glupteba | 2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62

Analysis

max time kernel
8s
max time network
294s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62.exe
Size

4.1MB
MD5

1157922d694e53092c8c05331878f8a1
SHA1

f63cbc1b6e261bd011352c0f64ec6238ec37c397
SHA256

2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62
SHA512

35d95d7672a2f3f1796317d3b455bc6575e997ce67c049a4ccc0971a8066820df1f0e069b9a1e07e615cf87685fdd0518859d4769f132f02fe38dfe534118ed1
SSDEEP

98304:cFETef+mmkxaPY+QSMo7d4VmoteWoCPtlnvHUEaCydSs:cFGef+mhxag+rMGd4V3tmut57ts

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 34 IoCs

resource	yara_rule
behavioral2/memory/4412-2-0x0000000004CC0000-0x00000000055AB000-memory.dmp	family_glupteba
behavioral2/memory/4412-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/4412-297-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/4412-301-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/4412-302-0x0000000004CC0000-0x00000000055AB000-memory.dmp	family_glupteba
behavioral2/memory/4412-300-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/4040-542-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/4040-1018-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1499-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1739-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1748-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1750-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1752-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1754-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1756-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1758-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1760-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1762-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1764-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1766-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1768-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1770-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1772-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1774-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1776-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1778-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1780-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1782-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1784-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1786-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1788-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1790-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1792-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba
behavioral2/memory/880-1794-0x0000000000400000-0x0000000002B0C000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1996	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000800000001ac06-1742.dat	upx
behavioral2/memory/2676-1744-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/720-1747-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/2676-1746-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/720-1749-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/720-1753-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5084	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5036	powershell.exe
32	powershell.exe
4136	powershell.exe
1928	powershell.exe
4608	powershell.exe
528	powershell.exe
3100	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2672	schtasks.exe
4020	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62.exe
"C:\Users\Admin\AppData\Local\Temp\2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62.exe"
1⤵
PID:4412
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4608
- C:\Users\Admin\AppData\Local\Temp\2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62.exe
  "C:\Users\Admin\AppData\Local\Temp\2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62.exe"
  2⤵
  PID:4040
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:528
- - C:\Windows\System32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4132
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:1996
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3100
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5036
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:880
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:32
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2672
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:2136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:1104
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:4020
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:2676
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:5084

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ptroh5g.lrt.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
1c19c16e21c97ed42d5beabc93391fc5

SHA1
8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68

SHA256
1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05

SHA512
7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
eca46bf53ca234f3b6ea5b9ede0ab116

SHA1
a0617be1d4c62b4bf1489e9b73b45af6c52a640c

SHA256
612f7c79b602a59cb127487a67c4fa7fe8b62f7232beb3491ac5a50bd5cefa51

SHA512
9a0db634ae52fb4ee22f6941b6d85f8ee8fa582d082450746c44ed40664790caad647bed27fbe631b6fd0098fba8082ef33d83df9f99ac7a62f612aab4dab119

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
43aab291852c6342774aaa9c29acf9f5

SHA1
452a03fdbd7fdfa03bf9b4bf9c778fb6390d8fba

SHA256
53060117bbecbaa672772b7ecac6df904c732036196f88667c03292629cb2216

SHA512
dc3b9f98e827f2cdfe3c2a0919e70482cab34663bbc966a1f03cc31f31c2cad0b999c07f064a95c141afe1fbd02c22df380c0f1f434615c093f324e6b6788af3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
f90062e172378ae315854f03f890432e

SHA1
2d0af8ee083b491c1b4e7533a9e2a254cc6c486b

SHA256
60100ca05c216f7683132b05a635dbeb5cc68b307dd4a5696a4ac27d7e6511ed

SHA512
ca738fd9f8b6b0ea3263d8cdfc06ba18d5878ebe278a2bbd2844df4e4e46f77801238b635748ce925e729dc4fc453933510927f4304f8819ebb9ec9b6bf9a37b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
2f2e659d77b5e9be09d1355ec4da150c

SHA1
a4ca435eda9a7773db257db8c92167dac52e0568

SHA256
4081ae51d3dedfce5fe61cc4a01eb8f7c52d517291010c42c9549a25680303f8

SHA512
6b7a0e21ee1d16c7f778b656ea38f79f7de9b52b3343bd4c4b1a01cac3c6dd4e9c9890719b1edfd0d7cc1fd8cbd5a63ba7580b1fb335c7f60829e8c3e56d4a27

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
a214d9b82caf8ecb2af33df426485cf8

SHA1
39a21f87992ce0d0d4fbfb34923550aa8207d6c5

SHA256
0022b6f9093bdd5b0f3377ba8c74f75c01280712a48a11fe32957c4b04591761

SHA512
753c162d7d634c3657b96b35e039373ea8258d96b65ed2f0df94c3e53bb92924c49cb9f44d6dee4aaffa3bd2d3319c07c6670105b952a95c4aaa3c6c3b22ce29

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
1157922d694e53092c8c05331878f8a1

SHA1
f63cbc1b6e261bd011352c0f64ec6238ec37c397

SHA256
2546c196a3636ae61a971fd718a9feff3dd2b137ab96fc5f256f111b165cbf62

SHA512
35d95d7672a2f3f1796317d3b455bc6575e997ce67c049a4ccc0971a8066820df1f0e069b9a1e07e615cf87685fdd0518859d4769f132f02fe38dfe534118ed1

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/32-1044-0x000000006FDB0000-0x000000006FDFB000-memory.dmp

Filesize
300KB

Download
memory/32-1045-0x000000006FE00000-0x0000000070150000-memory.dmp

Filesize
3.3MB

Download
memory/32-1025-0x0000000007D20000-0x0000000007D6B000-memory.dmp

Filesize
300KB

Download
memory/32-1050-0x0000000009290000-0x0000000009335000-memory.dmp

Filesize
660KB

Download
memory/32-1023-0x00000000078B0000-0x0000000007C00000-memory.dmp

Filesize
3.3MB

Download
memory/528-306-0x0000000007640000-0x0000000007990000-memory.dmp

Filesize
3.3MB

Download
memory/528-326-0x000000006FE50000-0x000000006FE9B000-memory.dmp

Filesize
300KB

Download
memory/528-327-0x000000006FEA0000-0x00000000701F0000-memory.dmp

Filesize
3.3MB

Download
memory/528-332-0x0000000008FA0000-0x0000000009045000-memory.dmp

Filesize
660KB

Download
memory/528-307-0x0000000007A60000-0x0000000007AAB000-memory.dmp

Filesize
300KB

Download
memory/720-1747-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/720-1749-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/720-1753-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/880-1748-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1770-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1794-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1792-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1790-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1788-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1786-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1784-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1782-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1780-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1778-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1776-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1774-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1772-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1499-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1739-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1750-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1752-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1768-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1766-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1764-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1762-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1754-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1760-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1758-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/880-1756-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/1928-1500-0x0000000008420000-0x0000000008770000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1520-0x000000006FD00000-0x000000006FD4B000-memory.dmp

Filesize
300KB

Download
memory/1928-1521-0x000000006FD50000-0x00000000700A0000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1746-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2676-1744-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3100-565-0x000000006FE50000-0x000000006FE9B000-memory.dmp

Filesize
300KB

Download
memory/3100-566-0x000000006FEA0000-0x00000000701F0000-memory.dmp

Filesize
3.3MB

Download
memory/4040-1018-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/4040-542-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/4136-1288-0x0000000009DD0000-0x0000000009E75000-memory.dmp

Filesize
660KB

Download
memory/4136-1283-0x000000006FD70000-0x00000000700C0000-memory.dmp

Filesize
3.3MB

Download
memory/4136-1282-0x000000006FD00000-0x000000006FD4B000-memory.dmp

Filesize
300KB

Download
memory/4136-1263-0x0000000008C40000-0x0000000008C8B000-memory.dmp

Filesize
300KB

Download
memory/4136-1261-0x0000000008110000-0x0000000008460000-memory.dmp

Filesize
3.3MB

Download
memory/4412-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4412-297-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/4412-301-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4412-302-0x0000000004CC0000-0x00000000055AB000-memory.dmp

Filesize
8.9MB

Download
memory/4412-300-0x0000000000400000-0x0000000002B0C000-memory.dmp

Filesize
39.0MB

Download
memory/4412-2-0x0000000004CC0000-0x00000000055AB000-memory.dmp

Filesize
8.9MB

Download
memory/4412-1-0x00000000048C0000-0x0000000004CBB000-memory.dmp

Filesize
4.0MB

Download
memory/4608-16-0x0000000008210000-0x000000000825B000-memory.dmp

Filesize
300KB

Download
memory/4608-74-0x000000006FD30000-0x000000006FD7B000-memory.dmp

Filesize
300KB

Download
memory/4608-12-0x0000000007C10000-0x0000000007C76000-memory.dmp

Filesize
408KB

Download
memory/4608-8-0x0000000073020000-0x000000007370E000-memory.dmp

Filesize
6.9MB

Download
memory/4608-11-0x0000000007440000-0x0000000007462000-memory.dmp

Filesize
136KB

Download
memory/4608-14-0x0000000007DF0000-0x0000000008140000-memory.dmp

Filesize
3.3MB

Download
memory/4608-15-0x00000000081E0000-0x00000000081FC000-memory.dmp

Filesize
112KB

Download
memory/4608-10-0x0000000073020000-0x000000007370E000-memory.dmp

Filesize
6.9MB

Download
memory/4608-35-0x00000000087A0000-0x00000000087DC000-memory.dmp

Filesize
240KB

Download
memory/4608-280-0x000000000A330000-0x000000000A338000-memory.dmp

Filesize
32KB

Download
memory/4608-299-0x0000000073020000-0x000000007370E000-memory.dmp

Filesize
6.9MB

Download
memory/4608-66-0x0000000009310000-0x0000000009386000-memory.dmp

Filesize
472KB

Download
memory/4608-9-0x0000000007500000-0x0000000007B28000-memory.dmp

Filesize
6.2MB

Download
memory/4608-13-0x0000000007D80000-0x0000000007DE6000-memory.dmp

Filesize
408KB

Download
memory/4608-81-0x000000000A1C0000-0x000000000A265000-memory.dmp

Filesize
660KB

Download
memory/4608-76-0x000000000A160000-0x000000000A17E000-memory.dmp

Filesize
120KB

Download
memory/4608-75-0x000000006FD80000-0x00000000700D0000-memory.dmp

Filesize
3.3MB

Download
memory/4608-73-0x000000000A180000-0x000000000A1B3000-memory.dmp

Filesize
204KB

Download
memory/4608-82-0x000000000A3A0000-0x000000000A434000-memory.dmp

Filesize
592KB

Download
memory/4608-275-0x000000000A340000-0x000000000A35A000-memory.dmp

Filesize
104KB

Download
memory/4608-6-0x000000007302E000-0x000000007302F000-memory.dmp

Filesize
4KB

Download
memory/4608-7-0x0000000006D50000-0x0000000006D86000-memory.dmp

Filesize
216KB

Download
memory/5036-781-0x0000000007B20000-0x0000000007E70000-memory.dmp

Filesize
3.3MB

Download
memory/5036-801-0x000000006FE50000-0x000000006FE9B000-memory.dmp

Filesize
300KB

Download
memory/5036-802-0x000000006FEC0000-0x0000000070210000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads