babylonrat | 9b35515881e9df17f63e542ec471ab11e41dbef91eec80ed2d751b449fc80db3

Resubmissions

06-05-2024 03:14

240506-drhjrsfc3x 10

06-05-2024 03:08

240506-dm8kdsaa57 10

Analysis

max time kernel
295s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2024 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Babylon/Babylon RAT.exe
Size

6.7MB
MD5

aecdce1d7e2a637d1dcacd2b4580487b
SHA1

d5cd12f7a18d6777c9ec8458694aa3a74fd23701
SHA256

9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572
SHA512

8bb5ad64f1b2e75e47c4671396a713018c74c44e84803887c6b4a200ea85f4c020ccfe15211af3899cdcf9d0f46ef994bfd939e462f61062044874f7a64d7a35
SSDEEP

98304:KbldsCQTcsBL54TRRTk3w0ZIWoPzSSosDlh7OLifNLxu2UVaCS2e7Csb6j9cgl36:GnPsHqRwvoPzSSosDlhCKzi9/2BO4T

Score

10^/10

babylonrat trojan upx

Malware Config

Extracted

Family

babylonrat

8.8.8.8

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	Babylon RAT.exe

Executes dropped EXE 2 IoCs

pid	Process
2012	upx.exe
3612	sdfsdg.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000600000001da74-21.dat	upx
behavioral2/memory/2012-27-0x0000000000400000-0x000000000059C000-memory.dmp	upx
behavioral2/memory/2012-35-0x0000000000400000-0x000000000059C000-memory.dmp	upx
behavioral2/files/0x000700000001da94-36.dat	upx
behavioral2/memory/3612-38-0x0000000000E70000-0x0000000000F38000-memory.dmp	upx
behavioral2/memory/3612-40-0x0000000000E70000-0x0000000000F38000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3272	ipconfig.exe

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Babylon RAT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000009165d0752792da01f52416782792da01756abf782792da0114000000	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Babylon RAT.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3048	Babylon RAT.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3612	sdfsdg.exe
Token: SeDebugPrivilege	3612	sdfsdg.exe
Token: SeTcbPrivilege	3612	sdfsdg.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3048	Babylon RAT.exe
3048	Babylon RAT.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3048	Babylon RAT.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3048	Babylon RAT.exe
3048	Babylon RAT.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 3272	1584	cmd.exe	122
PID 1584 wrote to memory of 3272	1584	cmd.exe	122
PID 3048 wrote to memory of 2012	3048	Babylon RAT.exe	124
PID 3048 wrote to memory of 2012	3048	Babylon RAT.exe	124
PID 3048 wrote to memory of 2012	3048	Babylon RAT.exe	124

C:\Users\Admin\AppData\Local\Temp\Babylon\Babylon RAT.exe
"C:\Users\Admin\AppData\Local\Temp\Babylon\Babylon RAT.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\Babylon\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\Babylon\upx.exe" "C:\Users\Admin\Desktop\sdfsdg.exe"
  2⤵
  - Executes dropped EXE
  PID:2012

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\system32\ipconfig.exe
  ipconfig /all
  2⤵
  - Gathers network information
  PID:3272

C:\Users\Admin\Desktop\sdfsdg.exe
"C:\Users\Admin\Desktop\sdfsdg.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Babylon\upx.exe

Filesize
298KB

MD5
e9eacbb7ab4b3f66019e0a2f13a1dba9

SHA1
ae30894b29e52bf04afc4a54795d438fb910acff

SHA256
0c3dc789d0a46493bd097526b920d913d930d96b1052cb331eec3ac560c89996

SHA512
925445d20c93c65a282fc59f773551d824bff1f8e2623fd8ea0c587831a9550c400f121defb3d82c8f0401903fa69e3154dc98e29688d02af1d5d01247914a06

Download Submit
C:\Users\Admin\Desktop\sdfsdg.exe

Filesize
355KB

MD5
42d6653d70b44ebc811c3cbb20d2373e

SHA1
4e0904f82169d34571073659dc62e244f58c3035

SHA256
31a422e91a6b1f248c16177924ede08ae85c69c467c84814189b8103223497f6

SHA512
49f08a1546634822d01778cd328abe743124c9164cdf3ecca135f814cc82724e13c27bf4697d7fd194048c03a0a5b405ece173326016b5cd7e0671d212f3ac67

Download Submit
C:\Users\Admin\Desktop\sdfsdg.exe

Filesize
733KB

MD5
95a82dc6e9f8cb7da0535fa1797a86bf

SHA1
f18ee70deab2e9b47a18c0c8c137bd60847aab65

SHA256
7d07641c1cbb01245371bca2a265eed480608ce220d0275f37bf4e0e17f3cb00

SHA512
e06c6784d9718a3b751beb348b57e88870d5cf662ac9830c6c29cecbb27c39388105dd34bc12d9eae312332608b98d2b28f13d2f46fd935b97948d867e2c83a4

Download Submit
memory/2012-35-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/2012-27-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/3048-5-0x0000000004DF0000-0x0000000004DFA000-memory.dmp

Filesize
40KB

Download
memory/3048-14-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-7-0x0000000008470000-0x00000000084DC000-memory.dmp

Filesize
432KB

Download
memory/3048-8-0x000000000A0E0000-0x000000000A17C000-memory.dmp

Filesize
624KB

Download
memory/3048-9-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-10-0x00000000749DE000-0x00000000749DF000-memory.dmp

Filesize
4KB

Download
memory/3048-11-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-12-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-13-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-6-0x0000000007A10000-0x0000000007A2E000-memory.dmp

Filesize
120KB

Download
memory/3048-0-0x00000000749DE000-0x00000000749DF000-memory.dmp

Filesize
4KB

Download
memory/3048-4-0x00000000749D0000-0x0000000075180000-memory.dmp

Filesize
7.7MB

Download
memory/3048-3-0x0000000007860000-0x00000000078F2000-memory.dmp

Filesize
584KB

Download
memory/3048-2-0x0000000007D10000-0x00000000082B4000-memory.dmp

Filesize
5.6MB

Download
memory/3048-1-0x00000000002E0000-0x00000000009A2000-memory.dmp

Filesize
6.8MB

Download
memory/3612-38-0x0000000000E70000-0x0000000000F38000-memory.dmp

Filesize
800KB

Download
memory/3612-40-0x0000000000E70000-0x0000000000F38000-memory.dmp

Filesize
800KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads