glupteba | 9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64

Analysis

max time kernel
0s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64.exe
Size

4.1MB
MD5

537aa0f899ac790aba441a3f63a659d2
SHA1

bc2b72c13d96e3da00efde6818121e69895ff60b
SHA256

9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64
SHA512

3753655a90b5836fd8f3e3f410fb9689f8396078384511d795ee9b6db88d06794775650ba172de3b24adbbfceff616fef4dafdfc44eb7c81abb8c10fd652f829
SSDEEP

98304:BsVQ+hudF4keJeyEqK0evsENr9r54Wa5Cc1nHXivv:Bs5hioeyE6OsERj43nE

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 14 IoCs

resource	yara_rule
behavioral2/memory/1904-2-0x0000000004870000-0x000000000515B000-memory.dmp	family_glupteba
behavioral2/memory/1904-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/1904-53-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/1904-51-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/2332-125-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-204-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-220-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-222-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-224-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-226-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-228-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-230-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-232-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral2/memory/4552-234-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5028	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000200000002aa1a-207.dat	upx
behavioral2/memory/3144-209-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/3144-213-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4900-212-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4900-215-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4900-219-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5096	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2840	powershell.exe
1608	powershell.exe
680	powershell.exe
2896	powershell.exe
4920	powershell.exe
716	powershell.exe
4672	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2932	schtasks.exe
3552	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64.exe
"C:\Users\Admin\AppData\Local\Temp\9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64.exe"
1⤵
PID:1904
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4920
- C:\Users\Admin\AppData\Local\Temp\9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64.exe
  "C:\Users\Admin\AppData\Local\Temp\9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64.exe"
  2⤵
  PID:2332
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:716
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4728
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:5028
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4672
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2840
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:4552
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1608
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2932
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:4596
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:680
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:692
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3552
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:3144
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:2416
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:5096

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dc3cdijd.2ea.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
f964a0d3b64f4f9731352b7ed4d4ba9b

SHA1
dd906055994b4d24c25a52ec373121a1886915e2

SHA256
790a23036bfaccdb71eec1c479aa5a6b62a408a72aaf633f76e5c711dad824c9

SHA512
ecfeb39ef30dd9f1042d8ec155d59e6634cadf9b237d381a0e7e54bfcc05b082696895e2840cbef9f714965060f3a3d20e2536f41b17819caf7e905ff6da39dd

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
e7fd606831247db4c73ec375b8206259

SHA1
d627306bb75a28fc191d04cf35f656a771bad7a9

SHA256
806cbdb393905f29d4b1d01ef135b307757f2623d65680331f9d47ea63227483

SHA512
a0403287a198a5161a408ee153757664ddfe32301021dec36b7169b0ef5961b00969ffa8d600a7c037deffbc248f494eee2695fa9422dd1606cb97e97f76ebfb

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
420e70de501cadcfd4ae3fc60e9fa525

SHA1
55400239729b68873f4d9c17d37b23033902e5f5

SHA256
bbf200f88fcac36bef1ead685766eb670dbbb64d534f3e3c30aa31f11e53e852

SHA512
1b3dd4375c6078cd32f5b4f5ad72d90a45785637d1cb5e948e5b43e1952059c2b9f0dab901b63502ff07481682ff7fcac55e32a07675d5c7fb2b90c72b62fff7

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
aa4734c5ba9a1a09d0b320d68e48dccc

SHA1
bfaf4ef3d0894a6dad7e475e59ddffdf7af19aa2

SHA256
3d28457fb3fc1a1e75cca64f62fe37c2ee98e5b930149a8a84e00daac9ae5721

SHA512
6a41d830b0db5246ce21b6011e0912cdb976f0931a06bd4d3aae86bc0268c955b0c02ddb8b4d06eae59577b4b42911b6fcb15a2d9e4c24a9ed43bda046f20bc7

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
4b4fc94bec4c59b08dee2b9aa104327c

SHA1
1b9c47d26a89fa90e097d74b6f7d769af4ba4feb

SHA256
2221436fd3cb6b630bca93a4680b24d3ca86e1b7067e287a2d2b7fab7be4e6cb

SHA512
90b3528702a6c635f65f7147adf5c4a7f404479122434a21b913b303a79ecc3f83950b9df8c6ba401d64d82d200d7e65cee6a524d2cdc65ceb43eef808ebd274

Download Submit
C:\Windows\rss\csrss.exe

Filesize
3.6MB

MD5
f250ef509af0e45d8fef25fd08cb54f4

SHA1
5d5e28cd925f062ef3270a461fa9e699abde7e41

SHA256
2611e15ee77cb3fc1a85fcd32a29a63d8ca4917d3ff54892be1a741c242584db

SHA512
d7bae504cbc62d6f71f261669b63c2901e8dc6327997b97dc558fe7ae2d7c7ffef26ac8bf1299010a3d3102a716ec08bc9e654a828736788a307d6f293f13366

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
537aa0f899ac790aba441a3f63a659d2

SHA1
bc2b72c13d96e3da00efde6818121e69895ff60b

SHA256
9a6765dc00367236dad8e45bfbead9d02034aa05cbbf011f3f19356688dc7d64

SHA512
3753655a90b5836fd8f3e3f410fb9689f8396078384511d795ee9b6db88d06794775650ba172de3b24adbbfceff616fef4dafdfc44eb7c81abb8c10fd652f829

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/680-176-0x0000000005FB0000-0x0000000005FC5000-memory.dmp

Filesize
84KB

Download
memory/680-175-0x0000000007AD0000-0x0000000007AE1000-memory.dmp

Filesize
68KB

Download
memory/680-164-0x0000000070140000-0x000000007018C000-memory.dmp

Filesize
304KB

Download
memory/680-174-0x00000000077B0000-0x0000000007854000-memory.dmp

Filesize
656KB

Download
memory/680-165-0x0000000070390000-0x00000000706E7000-memory.dmp

Filesize
3.3MB

Download
memory/680-161-0x0000000005FE0000-0x0000000006337000-memory.dmp

Filesize
3.3MB

Download
memory/680-163-0x0000000006AA0000-0x0000000006AEC000-memory.dmp

Filesize
304KB

Download
memory/716-63-0x0000000006130000-0x0000000006487000-memory.dmp

Filesize
3.3MB

Download
memory/716-66-0x0000000070500000-0x0000000070857000-memory.dmp

Filesize
3.3MB

Download
memory/716-76-0x0000000007BE0000-0x0000000007BF1000-memory.dmp

Filesize
68KB

Download
memory/716-75-0x0000000007890000-0x0000000007934000-memory.dmp

Filesize
656KB

Download
memory/716-64-0x0000000006BB0000-0x0000000006BFC000-memory.dmp

Filesize
304KB

Download
memory/716-65-0x00000000702C0000-0x000000007030C000-memory.dmp

Filesize
304KB

Download
memory/716-77-0x0000000007C30000-0x0000000007C45000-memory.dmp

Filesize
84KB

Download
memory/1608-151-0x0000000005100000-0x0000000005115000-memory.dmp

Filesize
84KB

Download
memory/1608-150-0x0000000007360000-0x0000000007371000-memory.dmp

Filesize
68KB

Download
memory/1608-140-0x00000000703A0000-0x00000000706F7000-memory.dmp

Filesize
3.3MB

Download
memory/1608-149-0x0000000007050000-0x00000000070F4000-memory.dmp

Filesize
656KB

Download
memory/1608-139-0x0000000070220000-0x000000007026C000-memory.dmp

Filesize
304KB

Download
memory/1608-136-0x00000000059F0000-0x0000000005D47000-memory.dmp

Filesize
3.3MB

Download
memory/1608-138-0x00000000061F0000-0x000000000623C000-memory.dmp

Filesize
304KB

Download
memory/1904-2-0x0000000004870000-0x000000000515B000-memory.dmp

Filesize
8.9MB

Download
memory/1904-54-0x0000000004870000-0x000000000515B000-memory.dmp

Filesize
8.9MB

Download
memory/1904-53-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1904-51-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1904-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1904-1-0x0000000004460000-0x0000000004868000-memory.dmp

Filesize
4.0MB

Download
memory/2332-125-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2840-111-0x00000000702C0000-0x000000007030C000-memory.dmp

Filesize
304KB

Download
memory/2840-109-0x0000000005CF0000-0x0000000006047000-memory.dmp

Filesize
3.3MB

Download
memory/2840-112-0x0000000070440000-0x0000000070797000-memory.dmp

Filesize
3.3MB

Download
memory/2896-189-0x00000000702E0000-0x0000000070637000-memory.dmp

Filesize
3.3MB

Download
memory/2896-188-0x0000000070140000-0x000000007018C000-memory.dmp

Filesize
304KB

Download
memory/2896-186-0x0000000005500000-0x0000000005857000-memory.dmp

Filesize
3.3MB

Download
memory/3144-213-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3144-209-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4552-218-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-234-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-232-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-230-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-236-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-220-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-216-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-214-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-224-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-222-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-204-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-228-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4552-226-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4672-90-0x00000000702C0000-0x000000007030C000-memory.dmp

Filesize
304KB

Download
memory/4672-91-0x0000000070500000-0x0000000070857000-memory.dmp

Filesize
3.3MB

Download
memory/4900-219-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4900-215-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4900-212-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4920-36-0x0000000007B50000-0x0000000007B6E000-memory.dmp

Filesize
120KB

Download
memory/4920-23-0x0000000006C50000-0x0000000006C96000-memory.dmp

Filesize
280KB

Download
memory/4920-43-0x0000000007D10000-0x0000000007D21000-memory.dmp

Filesize
68KB

Download
memory/4920-42-0x0000000007D90000-0x0000000007E26000-memory.dmp

Filesize
600KB

Download
memory/4920-38-0x0000000073F40000-0x00000000746F1000-memory.dmp

Filesize
7.7MB

Download
memory/4920-39-0x00000000082E0000-0x000000000895A000-memory.dmp

Filesize
6.5MB

Download
memory/4920-41-0x0000000007CD0000-0x0000000007CDA000-memory.dmp

Filesize
40KB

Download
memory/4920-40-0x0000000007C90000-0x0000000007CAA000-memory.dmp

Filesize
104KB

Download
memory/4920-25-0x00000000701B0000-0x00000000701FC000-memory.dmp

Filesize
304KB

Download
memory/4920-37-0x0000000007B70000-0x0000000007C14000-memory.dmp

Filesize
656KB

Download
memory/4920-26-0x00000000703C0000-0x0000000070717000-memory.dmp

Filesize
3.3MB

Download
memory/4920-27-0x0000000073F40000-0x00000000746F1000-memory.dmp

Filesize
7.7MB

Download
memory/4920-45-0x0000000007D50000-0x0000000007D65000-memory.dmp

Filesize
84KB

Download
memory/4920-24-0x0000000007AF0000-0x0000000007B24000-memory.dmp

Filesize
208KB

Download
memory/4920-46-0x0000000007E50000-0x0000000007E6A000-memory.dmp

Filesize
104KB

Download
memory/4920-44-0x0000000007D40000-0x0000000007D4E000-memory.dmp

Filesize
56KB

Download
memory/4920-47-0x0000000007E30000-0x0000000007E38000-memory.dmp

Filesize
32KB

Download
memory/4920-22-0x0000000006780000-0x00000000067CC000-memory.dmp

Filesize
304KB

Download
memory/4920-21-0x00000000066E0000-0x00000000066FE000-memory.dmp

Filesize
120KB

Download
memory/4920-50-0x0000000073F40000-0x00000000746F1000-memory.dmp

Filesize
7.7MB

Download
memory/4920-20-0x0000000006250000-0x00000000065A7000-memory.dmp

Filesize
3.3MB

Download
memory/4920-10-0x0000000006100000-0x0000000006166000-memory.dmp

Filesize
408KB

Download
memory/4920-11-0x00000000061E0000-0x0000000006246000-memory.dmp

Filesize
408KB

Download
memory/4920-9-0x0000000006060000-0x0000000006082000-memory.dmp

Filesize
136KB

Download
memory/4920-8-0x0000000073F40000-0x00000000746F1000-memory.dmp

Filesize
7.7MB

Download
memory/4920-6-0x0000000073F40000-0x00000000746F1000-memory.dmp

Filesize
7.7MB

Download
memory/4920-7-0x0000000005900000-0x0000000005F2A000-memory.dmp

Filesize
6.2MB

Download
memory/4920-5-0x0000000005290000-0x00000000052C6000-memory.dmp

Filesize
216KB

Download
memory/4920-4-0x0000000073F4E000-0x0000000073F4F000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads