4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
Size

29KB
MD5

908933268980a5e01d82e696847a1810
SHA1

f8432cc5917fdaa474e13bd4a894af51f49556d3
SHA256

4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233
SHA512

a0de55ae88122fbbd32e2ed7d5f568f929777d577b820dc65912e2b51fb06ee73663a24ef67e7eca61cd98e873aa71ad2effb579ccda477e2bcc1fc1f3a37410
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/L:AEwVs+0jNDY1qi/qD

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2980	services.exe

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2912-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2912-4-0x00000000001B0000-0x00000000001B8000-memory.dmp	upx
behavioral1/files/0x0038000000014709-7.dat	upx
behavioral1/memory/2980-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-17-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-18-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2980-23-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-24-0x00000000001B0000-0x00000000001B8000-memory.dmp	upx
behavioral1/memory/2980-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-31-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-32-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2980-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0009000000014c2d-50.dat	upx
behavioral1/memory/2912-60-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-61-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-62-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-63-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-67-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-68-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2980-73-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-74-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-75-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2980-80-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-243-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-244-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2912-361-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2980-362-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2980-366-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\java.exe	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
File created	C:\Windows\java.exe	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
File created	C:\Windows\services.exe	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2980	2912	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe	28
PID 2912 wrote to memory of 2980	2912	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe	28
PID 2912 wrote to memory of 2980	2912	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe	28
PID 2912 wrote to memory of 2980	2912	4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c8ea64c5ae0d0c7ed454c70bc1f976833ef5aeb5d8870456441c62ad820a233_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\search[1].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\A69C7KNC.htm

Filesize
175KB

MD5
bcde74b06c073e3639dac14b8bcb68a6

SHA1
6ef3d56c3be10da8937f33f641d8f5546b94bd50

SHA256
fb98d5bf7ee7a8f77cfcc755c13683bef809de399b74561cffb3410382d923af

SHA512
4cf498754a509cf0aa75ee7b6218da8a4ac0128658e55b5cb8861e0605f07ec6ae24639c1f7066ee3aea927357c0f1d56bf566db62b891bacacd898ac239a97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE471.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE562.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE8DC.tmp

Filesize
29KB

MD5
b76a62495ce7f13b8734e193d41ee86f

SHA1
03e0825bce572042d9eab67a4db2a627ae1ebb2a

SHA256
d4085c05f6a7294d49ef67268ca6068d1c26203e7df237ff8227a145408e0f37

SHA512
65b31f063d8b8ccd11f792a14925bd49715620257fa7ab995e8e9b8c3686ae01c0a48b8fa925abfa460af1fda3c35e7015eb849dc1efe7f7b0d42f1053923f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
0634582113ec24b8dc7012153bc77977

SHA1
e20b3c5956d1cc9047649c4a7009568c885e5ab1

SHA256
948864affd56bf79db9467d23fcc4c91c7d3e0c567a102fc657dbea74dd81b54

SHA512
9779268d3fefc8ffdfff280b9d3aa0fed4518af36ef7dc0930f7958fd1322ecfa3a8f3e81e8f7197f87cd4caccb7e4f4b3fa028393b4e0fb53e7c3e5fd514048

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
1a25cefa7468f3cd451fb25b88fc5aae

SHA1
c61ebe6b5f24af982466c6eae15fbfbe57225488

SHA256
b5bfca44547075dee7374d2fd7398714dcdd02e11e9a667ccc4b03bcbd47d5f0

SHA512
5a64826df398a8e6b76bb7cc98de5ea22f2d41449a9b4160425fefe93dcf9f8879d3fe2396bbc939865e7e8f4c3cca4dd2e36b7676e8c717b1c2e5393fc389d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
6efad1e0dcde71c33e492923e3ffa4e0

SHA1
0e4bf2f6f5542e49e70be87420b2de59d1321c8a

SHA256
bfb01787e5780c80ad619f9311e180cc9ae1680f2ac387b1a61bd1d67bf6766a

SHA512
f463f542afca9cd598b980c8db5caad410beacd769bc0bbc70eee17406e2bdd64b0c714cb65d0687ce81916352230961fd2c2f6032522b6ef3db6d25c72e4f57

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2912-24-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/2912-17-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-361-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-4-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/2912-243-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-25-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/2912-60-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-10-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/2912-62-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-31-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-67-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2912-74-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2980-63-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-80-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-23-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-75-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-73-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-244-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-362-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-366-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads