glupteba | 1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6

Analysis

max time kernel
0s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6.exe
Size

4.1MB
MD5

3e47a07813ad8b2b6f0734896ebde9d0
SHA1

19e00ceb9bbdb42752f6d6dc723a6718854f3f27
SHA256

1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6
SHA512

4e3d56db85bf28a07273bb46b4437cbd059fd409a809a8067ac4166f7f1adde930a429d24f39aa2149a238dec8fe1cf59dd268ac3c69fab7efc020d53848b74c
SSDEEP

98304:BsVQ+hudF4keJeyEqK0evsENr9r54Wa5Cc1nHXivj:Bs5hioeyE6OsERj43ns

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 16 IoCs

resource	yara_rule
behavioral2/memory/3352-2-0x0000000004A40000-0x000000000532B000-memory.dmp	family_glupteba
behavioral2/memory/3352-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/836-122-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3352-135-0x0000000004A40000-0x000000000532B000-memory.dmp	family_glupteba
behavioral2/memory/3352-133-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3352-193-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/3452-200-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-217-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-220-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-223-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-226-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-229-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-232-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-235-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-238-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/3452-241-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2308	netsh.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5108-205-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/files/0x000200000002a9da-206.dat	upx
behavioral2/memory/5108-209-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4668-208-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/files/0x000200000002a9da-204.dat	upx
behavioral2/files/0x000200000002a9da-203.dat	upx
behavioral2/memory/4668-212-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4668-218-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
432	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
780	powershell.exe
3984	powershell.exe
2144	powershell.exe
2144	powershell.exe
2364	powershell.exe
3732	powershell.exe
1444	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1128	schtasks.exe
5044	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6.exe
"C:\Users\Admin\AppData\Local\Temp\1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6.exe"
1⤵
PID:3352
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2144
- C:\Users\Admin\AppData\Local\Temp\1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6.exe
  "C:\Users\Admin\AppData\Local\Temp\1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6.exe"
  2⤵
  PID:836
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4812
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2308
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3732
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1444
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:3452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:780
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:1128
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:3928
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:3984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:1888
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:5044
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:5108
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:5020
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:432

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t5em4fr0.qqr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
b9e21e5d3de253ae7ebfae38aa5bd90b

SHA1
556c6138195861465273e7805506d2f912c778b4

SHA256
990f68f63e97671c2eeb43e85b714c5098b2b0b1cdd720b254005aa5829682ea

SHA512
b883a510ccc0d9bb901bdc558655b94bee4f7b0208f2276950a1f356cb9332c24cb57227b693c3f037bd29367b36906f8ab103b17527e2d95a0108a4f5431ba0

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
a545369a8b3a516a254e51934b42424e

SHA1
f5ed7ddae0821aed900da188a28fba03c8b0ff69

SHA256
7537ed9fef525c740992f553e8a1629efc039785cbc803c9a639f5e3d57751c0

SHA512
1f93eb3a3bc46aae58a788fe41f505f27d341096ed3ecf33b8c035ce82d958a7138b664750a6c4ecf38a3d0f4b95c7361cf76e58cc2913d47cfb57d6b315c509

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
6b7acf4edb8657abad47e6a33200dbd6

SHA1
0ab47367c3fc8f051df49b63508289f034c4d742

SHA256
23678cec91c6054c725a0c10aac078cab5266b4ede1859a8323aff065c4d87d7

SHA512
9e275cb25cde77aebb6a63e77c16346a74814807572b4d3179b079ff86d9475800948fcc654ce758a7b01aa68ebec5e2b726642ba0aafbf26597a13844b83364

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
bd9a520f53c027b01a273766f74c8de0

SHA1
79b3771bb37567c3931dcf7fc8c2807ee3e2980a

SHA256
6075401152207c2cca7100456d31f4367d3bb57e2147aa4f5ab6d6e9b5a8f61b

SHA512
27750da049bd35aeb1517368f2986fc5c0a113fabde24a7c0ff3f4d2b786fcf534aed1abe521d8fa75f0b6379be327587609396972fef16ddf5c54fe4ae422da

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
9618568f01aa7ec12164267129d08d23

SHA1
219001bb460049c55236d3b0d85d97228cf3de3d

SHA256
00ea5d6f33f743c8b373f7382d10b50692d3e75451efdbe15733d9566a07073d

SHA512
0099ed52a2856d2f3e7d92eb5add792c0e1ebfaac75d0cbc1c9cd61cca1c6057afb49e13b2f06aa69c31ad5d67db63091bcf8eadbc96065e902e0b15c1cf8da2

Download Submit
C:\Windows\rss\csrss.exe

Filesize
3.6MB

MD5
f250ef509af0e45d8fef25fd08cb54f4

SHA1
5d5e28cd925f062ef3270a461fa9e699abde7e41

SHA256
2611e15ee77cb3fc1a85fcd32a29a63d8ca4917d3ff54892be1a741c242584db

SHA512
d7bae504cbc62d6f71f261669b63c2901e8dc6327997b97dc558fe7ae2d7c7ffef26ac8bf1299010a3d3102a716ec08bc9e654a828736788a307d6f293f13366

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
3e47a07813ad8b2b6f0734896ebde9d0

SHA1
19e00ceb9bbdb42752f6d6dc723a6718854f3f27

SHA256
1e4f96701c34b11c40dbc60df7a269bf21f1f9e6d48319c6c5a295cc6cfd7bc6

SHA512
4e3d56db85bf28a07273bb46b4437cbd059fd409a809a8067ac4166f7f1adde930a429d24f39aa2149a238dec8fe1cf59dd268ac3c69fab7efc020d53848b74c

Download Submit
C:\Windows\windefender.exe

Filesize
1.2MB

MD5
a43d1181c5c818d7d78e782ec1828903

SHA1
ce87b6b09f2b30c85a2420d7e1471a0c2db55475

SHA256
57b26db83b472d3aa74fdc739ae2a2aab69513a334cc9850d2adc81053093cf4

SHA512
5985d550e97d5a383a3b121dd3c42ef032f3815afa7ac6ff35c0935fb143c51c5ac0406b0dd854c1936aff98d8da964ba1c390187b81380ee891ac8708cdd6d4

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
C:\Windows\windefender.exe

Filesize
1.9MB

MD5
48bb2b8b0b3d518ce9c666a3a9d5c412

SHA1
abaf622dba4f42473a663208fe6b961895d6de63

SHA256
3fa30f23230ba70708815b9edee678e96522739221ac214833d0477828307749

SHA512
84610f3fcb35484868537b76a27302eea7b3d110e50ede723654eda37ab427cb17a2f371787ad9fe05137659ecd8ba1240a0267b7ac0396b73c04705aeb83a7f

Download Submit
memory/780-136-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/780-137-0x00000000705C0000-0x0000000070917000-memory.dmp

Filesize
3.3MB

Download
memory/836-122-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1444-109-0x00000000704F0000-0x0000000070847000-memory.dmp

Filesize
3.3MB

Download
memory/1444-108-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/2144-183-0x00000000704E0000-0x0000000070837000-memory.dmp

Filesize
3.3MB

Download
memory/2144-10-0x0000000074100000-0x00000000748B1000-memory.dmp

Filesize
7.7MB

Download
memory/2144-40-0x0000000007390000-0x00000000073AA000-memory.dmp

Filesize
104KB

Download
memory/2144-39-0x00000000079D0000-0x000000000804A000-memory.dmp

Filesize
6.5MB

Download
memory/2144-41-0x00000000073D0000-0x00000000073DA000-memory.dmp

Filesize
40KB

Download
memory/2144-26-0x0000000070500000-0x0000000070857000-memory.dmp

Filesize
3.3MB

Download
memory/2144-42-0x0000000007490000-0x0000000007526000-memory.dmp

Filesize
600KB

Download
memory/2144-43-0x0000000007400000-0x0000000007411000-memory.dmp

Filesize
68KB

Download
memory/2144-25-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/2144-24-0x0000000007200000-0x0000000007234000-memory.dmp

Filesize
208KB

Download
memory/2144-44-0x0000000007440000-0x000000000744E000-memory.dmp

Filesize
56KB

Download
memory/2144-45-0x0000000007450000-0x0000000007465000-memory.dmp

Filesize
84KB

Download
memory/2144-46-0x0000000007550000-0x000000000756A000-memory.dmp

Filesize
104KB

Download
memory/2144-47-0x0000000007530000-0x0000000007538000-memory.dmp

Filesize
32KB

Download
memory/2144-50-0x0000000074100000-0x00000000748B1000-memory.dmp

Filesize
7.7MB

Download
memory/2144-4-0x000000007410E000-0x000000007410F000-memory.dmp

Filesize
4KB

Download
memory/2144-5-0x0000000002910000-0x0000000002946000-memory.dmp

Filesize
216KB

Download
memory/2144-182-0x0000000070290000-0x00000000702DC000-memory.dmp

Filesize
304KB

Download
memory/2144-177-0x00000000061D0000-0x0000000006527000-memory.dmp

Filesize
3.3MB

Download
memory/2144-38-0x0000000074100000-0x00000000748B1000-memory.dmp

Filesize
7.7MB

Download
memory/2144-7-0x0000000074100000-0x00000000748B1000-memory.dmp

Filesize
7.7MB

Download
memory/2144-36-0x0000000007260000-0x0000000007304000-memory.dmp

Filesize
656KB

Download
memory/2144-37-0x0000000074100000-0x00000000748B1000-memory.dmp

Filesize
7.7MB

Download
memory/2144-6-0x0000000005300000-0x000000000592A000-memory.dmp

Filesize
6.2MB

Download
memory/2144-11-0x0000000005260000-0x00000000052C6000-memory.dmp

Filesize
408KB

Download
memory/2144-9-0x00000000050C0000-0x0000000005126000-memory.dmp

Filesize
408KB

Download
memory/2144-20-0x0000000005930000-0x0000000005C87000-memory.dmp

Filesize
3.3MB

Download
memory/2144-35-0x0000000007240000-0x000000000725E000-memory.dmp

Filesize
120KB

Download
memory/2144-23-0x0000000006380000-0x00000000063C6000-memory.dmp

Filesize
280KB

Download
memory/2144-22-0x0000000005E80000-0x0000000005ECC000-memory.dmp

Filesize
304KB

Download
memory/2144-21-0x0000000005DC0000-0x0000000005DDE000-memory.dmp

Filesize
120KB

Download
memory/2144-8-0x0000000005020000-0x0000000005042000-memory.dmp

Filesize
136KB

Download
memory/2364-72-0x00000000071C0000-0x00000000071D1000-memory.dmp

Filesize
68KB

Download
memory/2364-73-0x0000000007210000-0x0000000007225000-memory.dmp

Filesize
84KB

Download
memory/2364-60-0x0000000005780000-0x0000000005AD7000-memory.dmp

Filesize
3.3MB

Download
memory/2364-62-0x00000000705C0000-0x0000000070917000-memory.dmp

Filesize
3.3MB

Download
memory/2364-71-0x0000000006E90000-0x0000000006F34000-memory.dmp

Filesize
656KB

Download
memory/2364-61-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3352-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3352-1-0x0000000004630000-0x0000000004A32000-memory.dmp

Filesize
4.0MB

Download
memory/3352-97-0x0000000004630000-0x0000000004A32000-memory.dmp

Filesize
4.0MB

Download
memory/3352-2-0x0000000004A40000-0x000000000532B000-memory.dmp

Filesize
8.9MB

Download
memory/3352-135-0x0000000004A40000-0x000000000532B000-memory.dmp

Filesize
8.9MB

Download
memory/3352-133-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3352-193-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3452-235-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-214-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-229-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-226-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-223-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-220-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-217-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-200-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-244-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-211-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-241-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-238-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3452-232-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/3732-85-0x0000000006480000-0x00000000067D7000-memory.dmp

Filesize
3.3MB

Download
memory/3732-87-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/3732-88-0x00000000704F0000-0x0000000070847000-memory.dmp

Filesize
3.3MB

Download
memory/3984-158-0x0000000070290000-0x00000000702DC000-memory.dmp

Filesize
304KB

Download
memory/3984-168-0x0000000007650000-0x00000000076F4000-memory.dmp

Filesize
656KB

Download
memory/3984-155-0x0000000005EC0000-0x0000000006217000-memory.dmp

Filesize
3.3MB

Download
memory/3984-159-0x0000000070430000-0x0000000070787000-memory.dmp

Filesize
3.3MB

Download
memory/3984-157-0x0000000006590000-0x00000000065DC000-memory.dmp

Filesize
304KB

Download
memory/3984-169-0x00000000079B0000-0x00000000079C1000-memory.dmp

Filesize
68KB

Download
memory/3984-170-0x0000000005850000-0x0000000005865000-memory.dmp

Filesize
84KB

Download
memory/4668-218-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4668-212-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4668-208-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/5108-209-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/5108-205-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads