glupteba | 95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae

Analysis

max time kernel
0s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae.exe
Size

4.1MB
MD5

3c3473cb40aead7e8294032d6fd61b9b
SHA1

2112ad0a68534148b8917c7de72e1d9dc6bbe1c7
SHA256

95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae
SHA512

ca8138fd89ad6cbbf517bff2ff94811386b48e805d9bf1bb960e4cd854e96eac8585f76383e23c5e2f17893bbe4a39b629acc868eb411cefc74fc9b4b31c3575
SSDEEP

98304:psVQ+hudF4keJeyEqK0evsENr9r54Wa5Cc1nHXiv7:ps5hioeyE6OsERj43no

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 14 IoCs

resource	yara_rule
behavioral2/memory/1688-2-0x0000000004B10000-0x00000000053FB000-memory.dmp	family_glupteba
behavioral2/memory/1688-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/1688-134-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/1688-200-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/2084-199-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-202-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-214-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-218-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-222-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-226-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-230-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-234-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-238-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/484-242-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1628	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2148-207-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/files/0x000200000002aa49-206.dat	upx
behavioral2/memory/2200-209-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/2148-212-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/2200-216-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/2200-224-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2104	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4020	powershell.exe
1388	powershell.exe
1592	powershell.exe
2404	powershell.exe
4704	powershell.exe
4852	powershell.exe
2908	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4612	schtasks.exe
2764	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae.exe
"C:\Users\Admin\AppData\Local\Temp\95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae.exe"
1⤵
PID:1688
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2404
- C:\Users\Admin\AppData\Local\Temp\95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae.exe
  "C:\Users\Admin\AppData\Local\Temp\95d35da417f392a2054142c0451821e08468a5923f8c7c8f28eb840a4c4d04ae.exe"
  2⤵
  PID:2084
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4988
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:1628
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4852
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2908
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:484
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4020
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:4612
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:2120
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:4236
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2764
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:2148
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:3068
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:2104

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nt0nsndr.1py.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
a863f2a06d97e0cae1edf7f6b5e17749

SHA1
ae15a00688772d549cfe44da3b1e59c1fa0a8ec3

SHA256
d43d7e360f58dd0fc83dd7005dba1ceb968d91735814753d06b57bc5ba81b2bb

SHA512
e2d56f2ecc030cc943f4a3f9a3e8f3cc3b0d5cb0c4fe916578314b796da21ee08135e8271a97f9a72a9835c0a9ef19bdfa7c7375f134651f66b9d0df17d90537

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
5f8b0a381908080308f2e7417301823a

SHA1
5ed77dd9d4b21ae8ae0f505e11389ee087fb35da

SHA256
be55f11523e22f2774b216168e51d65b7d6da52bd1cd7562109de73049b57db5

SHA512
8bdc87df1cf46cbfed629a781c7784a1f3e9497f93c5c296e034b4323ba04b6131672b9444cd00378961c8bfe45514a6183ddc967977044633edeb645519b662

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
90d21b32cb0f62e7f6daabfb3c3d57aa

SHA1
b3ac50da77daba55f2afaa5dca2e30d4b3e0f44a

SHA256
7634d5e82046a08774a4739cdc726007d700ce495c27dd6fe04f49c609fa5e64

SHA512
065e4eed50c9a8a5611d6d2dde2cd537d567404b2b05b6be0ec3fb13b5198cd75e2bb9939fc8998e7a46584194e00e66d5407fc253b1c21275c6397bfaebdeec

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
df71b39ee19cfc8ed1602e613b2579db

SHA1
9e0ae62881d741d2e7af996b54c3a12394ce43b2

SHA256
d2e74395195846a4c4c75f5ca546e2a5851fc6ee9df18082042b5f9537e9ae5e

SHA512
1816082adb14e2610787d59cf3ad840344ea0d21c63eec37e7f6bb8d6ae52273200ebf721f92c62097ae0d5d20e480fb1b1e03c1ae7e56f849423923c5d27449

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ff31d54a895ca60f12e630106df6a110

SHA1
35fe84fa01f5209304b22b01f41324cfba9539f8

SHA256
932038ef197768584463d7e9d5dbbbab013632da2b80a05fc0c9fee88053a52e

SHA512
6af7228d1e0b3db2183b86d3ee9446940b0671f05c9eb2f63845672575e465f558e3708b1729da9ff7fa4b94ce996440aef092788c2e074f01cbc7f83351bb06

Download Submit
C:\Windows\rss\csrss.exe

Filesize
2.1MB

MD5
c75a4c3376005161710e0d71b6f83c54

SHA1
de64d54e59d36f29a6cdd84a41b877b3b679515a

SHA256
0f937c3ea01ef9fa1f85bb21b8e0f61b940ae2a6af446a9d9106945d9f16af0a

SHA512
cc87b0c7cc5554f8c2f52831cf00954721418a9f22f2622b617ac23b8f4cea2a6e38382511cfd932df9a1c490600619a39f5605561cc2617054a06ffccafe988

Download Submit
C:\Windows\rss\csrss.exe

Filesize
3.6MB

MD5
5d81aa5b8d140a38971245ac40d6f042

SHA1
f6c8879370510a06631567f62b37850792bbb819

SHA256
a5f25c87a7da65b3f7c525736632c60b13cc9b2bcf29dd5f1bdad54bc7eefc2f

SHA512
e11f91d514cd2410956df289650e3eabab8299fc657d484a1aafa2ed3961ef14edee20ede58000e7b64c490588e8f1d85db332f30b0477145fda1ec611623cb3

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/484-246-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-226-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-230-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-222-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-218-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-234-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-214-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-238-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-242-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-250-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-254-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-258-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/484-202-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1388-160-0x00000000707C0000-0x0000000070B17000-memory.dmp

Filesize
3.3MB

Download
memory/1388-169-0x0000000007B00000-0x0000000007BA4000-memory.dmp

Filesize
656KB

Download
memory/1388-156-0x00000000064F0000-0x0000000006847000-memory.dmp

Filesize
3.3MB

Download
memory/1388-158-0x0000000006DE0000-0x0000000006E2C000-memory.dmp

Filesize
304KB

Download
memory/1388-171-0x00000000062A0000-0x00000000062B5000-memory.dmp

Filesize
84KB

Download
memory/1388-170-0x0000000007E40000-0x0000000007E51000-memory.dmp

Filesize
68KB

Download
memory/1388-159-0x0000000070640000-0x000000007068C000-memory.dmp

Filesize
304KB

Download
memory/1592-183-0x0000000070640000-0x000000007068C000-memory.dmp

Filesize
304KB

Download
memory/1592-184-0x0000000070F80000-0x00000000712D7000-memory.dmp

Filesize
3.3MB

Download
memory/1592-181-0x0000000005770000-0x0000000005AC7000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1-0x0000000004700000-0x0000000004B01000-memory.dmp

Filesize
4.0MB

Download
memory/1688-200-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1688-134-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1688-136-0x0000000004B10000-0x00000000053FB000-memory.dmp

Filesize
8.9MB

Download
memory/1688-135-0x0000000004700000-0x0000000004B01000-memory.dmp

Filesize
4.0MB

Download
memory/1688-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1688-2-0x0000000004B10000-0x00000000053FB000-memory.dmp

Filesize
8.9MB

Download
memory/2084-199-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2148-207-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-212-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2200-209-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2200-216-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2200-224-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2404-39-0x0000000007CD0000-0x0000000007CEA000-memory.dmp

Filesize
104KB

Download
memory/2404-26-0x00000000744B0000-0x0000000074C61000-memory.dmp

Filesize
7.7MB

Download
memory/2404-4-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2404-5-0x0000000002EF0000-0x0000000002F26000-memory.dmp

Filesize
216KB

Download
memory/2404-6-0x0000000005C90000-0x00000000062BA000-memory.dmp

Filesize
6.2MB

Download
memory/2404-7-0x00000000744B0000-0x0000000074C61000-memory.dmp

Filesize
7.7MB

Download
memory/2404-8-0x0000000005890000-0x00000000058B2000-memory.dmp

Filesize
136KB

Download
memory/2404-11-0x00000000744B0000-0x0000000074C61000-memory.dmp

Filesize
7.7MB

Download
memory/2404-10-0x0000000005BA0000-0x0000000005C06000-memory.dmp

Filesize
408KB

Download
memory/2404-9-0x0000000005B30000-0x0000000005B96000-memory.dmp

Filesize
408KB

Download
memory/2404-20-0x0000000006330000-0x0000000006687000-memory.dmp

Filesize
3.3MB

Download
memory/2404-21-0x0000000006720000-0x000000000673E000-memory.dmp

Filesize
120KB

Download
memory/2404-22-0x0000000006760000-0x00000000067AC000-memory.dmp

Filesize
304KB

Download
memory/2404-23-0x0000000007700000-0x0000000007746000-memory.dmp

Filesize
280KB

Download
memory/2404-25-0x0000000070720000-0x000000007076C000-memory.dmp

Filesize
304KB

Download
memory/2404-27-0x00000000708A0000-0x0000000070BF7000-memory.dmp

Filesize
3.3MB

Download
memory/2404-50-0x00000000744B0000-0x0000000074C61000-memory.dmp

Filesize
7.7MB

Download
memory/2404-47-0x0000000007DD0000-0x0000000007DD8000-memory.dmp

Filesize
32KB

Download
memory/2404-46-0x0000000007DE0000-0x0000000007DFA000-memory.dmp

Filesize
104KB

Download
memory/2404-45-0x0000000007D90000-0x0000000007DA5000-memory.dmp

Filesize
84KB

Download
memory/2404-44-0x0000000007D80000-0x0000000007D8E000-memory.dmp

Filesize
56KB

Download
memory/2404-43-0x0000000007D30000-0x0000000007D41000-memory.dmp

Filesize
68KB

Download
memory/2404-42-0x0000000007E20000-0x0000000007EB6000-memory.dmp

Filesize
600KB

Download
memory/2404-41-0x0000000007D10000-0x0000000007D1A000-memory.dmp

Filesize
40KB

Download
memory/2404-40-0x00000000744B0000-0x0000000074C61000-memory.dmp

Filesize
7.7MB

Download
memory/2404-38-0x0000000008320000-0x000000000899A000-memory.dmp

Filesize
6.5MB

Download
memory/2404-36-0x0000000007B90000-0x0000000007BAE000-memory.dmp

Filesize
120KB

Download
memory/2404-37-0x0000000007BB0000-0x0000000007C54000-memory.dmp

Filesize
656KB

Download
memory/2404-24-0x0000000007B50000-0x0000000007B84000-memory.dmp

Filesize
208KB

Download
memory/2908-109-0x00000000708C0000-0x0000000070C17000-memory.dmp

Filesize
3.3MB

Download
memory/2908-108-0x0000000070720000-0x000000007076C000-memory.dmp

Filesize
304KB

Download
memory/2908-106-0x0000000005840000-0x0000000005B97000-memory.dmp

Filesize
3.3MB

Download
memory/4020-137-0x0000000070720000-0x000000007076C000-memory.dmp

Filesize
304KB

Download
memory/4020-132-0x00000000062B0000-0x0000000006607000-memory.dmp

Filesize
3.3MB

Download
memory/4020-138-0x0000000070930000-0x0000000070C87000-memory.dmp

Filesize
3.3MB

Download
memory/4704-73-0x0000000007E90000-0x0000000007EA5000-memory.dmp

Filesize
84KB

Download
memory/4704-57-0x0000000006370000-0x00000000066C7000-memory.dmp

Filesize
3.3MB

Download
memory/4704-72-0x0000000007E40000-0x0000000007E51000-memory.dmp

Filesize
68KB

Download
memory/4704-61-0x0000000070720000-0x000000007076C000-memory.dmp

Filesize
304KB

Download
memory/4704-62-0x0000000070990000-0x0000000070CE7000-memory.dmp

Filesize
3.3MB

Download
memory/4704-71-0x0000000007AF0000-0x0000000007B94000-memory.dmp

Filesize
656KB

Download
memory/4852-85-0x0000000005B80000-0x0000000005ED7000-memory.dmp

Filesize
3.3MB

Download
memory/4852-88-0x0000000070950000-0x0000000070CA7000-memory.dmp

Filesize
3.3MB

Download
memory/4852-87-0x0000000070720000-0x000000007076C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads