glupteba | 88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb

Analysis

max time kernel
0s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb.exe
Size

4.1MB
MD5

44de4b4d95c61e9e0be947bd8006de68
SHA1

3c2e7e5ad27de2dae531d9e0663f59961ddcbd51
SHA256

88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb
SHA512

a8208c724dd570f567e2669ce1f766ac4757efed135de14c87df4e7e10c4a2282aa103906d9e39a8fde615cb47fddd4cc2c51bd9e1506bf3db323c5e772cd557
SSDEEP

98304:yf+oTi6061rsx4yGF2uQjPQS21lHMnsqkLrDDcuTdH2a0g7PFn:Bos8riuQnYS21lsngzdH/0gp

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 8 IoCs

resource	yara_rule
behavioral1/memory/4788-2-0x0000000004990000-0x000000000527B000-memory.dmp	family_glupteba
behavioral1/memory/1268-236-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-239-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-242-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-245-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-248-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-251-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba
behavioral1/memory/1268-254-0x0000000000400000-0x0000000002732000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3052	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1460-219-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/files/0x0008000000023448-220.dat	upx
behavioral1/memory/1460-221-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/4032-222-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/4032-225-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/4032-231-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3660	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1880	powershell.exe
2884	powershell.exe
4220	powershell.exe
2164	powershell.exe
1428	powershell.exe
4804	powershell.exe
3040	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3032	schtasks.exe
3012	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb.exe
"C:\Users\Admin\AppData\Local\Temp\88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb.exe"
1⤵
PID:4788
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2884
- C:\Users\Admin\AppData\Local\Temp\88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb.exe
  "C:\Users\Admin\AppData\Local\Temp\88365e9d60596063c013f6f7db123a7d8c51ddd4702c02e387c96254c2e371eb.exe"
  2⤵
  PID:1644
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4220
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:2188
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:3052
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2164
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1428
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:1268
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4804
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3032
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:1312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:3040
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:4688
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3012
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:1460
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:4656
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:3660

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yj1y3oqd.sds.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
96b4884052ce694586f11e4366f56429

SHA1
e935b4b036d3b39c52bd0c99085340812d43693b

SHA256
7165e064757ad489e3f30e564fae7ed98170afe5901ddccba7e6ce8e2c604610

SHA512
895b3e725147a8190b9311eda53cd4f9fee567ad49f8d88a5db8b9f365df496d2796960de10796c11672edb3877ae30da9188fc681ffca8537a35c8898889e15

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
d20a0129d38d0073e63e21362eebac5a

SHA1
a0a23f77f6dabb2fccefc99a178eca0b8798e5ad

SHA256
aaf5540688fab16e7a488e5d15daf74dff6d38f1dd530d72ce96939b794fa5b8

SHA512
14c48f536d3b901a9c5e8598552de883b5083b0f24f30f63c2ea82960e4d0432c504b2812f6e0f9ef50fcb74c7fdc791d370b4eb62f3c440f1ea9fd989a329c8

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
2bf03ff006aab1b671bd24d395cd0204

SHA1
ee18b6d669d91c059562c1b92d02c07fab44a051

SHA256
86861c222c561c03035750bd5c0d30bd0fb505c68c6a81e87c9f551229463658

SHA512
591ef4b2a3ae1038bee181b73e40a9d0326f20f1d9c1b3bceaec9d472a41aed8e0a8b18caf4e9dff2e6f0aecf51f4c49bc4d8404eeae7acfcb854007fd39f7a5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
c9dc5fb56002adde03ed1409ba6d8038

SHA1
93cb72eb7e4f61cbd8a79cc29c377c129bc68e51

SHA256
571e493fc31a7e40567c593abfec8855369e931e34fbdd5883f00071f0460689

SHA512
d6fc4442c97d9bebb51c74a01f2a1393931c83bc70718fa5f8fd9dd9366cbb2b6755c546d1acfd0b6020cd0e5d8c95249ebc597f4bbf233d742ecf24a6594e54

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
568ead5e92b50603db773df34266d108

SHA1
cc31a8bfacf5e0fb7ae91327f41e4e2f93a6217f

SHA256
e530038222e243415f0f967ed7b9dd7f82097fd4b8445701182163e92515203d

SHA512
5fad93ede77f8364a0c1a6a695a40db7759794fc2fa6d766f1f2ca347e9e28bb2c00ca51c3307c25847e4891a50105e13df57912155730adef0f95aa87d7d763

Download Submit
C:\Windows\rss\csrss.exe

Filesize
2.1MB

MD5
4fa18ade770cfeb20b0090773092630c

SHA1
b5b95d85b4f991ba8b11aeef1f59afef0604f6f4

SHA256
5bcede8d7748ce77dbda7f45c20244297de1ad5ad2ba8c68a27e625ed2ee6996

SHA512
9d882302a8934c534d8c80596a0019a5929040c8bf8349f7df8862410a969252b22b1a522a7dc40d808a63c171a5590ee05673f7b1c9de983dc100d3aa90c9e3

Download Submit
C:\Windows\rss\csrss.exe

Filesize
448KB

MD5
6165bdbe9e88707a2b0d358c40577d0a

SHA1
c73cf98e599a74d381d60f1ed1273ac73dba6185

SHA256
4b0e8a382d545be476d82909a086373ff54cb09b601ab25830602ea123900c2d

SHA512
c9112344f55ea316c938a7c1e8588137a8ce6727a5e06733f677d22ccce9855a164ca61961e7733daead2cbf9c91d523c7ae177f5c56571636b197759fe520f4

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1268-239-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-233-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-224-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-257-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-230-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-227-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-214-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-251-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-254-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-248-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-236-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-242-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1268-245-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1428-117-0x0000000070040000-0x0000000070394000-memory.dmp

Filesize
3.3MB

Download
memory/1428-116-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

Filesize
304KB

Download
memory/1460-219-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1460-221-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1644-131-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/1880-195-0x000000006FDE0000-0x000000006FE2C000-memory.dmp

Filesize
304KB

Download
memory/1880-196-0x000000006FF60000-0x00000000702B4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-94-0x0000000070080000-0x00000000703D4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-91-0x0000000005A70000-0x0000000005DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-93-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

Filesize
304KB

Download
memory/2884-22-0x0000000006940000-0x000000000695E000-memory.dmp

Filesize
120KB

Download
memory/2884-25-0x0000000007C90000-0x0000000007D06000-memory.dmp

Filesize
472KB

Download
memory/2884-5-0x0000000003360000-0x0000000003396000-memory.dmp

Filesize
216KB

Download
memory/2884-7-0x0000000074020000-0x00000000747D0000-memory.dmp

Filesize
7.7MB

Download
memory/2884-6-0x0000000005C70000-0x0000000006298000-memory.dmp

Filesize
6.2MB

Download
memory/2884-9-0x00000000059A0000-0x00000000059C2000-memory.dmp

Filesize
136KB

Download
memory/2884-50-0x00000000080D0000-0x00000000080D8000-memory.dmp

Filesize
32KB

Download
memory/2884-10-0x0000000005B40000-0x0000000005BA6000-memory.dmp

Filesize
408KB

Download
memory/2884-48-0x00000000080A0000-0x00000000080B4000-memory.dmp

Filesize
80KB

Download
memory/2884-53-0x0000000074020000-0x00000000747D0000-memory.dmp

Filesize
7.7MB

Download
memory/2884-11-0x0000000006310000-0x0000000006376000-memory.dmp

Filesize
408KB

Download
memory/2884-8-0x0000000074020000-0x00000000747D0000-memory.dmp

Filesize
7.7MB

Download
memory/2884-47-0x0000000008080000-0x000000000808E000-memory.dmp

Filesize
56KB

Download
memory/2884-29-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

Filesize
304KB

Download
memory/2884-30-0x0000000074020000-0x00000000747D0000-memory.dmp

Filesize
7.7MB

Download
memory/2884-31-0x0000000070040000-0x0000000070394000-memory.dmp

Filesize
3.3MB

Download
memory/2884-46-0x0000000008040000-0x0000000008051000-memory.dmp

Filesize
68KB

Download
memory/2884-41-0x0000000007F20000-0x0000000007F3E000-memory.dmp

Filesize
120KB

Download
memory/2884-45-0x0000000008140000-0x00000000081D6000-memory.dmp

Filesize
600KB

Download
memory/2884-21-0x0000000006380000-0x00000000066D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-49-0x00000000080E0000-0x00000000080FA000-memory.dmp

Filesize
104KB

Download
memory/2884-23-0x0000000006980000-0x00000000069CC000-memory.dmp

Filesize
304KB

Download
memory/2884-24-0x0000000006ED0000-0x0000000006F14000-memory.dmp

Filesize
272KB

Download
memory/2884-43-0x0000000008030000-0x000000000803A000-memory.dmp

Filesize
40KB

Download
memory/2884-27-0x0000000007D30000-0x0000000007D4A000-memory.dmp

Filesize
104KB

Download
memory/2884-26-0x0000000008390000-0x0000000008A0A000-memory.dmp

Filesize
6.5MB

Download
memory/2884-28-0x0000000007EE0000-0x0000000007F12000-memory.dmp

Filesize
200KB

Download
memory/2884-4-0x000000007402E000-0x000000007402F000-memory.dmp

Filesize
4KB

Download
memory/2884-42-0x0000000007F40000-0x0000000007FE3000-memory.dmp

Filesize
652KB

Download
memory/2884-44-0x0000000074020000-0x00000000747D0000-memory.dmp

Filesize
7.7MB

Download
memory/3040-182-0x0000000007750000-0x0000000007761000-memory.dmp

Filesize
68KB

Download
memory/3040-183-0x0000000005B80000-0x0000000005B94000-memory.dmp

Filesize
80KB

Download
memory/3040-181-0x0000000007430000-0x00000000074D3000-memory.dmp

Filesize
652KB

Download
memory/3040-167-0x0000000005DD0000-0x0000000006124000-memory.dmp

Filesize
3.3MB

Download
memory/3040-171-0x000000006FF60000-0x00000000702B4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-170-0x000000006FDE0000-0x000000006FE2C000-memory.dmp

Filesize
304KB

Download
memory/3040-169-0x0000000006200000-0x000000000624C000-memory.dmp

Filesize
304KB

Download
memory/4032-222-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4032-225-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4032-231-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4220-77-0x0000000007C40000-0x0000000007C51000-memory.dmp

Filesize
68KB

Download
memory/4220-65-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

Filesize
304KB

Download
memory/4220-76-0x0000000007910000-0x00000000079B3000-memory.dmp

Filesize
652KB

Download
memory/4220-66-0x0000000070640000-0x0000000070994000-memory.dmp

Filesize
3.3MB

Download
memory/4220-78-0x0000000007C90000-0x0000000007CA4000-memory.dmp

Filesize
80KB

Download
memory/4220-60-0x0000000006070000-0x00000000063C4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-1-0x0000000004580000-0x0000000004988000-memory.dmp

Filesize
4.0MB

Download
memory/4788-212-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4788-104-0x0000000004580000-0x0000000004988000-memory.dmp

Filesize
4.0MB

Download
memory/4788-156-0x0000000004990000-0x000000000527B000-memory.dmp

Filesize
8.9MB

Download
memory/4788-2-0x0000000004990000-0x000000000527B000-memory.dmp

Filesize
8.9MB

Download
memory/4788-155-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4788-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4804-145-0x0000000070640000-0x0000000070994000-memory.dmp

Filesize
3.3MB

Download
memory/4804-144-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads