azov | 8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
Size

319KB
MD5

e875f3e021beab1203a92da7fbe51490
SHA1

36dfa6259dcaf170959c56ea54b85233bfbff4c7
SHA256

8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99
SHA512

2f2f21279c80385e7a246941e43091fe8988bf886395c0ad260ae435a992dea77f1c036b174da7d54c6ecd3fab2af22a6bea6985c79520574694e86191241a2e
SSDEEP

6144:vwU64s9KvnLbLtvSVLx9y9TBA3QvEOpP7WYhw1bRh2Z:vc4s9KvfZ679y9TagvEEP6SwR+

Score

10^/10

azov discovery persistence ransomware wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (143) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2360	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\T:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\V:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\W:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\H:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\I:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\M:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\R:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\U:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\X:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\A:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\N:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\L:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\O:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\S:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\E:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\J:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\K:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\B:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\G:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado25.tlb	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado28.tlb	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\RESTORE_FILES.txt	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2360	2468	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe	81
PID 2468 wrote to memory of 2360	2468	8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
5a3b209f5ccb92ec08ded37233d5ed1e

SHA1
ae2f89002e90806f5ea1977701053858b8bc2b01

SHA256
6a7b3255aad98eb56bcc5a54258c27fb6b03a5f4349c704d671b8865b02d8af0

SHA512
e1da8a9be79bd613afb00714758e49e5961a56cda875f15e0499437a6456f1a79175ad9b6715f35908773a9854cef30d651dcdcd35d109a04b6c3480eaa75eab

Download Submit
memory/2468-3-0x0000016748030000-0x0000016748035000-memory.dmp

Filesize
20KB

Download
memory/2468-2-0x00007FF6CC290000-0x00007FF6CC2D7000-memory.dmp

Filesize
284KB

Download
memory/2468-0-0x0000016748040000-0x0000016748044000-memory.dmp

Filesize
16KB

Download
memory/2468-4-0x0000016748030000-0x0000016748035000-memory.dmp

Filesize
20KB

Download
memory/2468-7-0x0000016748040000-0x0000016748044000-memory.dmp

Filesize
16KB

Download
memory/2468-6-0x0000016746760000-0x0000016746767000-memory.dmp

Filesize
28KB

Download
memory/2468-11-0x0000016748030000-0x0000016748035000-memory.dmp

Filesize
20KB

Download
memory/2468-164-0x0000016748790000-0x0000016748A00000-memory.dmp

Filesize
2.4MB

Download
memory/2468-403-0x0000016748110000-0x0000016748111000-memory.dmp

Filesize
4KB

Download
memory/2468-427-0x0000016748790000-0x0000016748A00000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads