glupteba | 7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2

Analysis

max time kernel
1s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2.exe
Size

4.1MB
MD5

31816c9b6f6a98d1465bbda0946d158a
SHA1

0601a5661943ee2a5e243de7a77f9da0f4fcb673
SHA256

7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2
SHA512

203566f41ac133863da32f6c5a5c2ceb687dd9f97ffa9e5c74054b41dbe0bb043ea252342de2bead957d1607459a9fdb80bf3a37d1856a64c1213d9742e762e3
SSDEEP

98304:GQAQcsa3GhfWYEvpb4LdECaqY+VYhFzXw/u5g9cAd9nm:GQAQcDPYxuCJe7X5ghfm

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 17 IoCs

resource	yara_rule
behavioral1/memory/5068-140-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/5068-142-0x00000000048A0000-0x000000000518B000-memory.dmp	family_glupteba
behavioral1/memory/4604-182-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/5068-211-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral1/memory/1540-213-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-225-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-229-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-233-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-237-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-241-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-245-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-249-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-253-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-257-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-261-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-265-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral1/memory/1540-269-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3700	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000023426-217.dat	upx
behavioral1/memory/544-219-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/544-223-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/3540-221-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/3540-227-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/3540-235-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4600	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
864	powershell.exe
4840	powershell.exe
2596	powershell.exe
1768	powershell.exe
2672	powershell.exe
5020	powershell.exe
116	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1732	schtasks.exe
2884	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2.exe
"C:\Users\Admin\AppData\Local\Temp\7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2.exe"
1⤵
PID:5068
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4840
- C:\Users\Admin\AppData\Local\Temp\7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2.exe
  "C:\Users\Admin\AppData\Local\Temp\7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2.exe"
  2⤵
  PID:4604
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2596
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:1812
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:3700
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1768
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2672
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:1540
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:5020
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:1732
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:2760
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2884
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:544
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:1392
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:4600

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sffswqxx.tg3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
b1bb77297d2ea1a5a463158803c14a3a

SHA1
008ed15cad2c01fdb3994dc95c20e90099d1a81e

SHA256
6a5626a44f04ecd3fd57df9de470f11da3fe6890cb09e5b4409d1550558d2bd4

SHA512
4b91b0f13a1dde219888323f036976abeceb31032297e7cab7950b8e0d9fb29151ffd0a9f2cdb9583d349892c1cea70fae8b2a3b988b031702057fa54a033c69

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
0d9fb736b1f588a206e9fdc8abc22d8d

SHA1
fa822eb3ddfb5a1cb887f3723cf9cfbe114e5b73

SHA256
a567f8ba77eed5f373b0aa38a853f746367c2c361efac2d0ee1de098b6455872

SHA512
e14c9b4787b09f29270e1e65072c701701898dce01ec2fa712617e14647c62c01297d36a9bf24389738c9430f342691ed56672ffff1078ac66fd8b3bb6f18f41

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ab1cf0917573d323967a9d54e5028ae6

SHA1
31bd4916567f0a3e15baa4419ec08f87722d1117

SHA256
e4952842ac2960a96c83abedfee055cdf0cf1345f24d9bb354168cef70913325

SHA512
26a099aebc767a84c3bd798206b41cbc123e37e8399d2c1f43d1e0b8f22ee24d7f8723935ffe7be396f8e92fa2306514beb41b1d703dc95def03e4d1d7fd3278

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
a61da65b41f5cc6789d23cf3e8ded78a

SHA1
6919ca276e969eaf756a32bc837141a13983b982

SHA256
65b8eda73a8c2de2f56e33264137eed8b2f7985b8b50fa8a4a3b0e93cf7b5167

SHA512
31e9adf2d6dd13a8a1e205102ab949c6ca806330855f1b1eeb3edb874d7348087851e35ebe84739077dea3e0cbb7d8bdca1119587dfcbbf87dcd233be558c4d7

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
330d202ee0316b9be6950881eadb29e2

SHA1
70136fd799d9a2b7451157c979104fa48b236e7c

SHA256
fd57606ac0f631ac6937a986e62706c9a20a08c2a2c613869183048155884c4b

SHA512
eccfbc239c4f20df0e18afa54789089e0fe297282d662f90f69b40074ad222298f9a799816827fb71a356632185a1b65785f349bfecaf0a32ea9288c8e160804

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
31816c9b6f6a98d1465bbda0946d158a

SHA1
0601a5661943ee2a5e243de7a77f9da0f4fcb673

SHA256
7bf5e068f313dc4e9bcb5ad2dd9170a9d5271f97e5df4815d6eb387acb7f6ca2

SHA512
203566f41ac133863da32f6c5a5c2ceb687dd9f97ffa9e5c74054b41dbe0bb043ea252342de2bead957d1607459a9fdb80bf3a37d1856a64c1213d9742e762e3

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/116-179-0x0000000007780000-0x0000000007791000-memory.dmp

Filesize
68KB

Download
memory/116-164-0x0000000005B80000-0x0000000005ED4000-memory.dmp

Filesize
3.3MB

Download
memory/116-166-0x0000000006290000-0x00000000062DC000-memory.dmp

Filesize
304KB

Download
memory/116-178-0x0000000007490000-0x0000000007533000-memory.dmp

Filesize
652KB

Download
memory/116-168-0x00000000705F0000-0x0000000070944000-memory.dmp

Filesize
3.3MB

Download
memory/116-167-0x000000006FE60000-0x000000006FEAC000-memory.dmp

Filesize
304KB

Download
memory/116-180-0x0000000006030000-0x0000000006044000-memory.dmp

Filesize
80KB

Download
memory/544-223-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/544-219-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/864-183-0x0000000005DF0000-0x0000000006144000-memory.dmp

Filesize
3.3MB

Download
memory/864-194-0x000000006FE60000-0x000000006FEAC000-memory.dmp

Filesize
304KB

Download
memory/864-195-0x0000000070620000-0x0000000070974000-memory.dmp

Filesize
3.3MB

Download
memory/1540-213-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-245-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-249-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-241-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-233-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-237-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-225-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-253-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-229-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-257-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-261-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-265-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1540-269-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1768-92-0x00000000700C0000-0x0000000070414000-memory.dmp

Filesize
3.3MB

Download
memory/1768-91-0x000000006FF40000-0x000000006FF8C000-memory.dmp

Filesize
304KB

Download
memory/2596-75-0x0000000007040000-0x00000000070E3000-memory.dmp

Filesize
652KB

Download
memory/2596-77-0x00000000073C0000-0x00000000073D4000-memory.dmp

Filesize
80KB

Download
memory/2596-65-0x00000000706C0000-0x0000000070A14000-memory.dmp

Filesize
3.3MB

Download
memory/2596-76-0x0000000007370000-0x0000000007381000-memory.dmp

Filesize
68KB

Download
memory/2596-54-0x0000000005810000-0x0000000005B64000-memory.dmp

Filesize
3.3MB

Download
memory/2596-64-0x000000006FF40000-0x000000006FF8C000-memory.dmp

Filesize
304KB

Download
memory/2672-113-0x000000006FF40000-0x000000006FF8C000-memory.dmp

Filesize
304KB

Download
memory/2672-114-0x00000000700C0000-0x0000000070414000-memory.dmp

Filesize
3.3MB

Download
memory/3540-235-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3540-227-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3540-221-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4604-182-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/4840-23-0x0000000006A50000-0x0000000006A94000-memory.dmp

Filesize
272KB

Download
memory/4840-26-0x00000000078C0000-0x00000000078DA000-memory.dmp

Filesize
104KB

Download
memory/4840-4-0x00000000740AE000-0x00000000740AF000-memory.dmp

Filesize
4KB

Download
memory/4840-5-0x0000000004F20000-0x0000000004F56000-memory.dmp

Filesize
216KB

Download
memory/4840-49-0x0000000007C70000-0x0000000007C78000-memory.dmp

Filesize
32KB

Download
memory/4840-48-0x0000000007C80000-0x0000000007C9A000-memory.dmp

Filesize
104KB

Download
memory/4840-46-0x0000000007C10000-0x0000000007C1E000-memory.dmp

Filesize
56KB

Download
memory/4840-27-0x0000000007A70000-0x0000000007AA2000-memory.dmp

Filesize
200KB

Download
memory/4840-29-0x00000000700C0000-0x0000000070414000-memory.dmp

Filesize
3.3MB

Download
memory/4840-30-0x00000000740A0000-0x0000000074850000-memory.dmp

Filesize
7.7MB

Download
memory/4840-45-0x0000000007BD0000-0x0000000007BE1000-memory.dmp

Filesize
68KB

Download
memory/4840-44-0x0000000007CD0000-0x0000000007D66000-memory.dmp

Filesize
600KB

Download
memory/4840-40-0x0000000007AB0000-0x0000000007ACE000-memory.dmp

Filesize
120KB

Download
memory/4840-6-0x00000000740A0000-0x0000000074850000-memory.dmp

Filesize
7.7MB

Download
memory/4840-42-0x0000000007BC0000-0x0000000007BCA000-memory.dmp

Filesize
40KB

Download
memory/4840-43-0x00000000740A0000-0x0000000074850000-memory.dmp

Filesize
7.7MB

Download
memory/4840-41-0x0000000007AD0000-0x0000000007B73000-memory.dmp

Filesize
652KB

Download
memory/4840-28-0x000000006FF40000-0x000000006FF8C000-memory.dmp

Filesize
304KB

Download
memory/4840-7-0x00000000056C0000-0x0000000005CE8000-memory.dmp

Filesize
6.2MB

Download
memory/4840-8-0x0000000005510000-0x0000000005532000-memory.dmp

Filesize
136KB

Download
memory/4840-25-0x0000000007F20000-0x000000000859A000-memory.dmp

Filesize
6.5MB

Download
memory/4840-24-0x0000000007820000-0x0000000007896000-memory.dmp

Filesize
472KB

Download
memory/4840-10-0x0000000005E60000-0x0000000005EC6000-memory.dmp

Filesize
408KB

Download
memory/4840-47-0x0000000007C30000-0x0000000007C44000-memory.dmp

Filesize
80KB

Download
memory/4840-22-0x00000000065A0000-0x00000000065EC000-memory.dmp

Filesize
304KB

Download
memory/4840-52-0x00000000740A0000-0x0000000074850000-memory.dmp

Filesize
7.7MB

Download
memory/4840-21-0x00000000064E0000-0x00000000064FE000-memory.dmp

Filesize
120KB

Download
memory/4840-20-0x0000000005FE0000-0x0000000006334000-memory.dmp

Filesize
3.3MB

Download
memory/4840-9-0x0000000005CF0000-0x0000000005D56000-memory.dmp

Filesize
408KB

Download
memory/5020-143-0x000000006FF40000-0x000000006FF8C000-memory.dmp

Filesize
304KB

Download
memory/5020-144-0x00000000706C0000-0x0000000070A14000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1-0x0000000004490000-0x0000000004891000-memory.dmp

Filesize
4.0MB

Download
memory/5068-141-0x0000000004490000-0x0000000004891000-memory.dmp

Filesize
4.0MB

Download
memory/5068-142-0x00000000048A0000-0x000000000518B000-memory.dmp

Filesize
8.9MB

Download
memory/5068-211-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/5068-140-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/5068-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/5068-2-0x00000000048A0000-0x000000000518B000-memory.dmp

Filesize
8.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads