1f6bfb5629e5493cbcb1e5310d6a96df4a1807cfb777d5eaf9cbe7c8adfc0dc0

Analysis

max time kernel
28s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 12:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
Size

24.3MB
MD5

a5fa47a0a605a1b31bbad544fe7c968c
SHA1

958c00935d451cde181348c66f6bfcc13799865b
SHA256

1f6bfb5629e5493cbcb1e5310d6a96df4a1807cfb777d5eaf9cbe7c8adfc0dc0
SHA512

e91e0369019ddf921de18ef372c890e0cc1fdafbee80aa70524f84ea9b9a1ffee738e90ca6d4ac2a6804eaa60e439553e56ad5ec23bff4bd8ec72f1d79c3eaac
SSDEEP

196608:YP0Hj6JigboXZDwqY8a/qVwsEXX1KOgCu3JK1OpZH2SAmGcWqnlv018/g:YPboGX8a/jWWu3cy2D/cWcls1B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 18 IoCs

pid	Process
4344	alg.exe
4080	DiagnosticsHub.StandardCollector.Service.exe
4360	fxssvc.exe
4748	elevation_service.exe
2440	elevation_service.exe
4488	maintenanceservice.exe
3372	msdtc.exe
5044	OSE.EXE
1160	PerceptionSimulationService.exe
4340	perfhost.exe
2840	locator.exe
4460	SensorDataService.exe
3168	snmptrap.exe
4632	spectrum.exe
3720	ssh-agent.exe
4332	TieringEngineService.exe
1712	AgentService.exe
4960	vds.exe

Drops file in System32 directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\AgentService.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d9ae9fcb3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\system32\spectrum.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Windows\System32\vds.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1600	2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
Token: SeAuditPrivilege	4360	fxssvc.exe
Token: SeRestorePrivilege	4332	TieringEngineService.exe
Token: SeManageVolumePrivilege	4332	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1712	AgentService.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-24_a5fa47a0a605a1b31bbad544fe7c968c_magniber_revil_zxxz.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1600

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4344

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1916

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2440

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4488

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3372

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:5044

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1160

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4340

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2840

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4460

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3168

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4632

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:908

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4332

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1712

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
7d056f828a93c4ddab8fa270e79ee0cf

SHA1
f940f77e1261ad0f96f7e8532fd9b2a1f9f76b3e

SHA256
d63a8c995cb8619f185df5dce16db38526f212ea7bf19bb93425480369f8a3b5

SHA512
273544e24973413248add4a43790dd0079971a5f89220419eefe331f55dd999b7656b96ef61e2afe80978c757cc0bde1fad7d68164ded9fb52435b4cf5e23d47

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
81eb5e5283c27fc58b6549a4f6f522fe

SHA1
ecc08fd2b84fa594c620968586b7e9e045fd33d9

SHA256
031865d7dcf15bf91420352083abdb85c459f2b21f4fc3fa883f5ca096c38f49

SHA512
8a71684054c3b9de777293032d39c655890309d543f78ec79d4d1bc6ffe948e12547b9a5ac680355069e42ce17ae62da04c4cdeaf217b226917668232955a1c9

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
59f48df23b615b6990f73f096c1fb0b7

SHA1
a75a281158a496998db0c847aa3bc700b3a353bd

SHA256
48283b1406a8c3248950cf759c3c684f20e66945f0f2763e5be68061a41bd92b

SHA512
d66e1cd32c8746f969e7174c872d0f78daaaec560a24a38c2a955d44aeb9106e5c597579f120a7cfab14a24ff717d855de6aa3304477585d2b664c70c385e289

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
74a0db207a1ed6d823ae66b9742d8389

SHA1
bbd781ff2874038034ee874deb7a88291636b71b

SHA256
930f36e2d8bdeede67909615297110c51126db7aa8a1cbd4a40d98b657a1d324

SHA512
f3d2adae7fa7ad883da13b346232eda0834fe808765ca615d45f6ee662885702e66453efc27c2b10d4ad051950f1f2674372c2cc577b604203d6c03866d63c91

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
7f2cc842543d9c1385c95195a5fd334f

SHA1
d080c680bdf5927210ef43712bab4045ee148856

SHA256
b83369324669b3e3586bb7529e2c020145aa344d135f07809db6fad2a8024274

SHA512
044da721cc4e2312665e3fb83afcd93a67397c42e1583f21a3603e43f3c111d75c5ea6c76814e3f92ae5ece0dfb77a58793d8378d77d143b86da0cb139125f27

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
3fd9479408f5ceb2efe3f4fc4bd955db

SHA1
79687f87e11cb99d5e5518414b79f238bf7ff6cb

SHA256
50f73027b82bd21617ac08aa6168c774dcdd7aa7b03b0c8efe5bcc96e6e56c43

SHA512
28863d77ec526c5c1d59e9dd7e8a4b1b7c7ccfb50fc131f169e2bd11ebca1cf49e010a841b399c62a88aa6414efc94d877b088c2d60c8f07772545c9d106d1ca

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
0f69e99dfbc4a0f1af8021f31cd2f8b8

SHA1
5fd5aee6d121b245754b4e567f525ecae12ff8df

SHA256
738144afb9ff449eeefac7b2ca833afa9f5c9fc24a9f970637e42ff574b67564

SHA512
519290c59bd5158dee3777a1ce0f44947a7f70c3779d4291a05ac4a86bf1fc771daefc365fa5ef36e2384f30dfd8d37a813774208e90cd7ba7d444a8aa2581f0

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
79a4a3d68e130030c810c9b2ce255069

SHA1
ee859089022adcb41d96727a29cf26e3720a6f98

SHA256
e5ca6335a99efdbf976e9eadd40c75f5f8ef454116f6be7d773503ec647a1bd4

SHA512
b1912126fa0eda1a8d9b5f0158e84ea958d7d353dcbe69d1d13e589c00fdad8b06f0fe620e5aad79e99cae7c13cd04dbf8b219e0f7b8f0ea41a7968ae4c5d5ba

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
eb51cb5e935a011b0181f40df922ef31

SHA1
c1d7e75854a0086bb6305d1d7176e18d8937198c

SHA256
4d1b8cecadb92f5a3ae1942bd6046f3997a737eda5864d47a744042d1c9cce89

SHA512
3ecc535b688ca6c75d84e6585c184908a819deb520acfd0052673933528a43f96f6b6cb4eb5f84e993e5076751b29d9728e5febe533b396181cd01a3c67f7212

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
3155012c39494400cc264cb737aa5a5e

SHA1
f15eceb510dcd4aa1bbfac1ee35612f5f0282102

SHA256
a9fe4d401ea5e7c894fe72e681c92841afdc1b3c4bd929a092364be44c29b5e0

SHA512
ce9b58cc46e91504629cc32f5993b42b20c6fe58aa9da0ef1f4481d0c86581022b8e6f1e861fd85696d724ebe6d782f7aa44080a1efbd414cf07deacf14f32b6

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
ffadc167086042f25837ca9c5d1c6f3d

SHA1
73807ecc6bccee9eaa2d71356239dc561bff05e2

SHA256
db2c84f84de92ea12dab31d88fd8dbc6ac44856cc2c0d9e0fc17c1912e989279

SHA512
dd748de25a9c0702f22027c98311b771ccd06170cc3331b895fac4378f26b7b33140ac584d4894f08bf2ede5c99897b203205185f1d15c8cef9b4cfe0b7c67f4

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
484cb9e5033383891e7bf83ea452c8de

SHA1
ba038fd9afa19d2c9b444befbe68099a1e694112

SHA256
d0d15ed6ac092cca6858b708cfe93237f79bbabed6702c09f2589a6d3eefc510

SHA512
44146c4d4fa6117f5649f31bdb3f18acf35f666415b0a6a185a0b180b6528a30e1e8662f0081e0f530437ac63573cfb0f5ef01d0bb56b3bc13b020bcc70fe328

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
ad2bdb3ff508149c8137e4f77c0c02f0

SHA1
c95c64a0be0f23e40bcd9f497a9913cd9b436272

SHA256
dc09cbd9f20ff0a0711c61b477c5f66ca91af7c5c33e377411cea9fad2d2cbe8

SHA512
c268b5cfd9ba3a2bfb46f4761c479f644d00b46a42d44186ebbcc91fa9d7dabc2f20dc123e37d8d331c60d5e26b5399d470258db49805c84467db9e33ee2e912

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
dc34d9bcbd1331708e88bd73c32eade4

SHA1
e74fed240b831fd688d4c63d51d0562acea25333

SHA256
4f35359bfff58be375ed35b2b7ca7fac0e510d3ac689b764863682b47aa419a9

SHA512
25b2bd05fc008e90eedaabbc669c4038bb2e3cc0caf45a9fe9b6e885665a4638854ee20cd5337fb49201fe27773f393d9ea0b126e6e2dfe0259828535d347b1c

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
d73308191bb457e06ab250fbc7346e84

SHA1
3a393dadaee60b02b637445644fdc98074ab12dc

SHA256
ffbf89c6622d6c2e6233a58757f7cb623ccc87dd780b5941cef5a0eaa2a5ac4c

SHA512
bc9eeae310b09cd5567dcc6a3e827dc9ffe9b662108a99d910aa802a21a478d323eab037cc81174514c76d72eef643f74bc98cb114ffa5df40b9c0fbfc5de15a

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
bb714e1d087e613a82002e006333cdcc

SHA1
9d45086546bf8e3e7f7f879bfa1e9232b26cfb92

SHA256
66dab60f6dec3328187f3a46b845c1a359b27fe9d2be2829f28a9fb7a2395869

SHA512
273996083e6ebdba32a4e53dce29aca9f8e17f93673702dc5a8da89bf0ea993e0f0a1b5037299a27064ce131d9719f0f441193bf82d274ab5739180b4963d2f5

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
d7b8b06b1e22bee136c31a5a5db1e4f9

SHA1
f368983f137db82c1b68a30dc159ee0397188667

SHA256
8efb89193e32cdb432afae2b1ab1b4231069d19e527570b43503ec21a55167f0

SHA512
15993a9759e980c6d27d63a10065bec4e783b5d39e2afd42bcf8bd1ff47eda22edd533ccd58111cc630bf2642453c467f78817992621d4611354ab239cf13b46

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
abff8e6048d3ad4d7cb2f3a3c011935f

SHA1
636fa07ef47c2d6ea128b224b721c633cb6a11f1

SHA256
c07a5dd3791d8e8c76d46f7d0417970e9463190ee133b9e35fd8ca10afc1ef3d

SHA512
3c1dfbbe2afed29aafeb4d964fa4ceba8f62f91ff7a90089bd609e1784613e3e212f38883375ff17c809ea3ec187b0b25b23e957f1e0c96912be2c771cce57f8

Download Submit
memory/1160-184-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/1160-130-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/1160-121-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/1600-0-0x0000000000400000-0x0000000001EFA000-memory.dmp

Filesize
27.0MB

Download
memory/1600-66-0x0000000000400000-0x0000000001EFA000-memory.dmp

Filesize
27.0MB

Download
memory/1600-6-0x0000000003D70000-0x0000000003DD7000-memory.dmp

Filesize
412KB

Download
memory/1600-1-0x0000000003D70000-0x0000000003DD7000-memory.dmp

Filesize
412KB

Download
memory/1712-240-0x00000000007A0000-0x0000000000800000-memory.dmp

Filesize
384KB

Download
memory/1712-239-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1712-227-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1712-234-0x00000000007A0000-0x0000000000800000-memory.dmp

Filesize
384KB

Download
memory/2440-61-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2440-70-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2440-133-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/2440-68-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/2840-212-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/2840-154-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/2840-146-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3168-180-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/3168-242-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3168-173-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3372-93-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/3372-157-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/3372-92-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/3372-100-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/3720-209-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/3720-200-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/3720-258-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/4080-25-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/4080-32-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/4080-26-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4080-91-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4332-221-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4332-214-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/4340-140-0x00000000007B0000-0x0000000000817000-memory.dmp

Filesize
412KB

Download
memory/4340-207-0x00000000007B0000-0x0000000000817000-memory.dmp

Filesize
412KB

Download
memory/4340-198-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4340-134-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4344-11-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4344-19-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4344-74-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4344-13-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4360-43-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/4360-36-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4360-37-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/4360-49-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4360-45-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/4460-167-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/4460-256-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4460-159-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4460-257-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/4460-225-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4488-89-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/4488-83-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/4488-86-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/4488-75-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/4488-77-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/4632-253-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4632-193-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/4632-185-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4748-57-0x0000000000910000-0x0000000000970000-memory.dmp

Filesize
384KB

Download
memory/4748-51-0x0000000000910000-0x0000000000970000-memory.dmp

Filesize
384KB

Download
memory/4748-50-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4748-120-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4960-244-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4960-250-0x0000000000B80000-0x0000000000BE0000-memory.dmp

Filesize
384KB

Download
memory/5044-106-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/5044-171-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/5044-114-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads