aa04ce93d59810e47b1671d48cd4d96befde2f348b5ca3a50c1f94750166ff4d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Size

89KB
MD5

70dcef1928e8f28a80c8dc047ddd0240
SHA1

58b49df522e732d4fa6d3daf4f4f6d004ba2afe0
SHA256

aa04ce93d59810e47b1671d48cd4d96befde2f348b5ca3a50c1f94750166ff4d
SHA512

673169795ee67b5341bfab89e427f97e9abf0d017e3f2165dd3bf7c0860d5e9a132c176a98dd9ede4ecaa73ea3d581c69bf6db328062b6dc1b2d2b8ed86103a5
SSDEEP

1536:nsC67HV+DgK06Xbq7gkIFUXhi0/Lg+WPJLJ5eLMNtXMBOc80JIM4KjLKc8LlExky:sC67mgZUq7qFUXM+S7mBl8mVHKcslaky

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nelhbdlc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ngjdopkg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nndlkj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oacige32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Oacige32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nkccjo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nnbpfj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nndlkj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nkccjo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nnbpfj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nelhbdlc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ngjdopkg.exe

Executes dropped EXE 7 IoCs

pid	Process
4280	Nkccjo32.exe
2700	Nnbpfj32.exe
3224	Nelhbdlc.exe
4140	Ngjdopkg.exe
1016	Nndlkj32.exe
4960	Oacige32.exe
3992	Ogmado32.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Minigl32.dll	Nelhbdlc.exe
File opened for modification	C:\Windows\SysWOW64\Nndlkj32.exe	Ngjdopkg.exe
File created	C:\Windows\SysWOW64\Lfbpem32.dll	Ngjdopkg.exe
File created	C:\Windows\SysWOW64\Pminhodj.dll	Nkccjo32.exe
File opened for modification	C:\Windows\SysWOW64\Nkccjo32.exe	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Nnbpfj32.exe	Nkccjo32.exe
File opened for modification	C:\Windows\SysWOW64\Nnbpfj32.exe	Nkccjo32.exe
File created	C:\Windows\SysWOW64\Nelhbdlc.exe	Nnbpfj32.exe
File opened for modification	C:\Windows\SysWOW64\Nelhbdlc.exe	Nnbpfj32.exe
File created	C:\Windows\SysWOW64\Nndlkj32.exe	Ngjdopkg.exe
File created	C:\Windows\SysWOW64\Daifcmfa.dll	Oacige32.exe
File created	C:\Windows\SysWOW64\Nkccjo32.exe	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Khbmbp32.dll	Nnbpfj32.exe
File created	C:\Windows\SysWOW64\Ngjdopkg.exe	Nelhbdlc.exe
File opened for modification	C:\Windows\SysWOW64\Ngjdopkg.exe	Nelhbdlc.exe
File created	C:\Windows\SysWOW64\Oacige32.exe	Nndlkj32.exe
File opened for modification	C:\Windows\SysWOW64\Oacige32.exe	Nndlkj32.exe
File created	C:\Windows\SysWOW64\Qgmjfbdj.dll	Nndlkj32.exe
File opened for modification	C:\Windows\SysWOW64\Ogmado32.exe	Oacige32.exe
File created	C:\Windows\SysWOW64\Kikkoh32.dll	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Ogmado32.exe	Oacige32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3620	3992	WerFault.exe	88

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pminhodj.dll"	Nkccjo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nnbpfj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Minigl32.dll"	Nelhbdlc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nndlkj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oacige32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nkccjo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Oacige32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nelhbdlc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ngjdopkg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lfbpem32.dll"	Ngjdopkg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ngjdopkg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qgmjfbdj.dll"	Nndlkj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Daifcmfa.dll"	Oacige32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kikkoh32.dll"	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nkccjo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Khbmbp32.dll"	Nnbpfj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nnbpfj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nelhbdlc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nndlkj32.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 4280	3820	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe	82
PID 3820 wrote to memory of 4280	3820	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe	82
PID 3820 wrote to memory of 4280	3820	70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe	82
PID 4280 wrote to memory of 2700	4280	Nkccjo32.exe	83
PID 4280 wrote to memory of 2700	4280	Nkccjo32.exe	83
PID 4280 wrote to memory of 2700	4280	Nkccjo32.exe	83
PID 2700 wrote to memory of 3224	2700	Nnbpfj32.exe	84
PID 2700 wrote to memory of 3224	2700	Nnbpfj32.exe	84
PID 2700 wrote to memory of 3224	2700	Nnbpfj32.exe	84
PID 3224 wrote to memory of 4140	3224	Nelhbdlc.exe	85
PID 3224 wrote to memory of 4140	3224	Nelhbdlc.exe	85
PID 3224 wrote to memory of 4140	3224	Nelhbdlc.exe	85
PID 4140 wrote to memory of 1016	4140	Ngjdopkg.exe	86
PID 4140 wrote to memory of 1016	4140	Ngjdopkg.exe	86
PID 4140 wrote to memory of 1016	4140	Ngjdopkg.exe	86
PID 1016 wrote to memory of 4960	1016	Nndlkj32.exe	87
PID 1016 wrote to memory of 4960	1016	Nndlkj32.exe	87
PID 1016 wrote to memory of 4960	1016	Nndlkj32.exe	87
PID 4960 wrote to memory of 3992	4960	Oacige32.exe	88
PID 4960 wrote to memory of 3992	4960	Oacige32.exe	88
PID 4960 wrote to memory of 3992	4960	Oacige32.exe	88

C:\Users\Admin\AppData\Local\Temp\70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70dcef1928e8f28a80c8dc047ddd0240_NeikiAnalytics.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Windows\SysWOW64\Nkccjo32.exe
  C:\Windows\system32\Nkccjo32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4280
- - C:\Windows\SysWOW64\Nnbpfj32.exe
    C:\Windows\system32\Nnbpfj32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Windows\SysWOW64\Nelhbdlc.exe
      C:\Windows\system32\Nelhbdlc.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:3224
    - - C:\Windows\SysWOW64\Ngjdopkg.exe
        
        C:\Windows\system32\Ngjdopkg.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4140
      - C:\Windows\SysWOW64\Nndlkj32.exe
        
        C:\Windows\system32\Nndlkj32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1016
        
        C:\Windows\SysWOW64\Oacige32.exe
        
        C:\Windows\system32\Oacige32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4960
        
        C:\Windows\SysWOW64\Ogmado32.exe
        
        C:\Windows\system32\Ogmado32.exe
        8⤵
        Executes dropped EXE
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 412
        9⤵
        Program crash
        
        PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3992 -ip 3992
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Lfbpem32.dll

Filesize
7KB

MD5
e5dc86493545b9da86fecca6dc30bf09

SHA1
4875bf68309791396a41148e69fe1456cf0bb305

SHA256
ddf290c1c4ac650e09cae126df5a3669f0d0dcdab2b759d22da4986bd4c544e9

SHA512
596939f62b1b12204cfce2a07cc0321225611734b74a312c880f1abd476957e8a6e637dd95fb8f380294df4d564f56f843fa756b89e802033e704b52f1aa6f0a

Download Submit
C:\Windows\SysWOW64\Nelhbdlc.exe

Filesize
89KB

MD5
94fae98588f998d01e03ad8f808f0085

SHA1
96b16a4b8f812cea35de5e8e4c227883eadaf515

SHA256
c0503b77bb5b107a810ef906f3c4428f128a5562086b3c21b5656fc4ae653443

SHA512
2bdb898e3c2a8a6237dadf10a768106fe4bd002c5c6e29b8af835d3f92bb281d2b47bd5a3c94658df96a32375e0448793bc4dbd5672280f21cac6f983c43816b

Download Submit
C:\Windows\SysWOW64\Ngjdopkg.exe

Filesize
89KB

MD5
766dfdf7130ff320b9b4be6725114156

SHA1
9adfb337559ea1165c1d73dd6c47549375ee32c6

SHA256
572d6bfd8689647f740fa280e8cc6f94e234c262ba197a1009a3267e49b8b19d

SHA512
339e5cd596e4e976960add639689ab00866e4fc7be2f796cc210871515f6b03bc8ea25f7f9f64c53ea75d954118f7bab2ba7e963fd702fe3ac45e3989522a65e

Download Submit
C:\Windows\SysWOW64\Nkccjo32.exe

Filesize
89KB

MD5
ad1f2f6cad2ec68074f4418d3d68d6e6

SHA1
1d4a72d507895888906fbc646c350d8adf101927

SHA256
64d604ed7b95e811452e98c41d19e780ddc9fabe6eb44556e2016ca19a499b5b

SHA512
53e61e01f2915d9e908ff14c6d416daae2df194ef96d12591e349b670568fa9e8dadeb549d71a4fc5a75ee28ff3731438b4a3401ef55f0a59f1f1465d26a1331

Download Submit
C:\Windows\SysWOW64\Nnbpfj32.exe

Filesize
89KB

MD5
8e30d3f3d34851d1109dbcfe37e52c4f

SHA1
f571114b79064cf971257a8f758fafa3f8e09018

SHA256
f1237975a9a6bf471c7922b3e58c147029a776045eaad2c2ba65ad1292b7b8ac

SHA512
883e3831fb72b5a05ce085294a39c66b41a968fb20c0c2428c256905417d1e3274fc5bb5d5ae5657c054e2ce0499acdd3c8d79942208f0c5e111f8f42481db58

Download Submit
C:\Windows\SysWOW64\Nndlkj32.exe

Filesize
89KB

MD5
192032481f15d34ab47c07200383761e

SHA1
6aa4d4191e2d400f4e97f90a69306950e755ee70

SHA256
74f2a61352d5b1b4f2e0267998584b652984009043416f26a647fa75dbe2da29

SHA512
edff982d7f5405ad4bba1ae05b9830baf223a66d622a15a08a2019aafbb3c3651fc6bcb56edb3e6dea0921cb9239835f454c0cd3f1aed62233d47096ea066bdc

Download Submit
C:\Windows\SysWOW64\Oacige32.exe

Filesize
89KB

MD5
9856b9f9554458b50544b1ff0e3ed8d9

SHA1
0bb66d86d1da8ce17320fd26f70afa67df8e78c0

SHA256
34c36ed7c84a1b01aba170d4cb46401febb75f108f8e4e844bab58887808e5f1

SHA512
f12fba05ed9a1ed383fa507231a17fbfddc8cf7dc4f3d2b5e4de159b954831859d9a0de3c968c618b73f96414be1317ade15cbaaff81cfe1604865c1b1ba17f6

Download Submit
C:\Windows\SysWOW64\Ogmado32.exe

Filesize
89KB

MD5
4d75c15fbf4b79d4adbcc5249203813c

SHA1
d7126f0ebe9fbf3681975269100b898e0dd19bf1

SHA256
7083540814ebe7340acb994226a41d6320be568914e633e7a1918051d416ca06

SHA512
fd84012ce64271635d8faff094446174393770e338493714756b8c2a5f613235a514c4e467ef244e4a282334c24e67f62944d46656d64730328b86b7c1a1ab8c

Download Submit
C:\Windows\SysWOW64\Ogmado32.exe

Filesize
89KB

MD5
26430bd88155c74556ee2be85424af78

SHA1
98898d7378b52318d411e42650d1165deecdddfd

SHA256
420449d3137de14ee5f5d6bd7f083512c05cb04ce18ff7fb8ed74d5ad00530fa

SHA512
b3a9c6296b359d8f2e3363a0bb9ba84ad8624c3cf7d7e2af8d4a37331a03490181409f0b24f525f9163d1215327b54bf448522c1971a70c3eaf9afd5736ae0ad

Download Submit
memory/1016-44-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2700-15-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2700-60-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3224-59-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3224-24-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3820-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3820-62-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3992-56-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3992-57-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4140-36-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4280-61-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4280-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4960-48-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4960-58-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads