azov | 35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c

General

Target

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
Size

319KB
MD5

3bde2cc715594a00c0b89a31c8adefe0
SHA1

aa6843655e1b0dde99a619e4f5236eba3af3ed8a
SHA256

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c
SHA512

9d198af4b9e06ed678245207d34908b084aaf1a2940df68d54f1bb3632dd9533d62e965ad1291038380fdc79ed2acd61a2f77dc2b62ee66f36d5f27bebc89329
SSDEEP

6144:MUU5GSs9HnItL2EtYN730QO9TBA3QvEhLlh4osp:MqSs9HnIsUKgQO9TagvEN4j

Score

10^/10

azov discovery persistence ransomware wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1372 icacls.exe

pid	process
1372	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\O:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\S:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\U:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\X:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\K:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\N:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\V:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\G:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\J:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\L:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\R:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\T:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\H:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\B:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\E:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\I:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\M:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\P:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\W:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\A:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado28.tlb	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadox28.tlb	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	pid	process	target process
PID 1840 wrote to memory of 1372	1840	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe	icacls.exe
PID 1840 wrote to memory of 1372	1840	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1840

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1372

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

File and Directory Permissions Modification

1

T1222

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
36099ceef6e3d74bc90e4f597d70752b

SHA1
7ad87c4c6dadeb0f92d7908512c8ab60a323a556

SHA256
e1c717fc7cd8abc1b13d4359253438c1e7e6c3b1ae440876ed8ab5126a013229

SHA512
9dfa932e075163f674ff9cc58f5ca3ad1bd2ba31fa6553f185ec05634068be8a36598242194fb7984cc98316201d5ee48e941cce9c2b6e774b0ac790fef02c4b

Download Submit
memory/1840-0-0x000001814E4E0000-0x000001814E4E4000-memory.dmp

Filesize
16KB

Download
memory/1840-2-0x00007FF72FDD0000-0x00007FF72FE17000-memory.dmp

Filesize
284KB

Download
memory/1840-3-0x000001814E4D0000-0x000001814E4D5000-memory.dmp

Filesize
20KB

Download
memory/1840-8-0x000001814E4E0000-0x000001814E4E4000-memory.dmp

Filesize
16KB

Download
memory/1840-6-0x000001814E4D0000-0x000001814E4D5000-memory.dmp

Filesize
20KB

Download
memory/1840-5-0x000001814E4A0000-0x000001814E4A7000-memory.dmp

Filesize
28KB

Download
memory/1840-17-0x000001814E4D0000-0x000001814E4D5000-memory.dmp

Filesize
20KB

Download
memory/1840-157-0x0000018150350000-0x00000181505C0000-memory.dmp

Filesize
2.4MB

Download
memory/1840-457-0x00000181500A0000-0x00000181500A1000-memory.dmp

Filesize
4KB

Download
memory/1840-472-0x0000018150350000-0x00000181505C0000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads