6c35e5fb73c34864a3bab36e17e10f448e3700d5e28085f410c41ebf2b9d18e6

Analysis

max time kernel
130s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RTK_NIC_DRIVER_INSTALLER.sfx.exe
Size

783KB
MD5

c866190749fd84d8cdbf6f57b26c35bc
SHA1

967d93fc22ea7581e48862e1fa38d63a504e8c25
SHA256

6c35e5fb73c34864a3bab36e17e10f448e3700d5e28085f410c41ebf2b9d18e6
SHA512

0675594b8fb34778f06d693c72186afc6a570694af13d4a3de35aa11efbf224428e8455179385bc39dbe8942f14d42135101e0af448bc526dee451aac207af16
SSDEEP

24576:/2yQPUjJdz3j9ZrmTvU23z2Jjjght7cuWOoC:/ptNNj9ZrmTvR2JXgrouoC

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	RTK_NIC_DRIVER_INSTALLER.sfx.exe

Executes dropped EXE 1 IoCs

pid	Process
1412	setup.exe

Drops file in System32 directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_37384eec1e67b34a\rtux64w10.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET512D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET513F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\rtux64w10.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_37384eec1e67b34a\rtux64w10.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET5140.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_37384eec1e67b34a\RtNicProp64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_37384eec1e67b34a\rtux64w10.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET512D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\rtux64w10.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET5140.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\RtNicProp64.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET512E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET512E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\rtux64w10.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{2aa64ca9-8e31-0346-b759-f2600b1e09db}\SET513F.tmp	DrvInst.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\INF\oem0.PNF	setup.exe
File created	C:\Windows\INF\oem1.PNF	setup.exe
File created	C:\Windows\INF\oem2.PNF	setup.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	setup.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 28 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeAuditPrivilege	1124	svchost.exe
Token: SeSecurityPrivilege	1124	svchost.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1412	4252	RTK_NIC_DRIVER_INSTALLER.sfx.exe	85
PID 4252 wrote to memory of 1412	4252	RTK_NIC_DRIVER_INSTALLER.sfx.exe	85
PID 4252 wrote to memory of 1412	4252	RTK_NIC_DRIVER_INSTALLER.sfx.exe	85
PID 1124 wrote to memory of 3236	1124	svchost.exe	87
PID 1124 wrote to memory of 3236	1124	svchost.exe	87

C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER.sfx.exe
"C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:1412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0d38b16f-b911-8c4d-9b30-f68e97b26df6}\rtux64w10.inf" "9" "4f5029a67" "0000000000000148" "WinSta0\Default" "000000000000015C" "208" "C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe

Filesize
102KB

MD5
094eee1e385e5482b694713e8e08e462

SHA1
293fc250db0edcd0f663042041e4dda124b7ace0

SHA256
ed54b2c849f36561a529a4db71e5a1877d766162d472aeb714fd1b1d569adc1d

SHA512
86870a7b1ac88fe9a7a9fb068934f96dd5ef4f933dd0aeeff5583e2ea04f6c3e31d63b27cd5a78ea02bd3052a092dd02271f126c8f2a0114b0a94c7ce13b18e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.inf

Filesize
426KB

MD5
44a7f210c0847efc6fde77f9b5a8d844

SHA1
c7e4cd70dbf7412ba0277566e7888a3f72d8597a

SHA256
f43cd173c9896c16f2574ca8879114619f87653ae49f52906c789cd7a394a500

SHA512
c7e762e3d8974e2b9195e6f9844fe39612e3258abbd5ce2c6929ae1f8fafa2dc4a210270971294eff6902cf1fa21b6449b2dcb5eb79321462887181fa9226686

Download Submit
C:\Users\Admin\AppData\Local\Temp\RTK_NI~1\WIN10\64\rtux64w10.cat

Filesize
16KB

MD5
343bdb585acf10753b084d582ad8b87a

SHA1
5690b80624fa33c4ae8f6c67805357fd183aa517

SHA256
fcec3635cb72137ee730f3edb7b31b33d118809e265fabb76896abb17579395e

SHA512
bd6f60fa2d426564bff01d5b8209cb46805554b3d5b176470fe713758de3d813729fe1261304cfccc56c05b7926c8d36d6ce733a8bddd35168882c652576209f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d38b16f-b911-8c4d-9b30-f68e97b26df6}\RtNicProp64.dll

Filesize
82KB

MD5
6e2d3fc3cf90cf77d1c1a371c1136a64

SHA1
4063a7e930e5a9e1af0f3eca97c49cefdf31d0d0

SHA256
47e999217c8670d1dda7a20c1bbbb2325570a4f9929bcb618c35f7b313771f9c

SHA512
4f5aaf831988e8302252a7e6913379da981b1ae9ca7a5692854fa509ee39a7c4fd16eb07faa10a440ccafdfff2826ef4f5d0bde850752fae38104fc7c146f577

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d38b16f-b911-8c4d-9b30-f68e97b26df6}\rtux64w10.sys

Filesize
358KB

MD5
73ffd6d4cb1eef778cd630829744a1e7

SHA1
bf1f4745032451f77ffdb7bfc9f3a025a71456c8

SHA256
d1c8bc4a8b5b8092b7a87d83da632a191b34eefcc1d9090a4318eb4ed7b5333b

SHA512
818b55d95580b0173f6cd8d396b82a516e3c3bb8578b0568852738151b30634272647d391cb2a7c10245b988ba159d5ff089ee43aaa7d783744c53b6a72fadaa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads