcbcff7972256f8498dbb56602205e261b03224

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
3ee53b780db8dad93a60422a509a2aa9

SHA1
b541dca1b996d34eb8d9ab2c63dbc4f41b726df0

SHA256
b435024076fe67a01d79195fc3b17c44f9a4b2fe5d38739e3ff833f9ae24d26a

SHA512
7459ffc01a7d7e22e4e22f6d58325bf40131a5e5581f501b3a541d64c3a1293ccc48d23df083f380d5af09fcd93739dc1afa9ad2f4d6ce1c4f229e916b0d4cd6

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/816-25-0x0000000070F30000-0x0000000071287000-memory.dmp

Filesize
3.3MB

Download
memory/816-39-0x0000000007190000-0x0000000007226000-memory.dmp

Filesize
600KB

Download
memory/816-20-0x0000000005B30000-0x0000000005B7C000-memory.dmp

Filesize
304KB

Download
memory/816-21-0x0000000006BF0000-0x0000000006C36000-memory.dmp

Filesize
280KB

Download
memory/816-24-0x0000000070DB0000-0x0000000070DFC000-memory.dmp

Filesize
304KB

Download
memory/816-23-0x0000000006EC0000-0x0000000006EF4000-memory.dmp

Filesize
208KB

Download
memory/816-34-0x0000000006F00000-0x0000000006F1E000-memory.dmp

Filesize
120KB

Download
memory/816-35-0x0000000006F20000-0x0000000006FC4000-memory.dmp

Filesize
656KB

Download
memory/816-18-0x00000000056D0000-0x0000000005A27000-memory.dmp

Filesize
3.3MB

Download
memory/816-22-0x000000007F820000-0x000000007F830000-memory.dmp

Filesize
64KB

Download
memory/816-36-0x0000000007690000-0x0000000007D0A000-memory.dmp

Filesize
6.5MB

Download
memory/816-37-0x0000000007040000-0x000000000705A000-memory.dmp

Filesize
104KB

Download
memory/816-38-0x0000000007080000-0x000000000708A000-memory.dmp

Filesize
40KB

Download
memory/816-19-0x0000000005A80000-0x0000000005A9E000-memory.dmp

Filesize
120KB

Download
memory/816-40-0x00000000070B0000-0x00000000070C1000-memory.dmp

Filesize
68KB

Download
memory/816-41-0x00000000070F0000-0x00000000070FE000-memory.dmp

Filesize
56KB

Download
memory/816-42-0x0000000007100000-0x0000000007115000-memory.dmp

Filesize
84KB

Download
memory/816-43-0x0000000007150000-0x000000000716A000-memory.dmp

Filesize
104KB

Download
memory/816-44-0x0000000007170000-0x0000000007178000-memory.dmp

Filesize
32KB

Download
memory/816-47-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/816-9-0x00000000054C0000-0x0000000005526000-memory.dmp

Filesize
408KB

Download
memory/816-8-0x0000000004D70000-0x0000000004DD6000-memory.dmp

Filesize
408KB

Download
memory/816-7-0x0000000004BD0000-0x0000000004BF2000-memory.dmp

Filesize
136KB

Download
memory/816-6-0x0000000004E90000-0x00000000054BA000-memory.dmp

Filesize
6.2MB

Download
memory/816-4-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/816-5-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

Filesize
64KB

Download
memory/816-3-0x0000000000E20000-0x0000000000E56000-memory.dmp

Filesize
216KB

Download
memory/1636-139-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/1636-128-0x0000000071100000-0x0000000071457000-memory.dmp

Filesize
3.3MB

Download
memory/1636-113-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/1636-114-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/1636-112-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/1636-116-0x00000000063D0000-0x0000000006727000-memory.dmp

Filesize
3.3MB

Download
memory/1636-137-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/1636-126-0x000000007FB40000-0x000000007FB50000-memory.dmp

Filesize
64KB

Download
memory/1636-127-0x0000000070EC0000-0x0000000070F0C000-memory.dmp

Filesize
304KB

Download
memory/1848-255-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1848-251-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2136-50-0x00000000049F0000-0x0000000004DF8000-memory.dmp

Filesize
4.0MB

Download
memory/2136-115-0x00000000049F0000-0x0000000004DF8000-memory.dmp

Filesize
4.0MB

Download
memory/2136-145-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/2176-1-0x00000000049F0000-0x0000000004DF2000-memory.dmp

Filesize
4.0MB

Download
memory/2176-49-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/2176-2-0x00000000065A0000-0x0000000006E8B000-memory.dmp

Filesize
8.9MB

Download
memory/2276-109-0x00000000030B0000-0x00000000030C0000-memory.dmp

Filesize
64KB

Download
memory/2276-85-0x00000000030B0000-0x00000000030C0000-memory.dmp

Filesize
64KB

Download
memory/2276-97-0x000000007FC00000-0x000000007FC10000-memory.dmp

Filesize
64KB

Download
memory/2276-111-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/2276-99-0x00000000710C0000-0x0000000071417000-memory.dmp

Filesize
3.3MB

Download
memory/2276-108-0x00000000030B0000-0x00000000030C0000-memory.dmp

Filesize
64KB

Download
memory/2276-98-0x0000000070EC0000-0x0000000070F0C000-memory.dmp

Filesize
304KB

Download
memory/2276-95-0x0000000006090000-0x00000000063E7000-memory.dmp

Filesize
3.3MB

Download
memory/2276-86-0x00000000030B0000-0x00000000030C0000-memory.dmp

Filesize
64KB

Download
memory/2276-84-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/2492-248-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2896-78-0x0000000007EA0000-0x0000000007EB1000-memory.dmp

Filesize
68KB

Download
memory/2896-65-0x0000000070EC0000-0x0000000070F0C000-memory.dmp

Filesize
304KB

Download
memory/2896-66-0x0000000071800000-0x0000000071B57000-memory.dmp

Filesize
3.3MB

Download
memory/2896-82-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/2896-62-0x00000000063C0000-0x0000000006717000-memory.dmp

Filesize
3.3MB

Download
memory/2896-79-0x0000000007EF0000-0x0000000007F05000-memory.dmp

Filesize
84KB

Download
memory/2896-52-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/2896-53-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/2896-63-0x00000000069B0000-0x00000000069FC000-memory.dmp

Filesize
304KB

Download
memory/2896-64-0x000000007F1B0000-0x000000007F1C0000-memory.dmp

Filesize
64KB

Download
memory/2896-76-0x0000000007B80000-0x0000000007C24000-memory.dmp

Filesize
656KB

Download
memory/2896-75-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/2896-77-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/2896-51-0x0000000074B40000-0x00000000752F1000-memory.dmp

Filesize
7.7MB

Download
memory/4756-256-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-250-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-240-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-252-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-254-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-239-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-241-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-258-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-260-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-262-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-264-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-266-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download
memory/4756-268-0x0000000000400000-0x0000000004427000-memory.dmp

Filesize
64.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads