456fb7d1f6c71ed4f2e4de9b8788fa104f70caa9c6b6e7c69867e671d736a2ea

Analysis

max time kernel
138s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ec921776ae38f6584f6a354e3c6651e_JaffaCakes118.doc
Size

238KB
MD5

0ec921776ae38f6584f6a354e3c6651e
SHA1

9750a3fcc7186769bba755d5ceeecad09c8df4e4
SHA256

456fb7d1f6c71ed4f2e4de9b8788fa104f70caa9c6b6e7c69867e671d736a2ea
SHA512

56227db73736f118b957f9e1ca068f8a9389d11009312d7cb27a412c5321c9dfbfb34f5b76dd5bb92cf36ac33b7fb429ca47f23dded0cde1fc008ee7a93ac516
SSDEEP

3072:a/wDvWETOgnHJcIKBs7GwdS31DMnkpWoYX9:a/avWETrHJ9AqU31YkQoYt

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2396	WINWORD.EXE
2396	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	1644	EXCEL.EXE
Token: SeAuditPrivilege	3344	EXCEL.EXE
Token: SeAuditPrivilege	2680	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
2396	WINWORD.EXE
2396	WINWORD.EXE
2396	WINWORD.EXE
2396	WINWORD.EXE
2396	WINWORD.EXE
2396	WINWORD.EXE
2396	WINWORD.EXE
1644	EXCEL.EXE
1644	EXCEL.EXE
1644	EXCEL.EXE
1644	EXCEL.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
4912	WINWORD.EXE
3344	EXCEL.EXE
3344	EXCEL.EXE
3344	EXCEL.EXE
3344	EXCEL.EXE
2680	EXCEL.EXE
2680	EXCEL.EXE
2680	EXCEL.EXE
2680	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0ec921776ae38f6584f6a354e3c6651e_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4912

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3344

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
748e4b35eb2a89fed348a08b1ffc6212

SHA1
30bccca119ff7116f3972a3ca89165907567dd3e

SHA256
d5cfc35df91f24babedeb9b04bbf0e6ef7505a7507bb668a7ca4125478b8fa9e

SHA512
ffbd479ca8b1cc45d03cf299fc27140809cad62a4700cb0dac23cca8cf58b9a6a5d3aaa3edc395b28d2c990ee9c0da9fb85b470d6df685329d18ce3720ef9e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
d32b3937047776cc4f4d9e8ccad8985b

SHA1
a218b78f3a915bf624193ec038694799a14c3929

SHA256
efb292ab0f529c741d7d38b12bbb9cafc99763cacec8911892ec10b6a355648e

SHA512
fafee1eaad7ae3494cdfa1eb400b5bad7f04a58d8faf82d878cd4e2b2a725fb2470477a18dd9be8f4fcc0d430f15e6f5c4b461e305e64031cb6dbf44a53cc4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
f4bfbf0daab43526089bf480f8cb4ede

SHA1
c92464c93894641896dddac8ba24febc922cfbcf

SHA256
d1bd42e6bcc5e78c3c5ee725b6dd24d679bc37d0298bed76f2100bcc9a48423e

SHA512
dc744b08df594881d1a8931953f39a1ef04d08dbb65b72c01ecdb7f7c7dcccadeb3cccfdb9505b35c1af7f72540f4a5cdb09aa3598746c77877bea01124f9b61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
dba48effdb1bfe6125a37c7a9f6ffc75

SHA1
9d900ea6200cc0b08f23b0c38f7420417e0fe599

SHA256
fc480999e8642e7ebcd5423093d9bacfa681741c383753b50c895e77e7f6bef6

SHA512
a5dc8296d54fe836391900793dcab2167b61f7595623f935b77e3a475a48e6e4c461ca6f95f76bf9cc3554f226ddc65cb05ac9ddd2c35eab0d2df769d67e3457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
51e63731013d75b3f6f8b4f7f6fb5f93

SHA1
fb6b4c32f749e750d83f080709fdf284dbdb65c9

SHA256
b407dd887d7edfc7c5d227ea189013f8c62cae5c733866d3f44918635a3c7b0d

SHA512
bee76b0ff32e87f23487bbd1d69d3341637a64706071aff0b00a1adf2bc64e3ebbeae0fc4d3e297ce7bd5f8bdc4a491a2bfc439272eaac88d07a5df6c1bf42eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

Filesize
128B

MD5
f37c7e1c4fd58b8cb24caa9cc8d3ae9c

SHA1
89213a5bc1ffd59fc1cf36beeab5e519f0853257

SHA256
a3ed3e756c659a63de1205293cf82679df3c8503c2d1db4325ca83188e68acd3

SHA512
9444715b9a1c003612c2af34a4e2603409d21f6da8b1f6cb6c0f4bfb57ae3c204ef4597488d9e1246726f56efa5615e1711d012ee198f232a0cef7dc741eba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\765C3823-FA05-46B4-A120-92B50D85753D

Filesize
168KB

MD5
3d1368c24d741cdb5f4406a042cd1ad1

SHA1
71ddf570676b58dbc319fc487097dceab6bcb8e2

SHA256
51fcc78cf2f261238247b0dac2215f84f486f826b9f9d8f304873a891f3c22d8

SHA512
e9342f045c248efca5be226b0f7838ae74383f3a2ba69a50fa567ec6476abbec3a8babcad0f075ba47481e8ffb81296f697b31f2c7cacc345613ee52c2f62b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
321KB

MD5
edc5bbd89d21bff468e2b1bc6a6cad11

SHA1
b5a3588cc1c3274357eefae826f9de1876e4def4

SHA256
7c8ecd6695962fe29434fae9505f932f5f4b94196045cf6535566180ac50e0af

SHA512
57c5fb3a4bfbef6c6a9e2c1a8e3c00debec585c2e86857206c7f3ebd349b2436b9d9d6a6032ee0dc76cee44243766e4399cce9d0884abd2e47efb2b799d415f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
332KB

MD5
874e05073239ce46fb73138f72a0b502

SHA1
6c5cfb40cc141c26048fd1c06986983e21db47b0

SHA256
18200fdb493faadfd4016b59a77bd873212d3a12f6b01d01087c59e78b3ce0ed

SHA512
4650990457be788c226295023f4778a119777ee9716556a09f48f63238dcac72f9501776432cdb94f81de766414252f53c3006aae258e97199577baedbe68a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
19KB

MD5
15b44b0af00572692a2677db0644db25

SHA1
5451211cf23bed8e6835d62fb26a6a4c1dcf0dd7

SHA256
013fbc3350380c84f9bd5dfdf45358298f3a23e585d801257b7ed84da9addcbd

SHA512
6895743ee14badab9c3248bbf5cb893c2c6af87d7e7866d6dc610924d2d3353cb5fceb84debca39d8ec75330c41cfaae2bf51988a30e1177218b3f023bccbf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
8665de22b67e46648a5a147c1ed296ca

SHA1
b289a96fee9fa77dd8e045ae8fd161debd376f48

SHA256
b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f

SHA512
bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
8KB

MD5
c79065d17e2c73529e80e8817a0af7a6

SHA1
d55413d615eca0221991fc6fbb60823c500d3d62

SHA256
5c2d65e65afb4a1ee79cc84deba807c6b0bdc9e98cdfa2830c2d77ee06dba0aa

SHA512
f0ae32047bd0a87b2a6d07e0446274961add0a5c956b4c524ea0e2380b48293b446f516f32788a52511406cb1d20aa3281cd5ce823a217279ddcfcd484cb32f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
1937b8eb30d4064fe82d92b5c3206316

SHA1
bfed51ab30d6d8936d041859d12f03831a59c2b1

SHA256
60f5794f1a6f6bd18d2f3a8ad30b4dad6cdcd0908eb9b0405622c4bb4ece01d6

SHA512
b7850ae4b7ab17b95283c65dd02023be414b326d0999197c1f8a7a23565f961b8e6c19d38d1c9b459dbb6c095a6a78d9d8265fd58a054d1dec5ae241f244c86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
0da143e4b3e63becedbc3168d8a8c38c

SHA1
771d24ca8b3716132a018c5dd9e1ccffc481f6f3

SHA256
46ef2f437bebd8e6a92a830465e87d86e37501c382f767cb2da64f826346fb64

SHA512
972f237e40cec8b8110cdf70e3412c2bea361705e00eca4ecaba0bf1aad07ef5ae76eb8b95551e18e25d8a2a835f967f5a8b4084817b4387fad181f8800f4f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
b70bfd9a95bc1a99353fc52a9db7538e

SHA1
f1ac7cd68bf82485160aff33ed036e32fb179d96

SHA256
ab5f165658ea704bfabba728672ecbc9c4c49bfa81546c5a56d46904831c4deb

SHA512
156631381ff117b9d2fc4646944e1d034a39a34f03b0359d68e87458de4ab7e1ae855515988563de4e58f022c61c14c082ea3105de7a2a4c0455ad525acbaf72

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD7FB4.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
465054e9ea10615db8c6fe029152e165

SHA1
9b6f056ff5f6b192c42a2af507f58bf1ec7810fc

SHA256
565da7f9cd0d2d081cf9afc82fd0b6db3ab75074e3df95c31827707b9c3401fb

SHA512
2fb0030077034623d778f82098aa00470d8c9f0a376bef9c7ecca99a5542a0c7a5554481b7cc82f8c97dfb3f19279a6e744b8ba43e134f883e94426c84633de5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1644-1558-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/1644-1560-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/1644-1561-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/1644-1559-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-16-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-11-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-18-0x00007FFE94830000-0x00007FFE94840000-memory.dmp

Filesize
64KB

Download
memory/2396-17-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-10-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-8-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-7-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-6-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-575-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-1568-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-0-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-520-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-15-0x00007FFE94830000-0x00007FFE94840000-memory.dmp

Filesize
64KB

Download
memory/2396-12-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-14-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-13-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-9-0x00007FFED6F30000-0x00007FFED7125000-memory.dmp

Filesize
2.0MB

Download
memory/2396-1-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-2-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-3-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-4-0x00007FFE96FB0000-0x00007FFE96FC0000-memory.dmp

Filesize
64KB

Download
memory/2396-5-0x00007FFED6FCD000-0x00007FFED6FCE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads