651dbcca5436b159a5fb1fcff4f769a91280e194bd091b8bb6e284db94858814

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
Size

268KB
MD5

182860c0c418baa8f0d94b68459ae384
SHA1

ada260ac8ce34358527c05e91c1029b7f55aa737
SHA256

651dbcca5436b159a5fb1fcff4f769a91280e194bd091b8bb6e284db94858814
SHA512

9c64290fd43c8ffc7a720b01b0715b23d924625171216b96855b3b5034b57ace8f9cadb037d2552128eccff1175f03c4d78384d72902ced26182e2f7a5388b84
SSDEEP

6144:amwd6zy40hYcUQ9gVLPxOzHu7HyZpmCFY3QFkp7Vxt:at6zoDqVLwbuzy3Y3fp7F

Score

10^/10

evasion upx

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 8 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\svhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svhost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2708	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2708-35-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-29-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-27-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-37-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-38-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-41-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-46-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-47-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-51-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-52-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-53-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-54-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-55-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-57-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-58-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-59-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-60-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-61-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-62-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-63-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-64-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-65-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-66-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-67-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2708-68-0x0000000000400000-0x000000000045C000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2108 set thread context of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
2584	reg.exe
2788	reg.exe
1360	reg.exe
2956	reg.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 1	2708	svchost.exe
Token: SeCreateTokenPrivilege	2708	svchost.exe
Token: SeAssignPrimaryTokenPrivilege	2708	svchost.exe
Token: SeLockMemoryPrivilege	2708	svchost.exe
Token: SeIncreaseQuotaPrivilege	2708	svchost.exe
Token: SeMachineAccountPrivilege	2708	svchost.exe
Token: SeTcbPrivilege	2708	svchost.exe
Token: SeSecurityPrivilege	2708	svchost.exe
Token: SeTakeOwnershipPrivilege	2708	svchost.exe
Token: SeLoadDriverPrivilege	2708	svchost.exe
Token: SeSystemProfilePrivilege	2708	svchost.exe
Token: SeSystemtimePrivilege	2708	svchost.exe
Token: SeProfSingleProcessPrivilege	2708	svchost.exe
Token: SeIncBasePriorityPrivilege	2708	svchost.exe
Token: SeCreatePagefilePrivilege	2708	svchost.exe
Token: SeCreatePermanentPrivilege	2708	svchost.exe
Token: SeBackupPrivilege	2708	svchost.exe
Token: SeRestorePrivilege	2708	svchost.exe
Token: SeShutdownPrivilege	2708	svchost.exe
Token: SeDebugPrivilege	2708	svchost.exe
Token: SeAuditPrivilege	2708	svchost.exe
Token: SeSystemEnvironmentPrivilege	2708	svchost.exe
Token: SeChangeNotifyPrivilege	2708	svchost.exe
Token: SeRemoteShutdownPrivilege	2708	svchost.exe
Token: SeUndockPrivilege	2708	svchost.exe
Token: SeSyncAgentPrivilege	2708	svchost.exe
Token: SeEnableDelegationPrivilege	2708	svchost.exe
Token: SeManageVolumePrivilege	2708	svchost.exe
Token: SeImpersonatePrivilege	2708	svchost.exe
Token: SeCreateGlobalPrivilege	2708	svchost.exe
Token: 31	2708	svchost.exe
Token: 32	2708	svchost.exe
Token: 33	2708	svchost.exe
Token: 34	2708	svchost.exe
Token: 35	2708	svchost.exe
Token: SeDebugPrivilege	2708	svchost.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2708	svchost.exe
2708	svchost.exe
2708	svchost.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2864	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	29
PID 2108 wrote to memory of 2864	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	29
PID 2108 wrote to memory of 2864	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	29
PID 2108 wrote to memory of 2864	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	29
PID 2864 wrote to memory of 1708	2864	csc.exe	31
PID 2864 wrote to memory of 1708	2864	csc.exe	31
PID 2864 wrote to memory of 1708	2864	csc.exe	31
PID 2864 wrote to memory of 1708	2864	csc.exe	31
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2108 wrote to memory of 2708	2108	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	32
PID 2708 wrote to memory of 2776	2708	svchost.exe	33
PID 2708 wrote to memory of 2776	2708	svchost.exe	33
PID 2708 wrote to memory of 2776	2708	svchost.exe	33
PID 2708 wrote to memory of 2776	2708	svchost.exe	33
PID 2708 wrote to memory of 2756	2708	svchost.exe	34
PID 2708 wrote to memory of 2756	2708	svchost.exe	34
PID 2708 wrote to memory of 2756	2708	svchost.exe	34
PID 2708 wrote to memory of 2756	2708	svchost.exe	34
PID 2708 wrote to memory of 2564	2708	svchost.exe	36
PID 2708 wrote to memory of 2564	2708	svchost.exe	36
PID 2708 wrote to memory of 2564	2708	svchost.exe	36
PID 2708 wrote to memory of 2564	2708	svchost.exe	36
PID 2708 wrote to memory of 2512	2708	svchost.exe	38
PID 2708 wrote to memory of 2512	2708	svchost.exe	38
PID 2708 wrote to memory of 2512	2708	svchost.exe	38
PID 2708 wrote to memory of 2512	2708	svchost.exe	38
PID 2776 wrote to memory of 2584	2776	cmd.exe	40
PID 2776 wrote to memory of 2584	2776	cmd.exe	40
PID 2776 wrote to memory of 2584	2776	cmd.exe	40
PID 2776 wrote to memory of 2584	2776	cmd.exe	40
PID 2756 wrote to memory of 2956	2756	cmd.exe	42
PID 2756 wrote to memory of 2956	2756	cmd.exe	42
PID 2756 wrote to memory of 2956	2756	cmd.exe	42
PID 2756 wrote to memory of 2956	2756	cmd.exe	42
PID 2564 wrote to memory of 2788	2564	cmd.exe	43
PID 2564 wrote to memory of 2788	2564	cmd.exe	43
PID 2564 wrote to memory of 2788	2564	cmd.exe	43
PID 2564 wrote to memory of 2788	2564	cmd.exe	43
PID 2512 wrote to memory of 1360	2512	cmd.exe	44
PID 2512 wrote to memory of 1360	2512	cmd.exe	44
PID 2512 wrote to memory of 1360	2512	cmd.exe	44
PID 2512 wrote to memory of 1360	2512	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ixzes9da.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1768.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1767.tmp"
    3⤵
    PID:1708
- C:\Users\Admin\AppData\Roaming\svchost.exe
  C:\Users\Admin\AppData\Roaming\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:2584
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:2956
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:2788
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svhost.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svhost.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES1768.tmp

Filesize
1KB

MD5
7278d910c196feaa0d1c548617de809f

SHA1
3d6946988565e2ead1c588aa416e5f33e6a3bf4f

SHA256
28ba5b78b825101883a91fca875cb1565d0111b5b072d90bcc1cc9a44fdf1822

SHA512
f032bf9c458fd0e0c62d356908ad4b71fe5296f6564c034982373a1ce14891e097a0241ad217048378e0cba51e888edeba9cf0bc2f74b6daa60de2617c0b4275

Download Submit
C:\Users\Admin\AppData\Local\Temp\ixzes9da.dll

Filesize
5KB

MD5
82486e866ba3a80d3d2fd1a4095f1313

SHA1
9daecc55865510fc54acc511a98991cc89ef7771

SHA256
9a208347416eb10b35b7d51cb5bc7c6318c07a0b75ed1fcdf54130dd020d2a31

SHA512
2d503ed73f59fbbd9121fa91e060eea5470fc269b2c3d8b507a5f9a5b73b2e83195fab8c0e9f14d86ec053f82af5c1636f03c6daccfb58ccb051ac809a3f527e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1767.tmp

Filesize
652B

MD5
22e821883d79ed8195b09c8c7fc4c27b

SHA1
0f3220117ede520e9fcd45b3094a326699e075c9

SHA256
46cc934f708794c1ff05a2ed963f33435b99c445b9507a0580d6bbd96e0df98e

SHA512
024e62f6e343b51cc575a269005f00132394835ce3f89da89662710696496c971c8a1cbe15aa238f294f56fb4f9abd0fef5cdde0610814b5454670e2e77b9cf9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ixzes9da.0.cs

Filesize
4KB

MD5
2216d197bc442e875016eba15c07a937

SHA1
37528e21ea3271b85d276c6bd003e6c60c81545d

SHA256
2e9e3da7bfa1334706550bb4d6269bf3e64cbbc09fa349af52eb22f32aebb4af

SHA512
7d7bdc3bf83ac0a29e917ead899dcaa1b47ee2660f405fe4883ca2a2546f7924265e1d75a2ea02c0e34fac4d2bb82bbaaa88d06c240afad4e9fd49337cd04d3f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ixzes9da.cmdline

Filesize
206B

MD5
8413373e0184f104b5b746be056a5437

SHA1
1121e84b79809c3824e2acbb9ca34430c55e058a

SHA256
7d3f4a9987659e29375bb792e7c3a56390c15e0d229115dfc3228b24da73640e

SHA512
ef7a01b4442cfe620263e870f484baadcf2e0fb2672923bd20242612e60386b227310c03cfad89f5a46e769ce9ab9522dabd4ca801491a88a2de561d44695b11

Download Submit
\Users\Admin\AppData\Roaming\svchost.exe

Filesize
12KB

MD5
e2a4c443e3afda26f532f978f5b4d031

SHA1
59348c67332d1dd5a16a79f89151b42f94869928

SHA256
15a36c3a7a2e53441919ed584719211df9fc3bb76725274ef1ea120b1564602a

SHA512
0d0821e7b407aeaa0b2f2aff8df96756d3e279937d2d1cee8a64cc360dbbfa2f7e5add8477de58fe5bd4b8778492dbecd6d3bb68405b34c1596369c38ab663ab

Download Submit
memory/2108-1-0x0000000073FF0000-0x000000007459B000-memory.dmp

Filesize
5.7MB

Download
memory/2108-2-0x0000000073FF0000-0x000000007459B000-memory.dmp

Filesize
5.7MB

Download
memory/2108-50-0x0000000073FF0000-0x000000007459B000-memory.dmp

Filesize
5.7MB

Download
memory/2108-0-0x0000000073FF1000-0x0000000073FF2000-memory.dmp

Filesize
4KB

Download
memory/2708-41-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-62-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-31-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2708-29-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-27-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-25-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-37-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-38-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-68-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-46-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-47-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-67-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-51-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-52-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-53-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-54-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-55-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-57-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-58-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-59-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-60-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-61-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-35-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-63-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-64-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-65-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2708-66-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2864-11-0x0000000073FF0000-0x000000007459B000-memory.dmp

Filesize
5.7MB

Download
memory/2864-16-0x0000000073FF0000-0x000000007459B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads