2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7

Analysis

max time kernel
0s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
19/05/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7.exe
Size

4.1MB
MD5

bdbb944543ca0b14c45e039b8c4cb5fe
SHA1

c187fe2d6a2b6b331aebe1b4ea8786fe80e0c348
SHA256

2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7
SHA512

7550b960d9eb44ec04b95f69e4d3cfb80f4bc664feb8ebae66e2737219a156494d062fa1f5fb81cc88dcb56e792505768852a0a1b72b98b4af2e4d7603ed70ba
SSDEEP

98304:yf+oTi6061rsx4yGF2uQjPQS21lHMnsqkLrDDcuTdH2a0g7PFmM:Bos8riuQnYS21lsngzdH/0gf

Score

8^/10

evasion execution upx

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2708	netsh.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000200000002aa11-202.dat	upx
behavioral2/files/0x000200000002aa11-204.dat	upx
behavioral2/files/0x000200000002aa11-206.dat	upx
behavioral2/memory/3648-209-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1980-207-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/3648-205-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1980-213-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1980-221-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3900	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3876	powershell.exe
1536	powershell.exe
4712	powershell.exe
1400	powershell.exe
2716	powershell.exe
2052	powershell.exe
2232	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
996	schtasks.exe
4516	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7.exe
"C:\Users\Admin\AppData\Local\Temp\2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7.exe"
1⤵
PID:4616
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2052
- C:\Users\Admin\AppData\Local\Temp\2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7.exe
  "C:\Users\Admin\AppData\Local\Temp\2c9723cb907807689be6429979900a805806de879f12ce349edb6aada89fa7b7.exe"
  2⤵
  PID:4204
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2232
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:1464
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2708
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3876
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1536
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:2452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4712
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:996
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:1248
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1400
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:1896
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:4516
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:3648
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:1232
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:3900

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5twjsvux.z4t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
22af67d216af5392520509457cfe98a5

SHA1
5fc6b54c98883df45b8e299f599414b7206421de

SHA256
f0efa513d4cea3aa19acac194db239aa3ae1c27894bb86769bc48b5be71f0aea

SHA512
0a3d370638995a08dbc3821f03e0519d604e328d230eb5fcf4013321a38f5db10a2a81d1ab8a5f57a2c237f5479a38ac37c4eff314c6c7e71f9ea47e6ad87d6c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
4d71688896d1c60073fe670652d81f71

SHA1
ce3d53cedfcdabc314388770933d9488583b6dff

SHA256
850e30bbecbdb7d92e69c41c3fa724f0c7a61175c2f812e3cf6008f1e2f4e08a

SHA512
cd553b68e4ae2a9185c322e4e31a7de5f4e74f71cfcde7bbfa36cb9ed66a2ceadd833193da46befbc88ba3fdf1bf99864c98a46e5c6ec54106889c659c7e6c5d

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
1f1171fcc801136b033dcf25a488d779

SHA1
62c0990b8b323cef61b364b7f7fbcaaadc34fea7

SHA256
7a35935087dc85e9640ac81b7ac307dd40b50402e10731cc6d9084736c842215

SHA512
82ed6e2598462c8abce5e0238e4a909a61b3d06abf583b3b8983956f893f5cde0b11cc23fa1aea9a96c2479aa66fcde4d155c64b8d93ab2bbbc904030040da67

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
becca73b6d2c0e9b44dd575724cca585

SHA1
3f305778a725e0f6a0d4330039e8e57cb99f5f2e

SHA256
ffa02af1c0ca95dea57d445f1640dc37ee9f9b38d0f37e20c3bb3595ad51d5ef

SHA512
679cf24bef22cad46fdafd5941bb70027cc6999944d0a99fc1de51f3ba8c750092cd0ba92015fdac4ed9157f7b4577f2b3ab2edd03acb8f951cd95edd366e432

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
3a3f4df509b0d44fcd91cd070c97ff20

SHA1
6912345f8292828939a9f3e6e2b4a2b632aa9c49

SHA256
01f4722bcd9c05a89e2b6e8667c168c04785da3fe0bbaa135e042f07091b1c81

SHA512
8196985a8adca5ed65ab27b3337ca61ab4918ae3bb33f68aec7616d3d22fe1a389b7fc506f0059beae927560003876712ab3f8d329816eaeca4ee45c14fffd95

Download Submit
C:\Windows\rss\csrss.exe

Filesize
2.1MB

MD5
4fa18ade770cfeb20b0090773092630c

SHA1
b5b95d85b4f991ba8b11aeef1f59afef0604f6f4

SHA256
5bcede8d7748ce77dbda7f45c20244297de1ad5ad2ba8c68a27e625ed2ee6996

SHA512
9d882302a8934c534d8c80596a0019a5929040c8bf8349f7df8862410a969252b22b1a522a7dc40d808a63c171a5590ee05673f7b1c9de983dc100d3aa90c9e3

Download Submit
C:\Windows\rss\csrss.exe

Filesize
3.1MB

MD5
97e3c6462e560f915035542c5d952245

SHA1
ae1305ec86e18282b4a44d213e3770538586c4cb

SHA256
837b705d648e32349d8b9965d7b9fe70fda4d609ed2405068105400e7af61018

SHA512
228d5832cc6315c4818dbd1738936f1a532bf9afb9fd387028c9826e394bb9c2a41f6b008b763afe77652c0f4dbae13ca4a0a4636ef4892ad6f453e298dbaa37

Download Submit
C:\Windows\windefender.exe

Filesize
448KB

MD5
eac3c94e166a4ac3e7d3dbf26d505ebb

SHA1
c231e723ad6077f9b6bd12c5e7bd3fd208f7fa45

SHA256
662eb9030b85d481e53772eb13a1b747a62bc68a862e0e4ba90f4e6acb3fe124

SHA512
b5b0f2d3205ebf43593ae73318cc078b5eafed92be6c8d113cf0e7dbef9f84da759301393b9528ac7f11b2f82dd8a190ad5c2b9066c84afbc1c9fb775fcff1a0

Download Submit
C:\Windows\windefender.exe

Filesize
1.1MB

MD5
248a61a204c1dc1cc38ebd8db338d650

SHA1
9d3acde5c07ef9802d35ae6c4dbc8f11b3412835

SHA256
f7a04d671eb3cad2e5070c750d75e0ba67b3d2059bedb8a506c78dbd1dace9b3

SHA512
37357d6df075269ea6019f97f0c00165d58109aa03112d31db00f8fd56c7c52259f1886489363579c72ff5ff83df791c078b5874deaa5a985992cad142d14961

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1400-169-0x0000000006340000-0x0000000006355000-memory.dmp

Filesize
84KB

Download
memory/1400-157-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/1400-156-0x0000000006570000-0x00000000065BC000-memory.dmp

Filesize
304KB

Download
memory/1400-154-0x0000000005FB0000-0x0000000006307000-memory.dmp

Filesize
3.3MB

Download
memory/1400-168-0x0000000007B00000-0x0000000007B11000-memory.dmp

Filesize
68KB

Download
memory/1400-167-0x0000000007790000-0x0000000007834000-memory.dmp

Filesize
656KB

Download
memory/1400-158-0x0000000070510000-0x0000000070867000-memory.dmp

Filesize
3.3MB

Download
memory/1536-108-0x0000000070D90000-0x00000000710E7000-memory.dmp

Filesize
3.3MB

Download
memory/1536-107-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download
memory/1536-105-0x0000000005CF0000-0x0000000006047000-memory.dmp

Filesize
3.3MB

Download
memory/1980-207-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-213-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-221-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-40-0x0000000007040000-0x000000000704A000-memory.dmp

Filesize
40KB

Download
memory/2052-5-0x0000000002560000-0x0000000002596000-memory.dmp

Filesize
216KB

Download
memory/2052-44-0x00000000070C0000-0x00000000070D5000-memory.dmp

Filesize
84KB

Download
memory/2052-45-0x0000000007110000-0x000000000712A000-memory.dmp

Filesize
104KB

Download
memory/2052-46-0x0000000007130000-0x0000000007138000-memory.dmp

Filesize
32KB

Download
memory/2052-49-0x00000000741E0000-0x0000000074991000-memory.dmp

Filesize
7.7MB

Download
memory/2052-4-0x00000000741EE000-0x00000000741EF000-memory.dmp

Filesize
4KB

Download
memory/2052-43-0x00000000070B0000-0x00000000070BE000-memory.dmp

Filesize
56KB

Download
memory/2052-7-0x0000000004E10000-0x000000000543A000-memory.dmp

Filesize
6.2MB

Download
memory/2052-6-0x00000000741E0000-0x0000000074991000-memory.dmp

Filesize
7.7MB

Download
memory/2052-8-0x0000000004BB0000-0x0000000004BD2000-memory.dmp

Filesize
136KB

Download
memory/2052-19-0x0000000005590000-0x00000000058E7000-memory.dmp

Filesize
3.3MB

Download
memory/2052-23-0x0000000006E50000-0x0000000006E84000-memory.dmp

Filesize
208KB

Download
memory/2052-10-0x0000000005520000-0x0000000005586000-memory.dmp

Filesize
408KB

Download
memory/2052-42-0x0000000007060000-0x0000000007071000-memory.dmp

Filesize
68KB

Download
memory/2052-9-0x0000000005440000-0x00000000054A6000-memory.dmp

Filesize
408KB

Download
memory/2052-20-0x0000000005A50000-0x0000000005A6E000-memory.dmp

Filesize
120KB

Download
memory/2052-41-0x0000000007150000-0x00000000071E6000-memory.dmp

Filesize
600KB

Download
memory/2052-24-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download
memory/2052-21-0x0000000005A80000-0x0000000005ACC000-memory.dmp

Filesize
304KB

Download
memory/2052-38-0x0000000007640000-0x0000000007CBA000-memory.dmp

Filesize
6.5MB

Download
memory/2052-39-0x0000000007000000-0x000000000701A000-memory.dmp

Filesize
104KB

Download
memory/2052-34-0x0000000006EB0000-0x0000000006ECE000-memory.dmp

Filesize
120KB

Download
memory/2052-22-0x0000000005FF0000-0x0000000006036000-memory.dmp

Filesize
280KB

Download
memory/2052-37-0x00000000741E0000-0x0000000074991000-memory.dmp

Filesize
7.7MB

Download
memory/2052-25-0x00000000705D0000-0x0000000070927000-memory.dmp

Filesize
3.3MB

Download
memory/2052-36-0x0000000006ED0000-0x0000000006F74000-memory.dmp

Filesize
656KB

Download
memory/2052-35-0x00000000741E0000-0x0000000074991000-memory.dmp

Filesize
7.7MB

Download
memory/2232-70-0x0000000007300000-0x00000000073A4000-memory.dmp

Filesize
656KB

Download
memory/2232-72-0x00000000076A0000-0x00000000076B5000-memory.dmp

Filesize
84KB

Download
memory/2232-60-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download
memory/2232-56-0x0000000005C50000-0x0000000005FA7000-memory.dmp

Filesize
3.3MB

Download
memory/2232-61-0x00000000706A0000-0x00000000709F7000-memory.dmp

Filesize
3.3MB

Download
memory/2232-71-0x0000000007650000-0x0000000007661000-memory.dmp

Filesize
68KB

Download
memory/2452-219-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-247-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-231-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-235-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-215-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-239-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-255-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-211-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-243-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-199-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-251-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-223-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2452-227-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/2716-180-0x0000000070370000-0x00000000703BC000-memory.dmp

Filesize
304KB

Download
memory/2716-181-0x0000000070510000-0x0000000070867000-memory.dmp

Filesize
3.3MB

Download
memory/3648-209-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3648-205-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3876-87-0x00000000705F0000-0x0000000070947000-memory.dmp

Filesize
3.3MB

Download
memory/3876-86-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download
memory/3876-84-0x0000000006270000-0x00000000065C7000-memory.dmp

Filesize
3.3MB

Download
memory/4204-191-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4616-1-0x0000000004620000-0x0000000004A26000-memory.dmp

Filesize
4.0MB

Download
memory/4616-2-0x0000000004A30000-0x000000000531B000-memory.dmp

Filesize
8.9MB

Download
memory/4616-124-0x0000000004620000-0x0000000004A26000-memory.dmp

Filesize
4.0MB

Download
memory/4616-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4616-123-0x0000000000400000-0x0000000002732000-memory.dmp

Filesize
35.2MB

Download
memory/4616-125-0x0000000004A30000-0x000000000531B000-memory.dmp

Filesize
8.9MB

Download
memory/4616-192-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4712-136-0x00000000705D0000-0x0000000070927000-memory.dmp

Filesize
3.3MB

Download
memory/4712-135-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads