35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
Size

1.7MB
MD5

cd99168ef2516f2dbaa86e7bfd87bd10
SHA1

7b1a753485ab3bebe8474bd87cf21051f9e401ea
SHA256

35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850
SHA512

a52012af49df2ca979eced0c535921de5f8dd7896ea2f5867c203c0dca7bfa4f4f81825d682ea876c0050baaddb57bb909fa1b71e9a44817f5589c8985e7f0fd
SSDEEP

12288:Y6sg9q8utL6R91NNaUfViptH0D9wvT1xkZTWbq6Pknm2N5kv7Z62J5ugQ8cY47O9:YyG6RGjv7biFpVUd

Score

10^/10

evasion persistence upx

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 8 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\local.exe = "C:\\Users\\Admin\\AppData\\Roaming\\local.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Window Updates\\winupdt3.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe

Executes dropped EXE 3 IoCs

pid	Process
2584	winupdt3.exe
2904	winupdt3.exe
2480	winupdt3.exe

Loads dropped DLL 6 IoCs

pid	Process
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
2584	winupdt3.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1672-0-0x0000000000400000-0x00000000005B6000-memory.dmp	upx
behavioral1/files/0x0014000000014973-27.dat	upx
behavioral1/memory/1672-45-0x0000000000400000-0x00000000005B6000-memory.dmp	upx
behavioral1/memory/2904-54-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-52-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-49-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2480-60-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2480-62-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2480-63-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2584-65-0x0000000000400000-0x00000000005B6000-memory.dmp	upx
behavioral1/memory/2904-67-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2480-68-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2904-71-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-69-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-73-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-75-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-77-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-80-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-82-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-89-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-91-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral1/memory/2904-93-0x0000000000400000-0x000000000045C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdt = "C:\\Users\\Admin\\AppData\\Roaming\\Window Updates\\winupdt3.exe"	reg.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2584 set thread context of 2904	2584	winupdt3.exe	32
PID 2584 set thread context of 2480	2584	winupdt3.exe	33

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
2792	reg.exe
1624	reg.exe
764	reg.exe
2884	reg.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 1	2904	winupdt3.exe
Token: SeCreateTokenPrivilege	2904	winupdt3.exe
Token: SeAssignPrimaryTokenPrivilege	2904	winupdt3.exe
Token: SeLockMemoryPrivilege	2904	winupdt3.exe
Token: SeIncreaseQuotaPrivilege	2904	winupdt3.exe
Token: SeMachineAccountPrivilege	2904	winupdt3.exe
Token: SeTcbPrivilege	2904	winupdt3.exe
Token: SeSecurityPrivilege	2904	winupdt3.exe
Token: SeTakeOwnershipPrivilege	2904	winupdt3.exe
Token: SeLoadDriverPrivilege	2904	winupdt3.exe
Token: SeSystemProfilePrivilege	2904	winupdt3.exe
Token: SeSystemtimePrivilege	2904	winupdt3.exe
Token: SeProfSingleProcessPrivilege	2904	winupdt3.exe
Token: SeIncBasePriorityPrivilege	2904	winupdt3.exe
Token: SeCreatePagefilePrivilege	2904	winupdt3.exe
Token: SeCreatePermanentPrivilege	2904	winupdt3.exe
Token: SeBackupPrivilege	2904	winupdt3.exe
Token: SeRestorePrivilege	2904	winupdt3.exe
Token: SeShutdownPrivilege	2904	winupdt3.exe
Token: SeDebugPrivilege	2904	winupdt3.exe
Token: SeAuditPrivilege	2904	winupdt3.exe
Token: SeSystemEnvironmentPrivilege	2904	winupdt3.exe
Token: SeChangeNotifyPrivilege	2904	winupdt3.exe
Token: SeRemoteShutdownPrivilege	2904	winupdt3.exe
Token: SeUndockPrivilege	2904	winupdt3.exe
Token: SeSyncAgentPrivilege	2904	winupdt3.exe
Token: SeEnableDelegationPrivilege	2904	winupdt3.exe
Token: SeManageVolumePrivilege	2904	winupdt3.exe
Token: SeImpersonatePrivilege	2904	winupdt3.exe
Token: SeCreateGlobalPrivilege	2904	winupdt3.exe
Token: 31	2904	winupdt3.exe
Token: 32	2904	winupdt3.exe
Token: 33	2904	winupdt3.exe
Token: 34	2904	winupdt3.exe
Token: 35	2904	winupdt3.exe
Token: SeDebugPrivilege	2480	winupdt3.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
2584	winupdt3.exe
2904	winupdt3.exe
2904	winupdt3.exe
2480	winupdt3.exe
2904	winupdt3.exe

Suspicious use of WriteProcessMemory 62 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2180	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	28
PID 1672 wrote to memory of 2180	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	28
PID 1672 wrote to memory of 2180	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	28
PID 1672 wrote to memory of 2180	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	28
PID 2180 wrote to memory of 2704	2180	cmd.exe	30
PID 2180 wrote to memory of 2704	2180	cmd.exe	30
PID 2180 wrote to memory of 2704	2180	cmd.exe	30
PID 2180 wrote to memory of 2704	2180	cmd.exe	30
PID 1672 wrote to memory of 2584	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	31
PID 1672 wrote to memory of 2584	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	31
PID 1672 wrote to memory of 2584	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	31
PID 1672 wrote to memory of 2584	1672	35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe	31
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2904	2584	winupdt3.exe	32
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2904 wrote to memory of 2508	2904	winupdt3.exe	34
PID 2904 wrote to memory of 2508	2904	winupdt3.exe	34
PID 2904 wrote to memory of 2508	2904	winupdt3.exe	34
PID 2904 wrote to memory of 2508	2904	winupdt3.exe	34
PID 2904 wrote to memory of 2528	2904	winupdt3.exe	35
PID 2904 wrote to memory of 2528	2904	winupdt3.exe	35
PID 2904 wrote to memory of 2528	2904	winupdt3.exe	35
PID 2904 wrote to memory of 2528	2904	winupdt3.exe	35
PID 2904 wrote to memory of 2552	2904	winupdt3.exe	36
PID 2904 wrote to memory of 2552	2904	winupdt3.exe	36
PID 2904 wrote to memory of 2552	2904	winupdt3.exe	36
PID 2904 wrote to memory of 2552	2904	winupdt3.exe	36
PID 2904 wrote to memory of 2600	2904	winupdt3.exe	37
PID 2904 wrote to memory of 2600	2904	winupdt3.exe	37
PID 2904 wrote to memory of 2600	2904	winupdt3.exe	37
PID 2904 wrote to memory of 2600	2904	winupdt3.exe	37
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2584 wrote to memory of 2480	2584	winupdt3.exe	33
PID 2508 wrote to memory of 1624	2508	cmd.exe	40
PID 2508 wrote to memory of 1624	2508	cmd.exe	40
PID 2508 wrote to memory of 1624	2508	cmd.exe	40
PID 2508 wrote to memory of 1624	2508	cmd.exe	40
PID 2528 wrote to memory of 764	2528	cmd.exe	42
PID 2528 wrote to memory of 764	2528	cmd.exe	42
PID 2528 wrote to memory of 764	2528	cmd.exe	42
PID 2528 wrote to memory of 764	2528	cmd.exe	42
PID 2552 wrote to memory of 2884	2552	cmd.exe	45
PID 2552 wrote to memory of 2884	2552	cmd.exe	45
PID 2552 wrote to memory of 2884	2552	cmd.exe	45
PID 2552 wrote to memory of 2884	2552	cmd.exe	45
PID 2600 wrote to memory of 2792	2600	cmd.exe	44
PID 2600 wrote to memory of 2792	2600	cmd.exe	44
PID 2600 wrote to memory of 2792	2600	cmd.exe	44
PID 2600 wrote to memory of 2792	2600	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe
"C:\Users\Admin\AppData\Local\Temp\35c89f95f7e9a4d7cf0d18689153d84a38457d11693f271ff8ddf6e7aacc3850.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\ozHdW.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\SysWOW64\reg.exe
    REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinUpdt" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe" /f
    3⤵
    - Adds Run key to start application
    PID:2704
- C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe
  "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe
    "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:1624
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe:*:Enabled:Windows Messanger" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:764
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:2884
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\local.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\local.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\local.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\local.exe:*:Enabled:Windows Messanger" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:2792
- - C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe
    "C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ozHdW.bat

Filesize
152B

MD5
deba559edd7e3c8dcc3e27362ac41cde

SHA1
a5688d69bc779c836262874f344de154ae7e7219

SHA256
49f5709cc8357f7e406ae904f54d82d476094e2e93dc93308147d8ed9a175a90

SHA512
9296532fd85f48b49802be12a8581453f84274cada2433d082d5901bd86c57c86bdcc4bd4420d2f6014d1e964f0b1234eb0d34bd23ffad22c9ae02f615847fbd

Download Submit
C:\Users\Admin\AppData\Roaming\Window Updates\winupdt3.exe

Filesize
1.7MB

MD5
a4be5f478204c9f9f02520f0fa5d066a

SHA1
b1a1915c5f552ac2a25d0227e075c124e3b4c468

SHA256
beda3d5e469f249ae20dd34dd16989b43afb572aeef8a821f0f574dea924f45f

SHA512
2125f8f90d6a0477479092f2b00dad1fd39eca87fb7946bfd8bdc84d50f5c4e76cc5dce4749487968180b29ed1d66f62f1bcd57e449abe976172e12e249388b4

Download Submit
memory/1672-42-0x0000000003070000-0x0000000003226000-memory.dmp

Filesize
1.7MB

Download
memory/1672-45-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download
memory/1672-0-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download
memory/2480-63-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2480-68-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2480-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2480-62-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2584-65-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download
memory/2904-67-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-75-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-52-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-54-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-71-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-69-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-73-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-49-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-77-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-80-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-82-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-89-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-91-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2904-93-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads