discordrat | 2df3388f1981b32ad6e83789b3051d32894388be5aa997bebfe39ce370f5249c

Analysis

max time kernel
89s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 14:28

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

ecb53bd6e2dcc654cf535d68d3a51ed7
SHA1

ec0f92220186d59e15914cd9665eb06f9e5c30b3
SHA256

2df3388f1981b32ad6e83789b3051d32894388be5aa997bebfe39ce370f5249c
SHA512

28c3b41199bc832349cd794135c81a4af459251a266002ec0db439f243c2d65a81e9697f973e14fc3d213e7f6d8ffef31d254e0a73ce818dc878643e757101c9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+8PIC:5Zv5PDwbjNrmAE+wIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE4MTY1NzgyNTYwNTMzNzExOQ.Gh8-wx.xiyycDlChj7_zNW0UGw9RXtpwC1XGb_ZUVyHPg
server_id
1250078737546870865

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service
T1102

Processes:

flow ioc

47 discord.com
114 discord.com
115 discord.com
10 discord.com
11 discord.com
25 discord.com
32 discord.com
33 discord.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

SCHTASKS.exe

pid process

4976 SCHTASKS.exe

flow	ioc
47	discord.com
114	discord.com
115	discord.com
10	discord.com
11	discord.com
25	discord.com
32	discord.com
33	discord.com

pid	process
4976	SCHTASKS.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

2632 msedge.exe
2632 msedge.exe
3680 msedge.exe
3680 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exe

pid process

3680 msedge.exe
3680 msedge.exe
3680 msedge.exe
3680 msedge.exe
3680 msedge.exe

pid	process
2632	msedge.exe
2632	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Client-built.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4288	Client-built.exe
Token: 33	3812	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3812	AUDIODG.EXE
Token: SeShutdownPrivilege	4288	Client-built.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

Client-built.exemsedge.exe

pid	process
4288	Client-built.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-built.exemsedge.exe

description	pid	process	target process
PID 4288 wrote to memory of 3680	4288	Client-built.exe	msedge.exe
PID 4288 wrote to memory of 3680	4288	Client-built.exe	msedge.exe
PID 3680 wrote to memory of 1852	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1852	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 3496	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 2632	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 2632	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe
PID 3680 wrote to memory of 1360	3680	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedc3846f8,0x7ffedc384708,0x7ffedc384718
3⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
3⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
3⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
3⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
3⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
3⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
3⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2647231282088752745,9077555651015157602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
3⤵
PID:3148

C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77Client-built.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\Client-built.exe'" /sc onlogon /rl HIGHEST
2⤵
- Creates scheduled task(s)
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1116

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3812

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
6b0a36565522f48916ef603763f87ee9

SHA1
1dfc33fea9893e8d11d2271cfe5445c9b3993512

SHA256
fdd5768dfd7bef5e8c49928e8904887801b05ff4280d9fb71ccae7b60802050d

SHA512
6ffb55f429bca2fee8e037686e80daa6e364b3585d96905745864ff6ed1d8fa524f870f639082117eb993e2259673ecabdb455c11e81caf7a7d866ef890c2ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
15a1f7aa22ec76f16a93051a433bb4f7

SHA1
0701d640fba6f2d31dff5aabdc0f10fb871322ff

SHA256
e0d2770942c9108aa98ab7ce241d11f3dd8f2cbc7dd36a7df2cbac86bf3b8baf

SHA512
87f5a7bc9cbe0b9724b5583733fc29738ed150716b43e8780f6e1c7f856766a0fec1e6105aef235a342a83e5a708c8a65324e40ef97b885b294627b9a1d03340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
22a5e7e535be2ad967f957981261b5f0

SHA1
6914745db59bc751187cf4273693592e579cac2b

SHA256
3a39fda3505a87e43bd0f4adc764fa25ca731b8a8f377db29cf14de8aea86b41

SHA512
dd6460efbeba2c317688d4fd75a171cddae8c073cdbe84c66cef452f992ceddf415328bbe3494a0b27102227a42fd775aba04adb37f9b990a92d4c34d8d567c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2c7ae6b7dfdb86db4c769e11ac4fa320

SHA1
8ee031f8bc23310f02eb45eeb16cc5a1807285ac

SHA256
c1c28b0118139c22102682aab99f555eb865cde1116127113a2b0ad3afb86934

SHA512
dfcfd97a652018a0c0ee14dd1ce3ca2a209c20f023ec4220b6894aafab9257946e704c9e4055fb3561b3d97af05e6f52834b62106149f9cea2e2d183ad237636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
b291384ea7590a20bb49a7cba4425b39

SHA1
489b70afbf177ea87616d39efbaceea44f090745

SHA256
9fc9685773bc8b70d3fe92be05cb920c9d519f5c93357a4b62b1666cfb893533

SHA512
58fc4aeac36ddfbacf1f5598facf6d5bfe651f3efe8dfd160776ff909b610d9f5e728c12ffc133215da405bd864d7be68daa1d93b2fc051f435d4e60deda8142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e54f.TMP
Filesize
48B

MD5
7c1f85d87d39b95fe8f94868544b57f4

SHA1
5886c7075e94240fc3363c021e3965d538e87d40

SHA256
61f1d62f8e0003d9e709bc37dc0d95d432ee24b605fd4d7fc5319f61259d41d9

SHA512
0b1d61a9370a989a7ba078d9a12e3ee2ee0a3cef44009fb57b42a1718cd30945903e3aff6de431b44e3a5a16d1d628b168128d6e6a96c808cc77009d0cc38f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4c7902c35c0cc26c573db59f4a8039dd

SHA1
4cfb3e09b0811a9f0cd0a871d0b3918a141f6cbc

SHA256
9bdf3df23ff79772fd300b3dcffdc94859af9873d87c67c2d93db9b4e0735066

SHA512
dfbea89299d172494bf0f3f55684f35865d6c6554f32c95b3dd8b75284330bd07950362fbf0ab8585025d5b7cea06d6fb803183efa740c69300bac45f2d32144

Download Submit
\??\pipe\LOCAL\crashpad_3680_GGHVTIZZDIKQEPLV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4288-0-0x0000028C9EE00000-0x0000028C9EE18000-memory.dmp

Filesize
96KB

Download
memory/4288-6-0x00007FFEDF950000-0x00007FFEE0411000-memory.dmp

Filesize
10.8MB

Download
memory/4288-5-0x00007FFEDF953000-0x00007FFEDF955000-memory.dmp

Filesize
8KB

Download
memory/4288-4-0x0000028CB9C60000-0x0000028CBA188000-memory.dmp

Filesize
5.2MB

Download
memory/4288-3-0x00007FFEDF950000-0x00007FFEE0411000-memory.dmp

Filesize
10.8MB

Download
memory/4288-2-0x0000028CB9420000-0x0000028CB95E2000-memory.dmp

Filesize
1.8MB

Download
memory/4288-1-0x00007FFEDF953000-0x00007FFEDF955000-memory.dmp

Filesize
8KB

Download
memory/4288-244-0x0000028CB9BB0000-0x0000028CB9C5A000-memory.dmp

Filesize
680KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads