tinba | 94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453

General

Target

94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
Size

58KB
MD5

9bd3bfce8e1973af91d13feb3be527d5
SHA1

f814778b573db33dac3b13fa7435aec1650189a4
SHA256

94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453
SHA512

dd504fb9d791ba061df11828619cf903caec72d241883748dc409ecf6a22fdeffa3b738348a84d0f715c0c8214b51e1e754258acbb53d8ff2ba39f0384c7dcad
SSDEEP

768:+NMbiFKoELVxrcCsUmWkpbrD7GpxkTIzQMBIm6aNGyUwq9JaTovtebSo:+WBoEcCsUVEbr+BZG1CutY

Score

10^/10

tinba banker persistence trojan

Malware Config

Signatures

Tinba / TinyBanker
Banking trojan which uses packet sniffing to steal data.
trojan banker tinba

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

winver.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5A9F9B0F = "C:\\Users\\Admin\\AppData\\Roaming\\5A9F9B0F\\bin.exe"	winver.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe

description	pid	process	target process
PID 3248 set thread context of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

winver.exe

pid	process
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe
4084	winver.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Explorer.EXERuntimeBroker.exe

description	pid	process
Token: SeShutdownPrivilege	3300	Explorer.EXE
Token: SeCreatePagefilePrivilege	3300	Explorer.EXE
Token: SeShutdownPrivilege	1076	RuntimeBroker.exe
Token: SeShutdownPrivilege	1076	RuntimeBroker.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

winver.exe

pid process

4084 winver.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe

pid process

3248 94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe

pid	process
3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exewinver.exemsedge.exe

description	pid	process	target process
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 3248 wrote to memory of 2388	3248	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
PID 2388 wrote to memory of 4084	2388	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	winver.exe
PID 2388 wrote to memory of 4084	2388	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	winver.exe
PID 2388 wrote to memory of 4084	2388	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	winver.exe
PID 2388 wrote to memory of 4084	2388	94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe	winver.exe
PID 4084 wrote to memory of 3300	4084	winver.exe	Explorer.EXE
PID 4084 wrote to memory of 2396	4084	winver.exe	svchost.exe
PID 4084 wrote to memory of 2404	4084	winver.exe	sihost.exe
PID 4084 wrote to memory of 2508	4084	winver.exe	taskhostw.exe
PID 4084 wrote to memory of 3300	4084	winver.exe	Explorer.EXE
PID 4084 wrote to memory of 3696	4084	winver.exe	svchost.exe
PID 4084 wrote to memory of 3892	4084	winver.exe	DllHost.exe
PID 4084 wrote to memory of 4036	4084	winver.exe	StartMenuExperienceHost.exe
PID 4084 wrote to memory of 1076	4084	winver.exe	RuntimeBroker.exe
PID 4084 wrote to memory of 3416	4084	winver.exe	SearchApp.exe
PID 4084 wrote to memory of 4164	4084	winver.exe	RuntimeBroker.exe
PID 4084 wrote to memory of 4648	4084	winver.exe	RuntimeBroker.exe
PID 4084 wrote to memory of 4708	4084	winver.exe	TextInputHost.exe
PID 4084 wrote to memory of 4508	4084	winver.exe	RuntimeBroker.exe
PID 4084 wrote to memory of 684	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 2496	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 2280	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 408	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 3436	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 2524	4084	winver.exe	msedge.exe
PID 4084 wrote to memory of 4288	4084	winver.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe
PID 684 wrote to memory of 3280	684	msedge.exe	msedge.exe

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2396

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2404

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2508

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3300

C:\Users\Admin\AppData\Local\Temp\94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
"C:\Users\Admin\AppData\Local\Temp\94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3248

C:\Users\Admin\AppData\Local\Temp\94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe
"C:\Users\Admin\AppData\Local\Temp\94d84e695f60919090f263bffda5613610ffdf97a2e9b4e40d176b462be5d453.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:2388

C:\Windows\SysWOW64\winver.exe
winver
4⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3696

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3892

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4036

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1076

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3416

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4648

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
1⤵
PID:4708

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Suspicious use of WriteProcessMemory
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2f4,0x7ffd3b3c2e98,0x7ffd3b3c2ea4,0x7ffd3b3c2eb0
2⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2276 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:2
2⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3220 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:3
2⤵
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3480 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5312 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
2⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5324 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
2⤵
PID:3280

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e1acba25e664db4f5b29a4f53d733a42

SHA1
3372c405dc21ae7e061e947176041b3414b52818

SHA256
40b699f4d64261b9802580be4e723fed50af6e081a6453e2eabbf9c58eb29012

SHA512
a9cbb29a0f4543b350951df9bdd3f06bbf9df4871692f87b4e84862e85d5b72305efba0ee886914de6b05075910f2906d75f78ade715240bc70e970a1e31f206

Download Submit
memory/1076-30-0x0000000000E30000-0x0000000000E36000-memory.dmp

Filesize
24KB

Download
memory/1076-27-0x0000000000E30000-0x0000000000E36000-memory.dmp

Filesize
24KB

Download
memory/1076-49-0x0000000000E30000-0x0000000000E36000-memory.dmp

Filesize
24KB

Download
memory/2388-3-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2388-5-0x0000000000670000-0x0000000001070000-memory.dmp

Filesize
10.0MB

Download
memory/2388-15-0x0000000000670000-0x0000000001070000-memory.dmp

Filesize
10.0MB

Download
memory/2396-16-0x0000000000760000-0x0000000000766000-memory.dmp

Filesize
24KB

Download
memory/2396-19-0x0000000000760000-0x0000000000766000-memory.dmp

Filesize
24KB

Download
memory/2404-17-0x0000000000E20000-0x0000000000E26000-memory.dmp

Filesize
24KB

Download
memory/2404-21-0x0000000000E20000-0x0000000000E26000-memory.dmp

Filesize
24KB

Download
memory/2508-24-0x0000000000ED0000-0x0000000000ED6000-memory.dmp

Filesize
24KB

Download
memory/2508-18-0x0000000000ED0000-0x0000000000ED6000-memory.dmp

Filesize
24KB

Download
memory/3248-4-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3248-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3300-20-0x00000000011A0000-0x00000000011A6000-memory.dmp

Filesize
24KB

Download
memory/3300-11-0x00007FFD5F2ED000-0x00007FFD5F2EE000-memory.dmp

Filesize
4KB

Download
memory/3300-26-0x00000000011A0000-0x00000000011A6000-memory.dmp

Filesize
24KB

Download
memory/3300-8-0x0000000000F90000-0x0000000000F96000-memory.dmp

Filesize
24KB

Download
memory/3300-6-0x0000000000F90000-0x0000000000F96000-memory.dmp

Filesize
24KB

Download
memory/3416-31-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3696-22-0x0000000000DA0000-0x0000000000DA6000-memory.dmp

Filesize
24KB

Download
memory/3696-28-0x0000000000DA0000-0x0000000000DA6000-memory.dmp

Filesize
24KB

Download
memory/3892-23-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/4036-29-0x0000000000AD0000-0x0000000000AD6000-memory.dmp

Filesize
24KB

Download
memory/4036-25-0x0000000000AD0000-0x0000000000AD6000-memory.dmp

Filesize
24KB

Download
memory/4084-9-0x00000000775C2000-0x00000000775C3000-memory.dmp

Filesize
4KB

Download
memory/4084-39-0x00000000027A0000-0x00000000027A6000-memory.dmp

Filesize
24KB

Download
memory/4084-12-0x00000000027A0000-0x00000000027A6000-memory.dmp

Filesize
24KB

Download
memory/4084-10-0x00000000027A0000-0x00000000027A6000-memory.dmp

Filesize
24KB

Download
memory/4084-7-0x00000000027A0000-0x00000000027A6000-memory.dmp

Filesize
24KB

Download
memory/4164-32-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download
memory/4164-35-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download
memory/4508-40-0x0000000000010000-0x0000000000016000-memory.dmp

Filesize
24KB

Download
memory/4508-37-0x0000000000010000-0x0000000000016000-memory.dmp

Filesize
24KB

Download
memory/4648-33-0x0000000000700000-0x0000000000706000-memory.dmp

Filesize
24KB

Download
memory/4648-36-0x0000000000700000-0x0000000000706000-memory.dmp

Filesize
24KB

Download
memory/4708-38-0x0000000000C70000-0x0000000000C76000-memory.dmp

Filesize
24KB

Download
memory/4708-34-0x0000000000C70000-0x0000000000C76000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads