d7f93dd3cc29ddbcc20355213ecc35226f0db4ba42c47c166310c6c937dd5180

Analysis

max time kernel
89s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

external_obf.exe
Size

37.4MB
MD5

04a2203440a8e4ad58e9383272d2e4c4
SHA1

e8539a930e7feaf92e76a40a675afaee1f89fb2f
SHA256

d7f93dd3cc29ddbcc20355213ecc35226f0db4ba42c47c166310c6c937dd5180
SHA512

ac10acfbe4948b43f7b4ff6c311bca851958ab4ea21726c63125ac250853a704fbe6d4dda7ee2ae0176eeb3c4ce1c709e3784418463234d23ab767b473b6183b
SSDEEP

786432:Vn89EgmKjPMXH2BeGpip+3dYPkiNE4apoc0:VnoEgJzGWBeGpzdY5E4moc0

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	external_obf.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	external_obf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	external_obf.exe

Loads dropped DLL 27 IoCs

pid	Process
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe
1816	external_obf.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	external_obf.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1816	external_obf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1816	external_obf.exe

C:\Users\Admin\AppData\Local\Temp\external_obf.exe
"C:\Users\Admin\AppData\Local\Temp\external_obf.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb42D1.tmp

Filesize
1KB

MD5
2b1876d5054872575c86068798a15541

SHA1
2ff0eb9886c06c6719a1e845b51312b96eede5fa

SHA256
996537298207b1567cd7e1754698ce2e494597e0c3f45af0289742563e836a7a

SHA512
ad616e335c2ce34f70a77858fd9826962784b1c4afbda337c7e660e2c207b2e985e81afcf9e4f10029f92b7630150f1ea8de397211176bc79b26c7bbbfea8b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb44D6.tmp

Filesize
1KB

MD5
9a766ae2a3da26cc4a30c7f47203c5d3

SHA1
9c8c1743aef4de2eebfa621468473e6752e2451b

SHA256
ca1bd35c85a5c589fd50f0b6b67b09e78e71653ce18fdb8240b2f3455144cff0

SHA512
2f1341cfbef71500d85486cb77e1bc5330847ab1adbedaf92869a9b0118908d8d2a138a538a010b2e80d21ac649c9243437f12b94798911c5f12802c6efd0a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB062.tmp

Filesize
1KB

MD5
8125213434a7fa4365ece498c0cbb0d0

SHA1
ecd681da190b037f40c45f41cc1a45a27ef88a9f

SHA256
da8e1584e52135fbe21409fbe151cc07ef809fd355165789005518141cabaef1

SHA512
8920512167338b24d0f0204548023408bbefc8ed3b14770b86f0950c7a8d824712e71574bd79500f3fd9aace152dd52e813f5fec483825adb4aece2320a8fc4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB12E.tmp

Filesize
1KB

MD5
f328402572f364412ddf35c6f1f25720

SHA1
8b2c2be2777df5d7258f6907c2b01e5acad147f2

SHA256
8a84cb96576d17707fd4e7f270b30c977fae166c93ebbc0d9c8c7407ab8c6a5b

SHA512
9a6b2ce56bef8e2387871b881ea698b2bd18b347b48d16851d3194525d6533f464824a5b7c78eac4569b6e171d56c84eb63a78b41a318fc8dc07f065bb2b823e

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB14F.tmp

Filesize
1KB

MD5
3a9edc92578a4ac48eda65e72ed94e9d

SHA1
9397a22b15c26d48f1a76ec31031f33feeb2492e

SHA256
044d47c0deaca7be57c5e2533c519e598333977efbc50f8e693259372284fa6c

SHA512
34cba89b2b470703725d3a44c37fd83cbe89406f6d6941aca69ca51f980ece8b1b71e44a70d8bfeadb929a67d158873b84a4192a6759665399f23cbbb170f49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB2C8.tmp

Filesize
1KB

MD5
c8ff16b1aee78777dc2d0ba1884d04a8

SHA1
e826bedb85ee79cef3db6876a42773e54bead5d8

SHA256
8310d0e8f270281bea4397f8c983d7ab9e31d0220b1b806e09a574dca5b351a9

SHA512
efb13ea84596f2e9eb259f363834787a6e98394f2d66f1bb73209d7b17448c50bbb9100d2e61013b7454abac230af8e478dfc7fab30ae0dad2680ce3eef964a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB2D8.tmp

Filesize
1KB

MD5
8e9785c89427e09b4b0fa3d23bd91de9

SHA1
22ba68ea5683f423ecd6dcb35b5cad56dc5943b4

SHA256
8937f93aadcc2e66f2e4ff48f3bc194c4f56a2171105423047cbdea00a729312

SHA512
8d65d28aaeb1133b2ea430b328722381c9d7edbc9f735bf8ac37852b72599c526aed678a31137b9793e4b8a6d5549e9896adbae2f246f8a081df0a09d63f121c

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB327.tmp

Filesize
1KB

MD5
1403ec3c9e96b4b8f39d54a31ec93458

SHA1
6f54faf70d9b7dc7dacd94f61daf5e015e7448dc

SHA256
53bae57b6164c44d139e906d00acd85a6fd8e6b6439d3769d2b5e42b300d641d

SHA512
c7cefbf5f8655c32ba89100437fe858c0a48d3b2ef97230f2394eb3a7918597581e4e2e7d22802ee719330c3563776ddd65b232e0e003f16ea94b2cab49edc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB3A5.tmp

Filesize
1KB

MD5
a1e7c567a2b49392fc38d419ddaf91aa

SHA1
dc4b1b8de3b9571d17b9956eb75bf4055c99d9f8

SHA256
6dcc863334c227a8c9c27e1efe6db78ace872f1a8ef97db0d6303d4ac6c327de

SHA512
b726573252e074e75c8067f00ffb7127e5c9dd2d95acd355f9ee2b2b8936e22de52f6a534a6adb5f3ef9ee1a9983dfd7011c2b5e37f6d2052385ce898fd74535

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB491.tmp

Filesize
1KB

MD5
0ee2e86147afd2e9c7a6193742f3a4ae

SHA1
033a1f73f624bf2a9d9f995903c62a03fe14dbb0

SHA256
69c81189014fa3aae2194d35c05cc320802ec69016f4d99622100d2acffe5fd5

SHA512
db81f2c0ef463ac1bde4a4767d0c1d1e856f675f0e2b516f865741c280829d87b556ed6c2f60eb4dd1a778de0002a944458514256e2f0903f5ae246a6e92204d

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB4A1.tmp

Filesize
1KB

MD5
0390233a45dfbc1e1615f8da655ef557

SHA1
c74288dc384bd7054d398fb8aee62e91236dc97b

SHA256
ba9db21520008db8518bee164d411b103603dace7c6d6e03be5f6c82f6cc54ae

SHA512
88e85e48ba999a157b29e1c539e70ebfddc01d2cc59e0d3e5215cf8c5044acb0cd4d7d1b50215b14ed76be6ebd373ee91257c57ad89e2e59bbe10e7c1f3ee542

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB6D5.tmp

Filesize
1KB

MD5
6e9fddd6356abaa078f908173cbc2033

SHA1
4f3e84e081d584fa54660044d18819ec0d5699af

SHA256
83b83654e0a759e77d59df12f6e998ad87b76a40839d0b27dba2361800609475

SHA512
d1b25c06e2a80517836d13ed1f94926139423570df7c800773e994ed7c2cd30dd0c31c12208ccfaacaf4c08cc06507df68ad9b64f20471a9ce40e93c97cda193

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB939.tmp

Filesize
1KB

MD5
073de173d28dcc84d3078365eebe868f

SHA1
71d29f7ad67d5376445583d4990617335568c7cb

SHA256
6c3b3e438d52092093db739ab1b5eedb4e6f8daa768f07ef9c6c1aa2c030e2a9

SHA512
6119d1f1ad2870635570029711b5e68b4403e4bad039d68ae5f8a8174b7f9764d70399c14854f9566c3b6e83debd75ed746920dc7b4cfafbc7313f6f169e0b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB9C7.tmp

Filesize
1KB

MD5
39f53480311c7d3430cccdd7d24aa549

SHA1
a4d798ce4b3b75db9b3646e7e7c5c0825a0029a6

SHA256
f32191a5356167b66cfcdbd22a0aadfa23295679924ad63c32f8ab62b855cb69

SHA512
16444f57eca7855e307b28198c39ac3369bd0cc6369346966ab73b151c6673abf3e81718bb2c62aacfdd3156d30774cacd2baaade4754e0cb1b7be71773d9732

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB9E7.tmp

Filesize
1KB

MD5
a20f3230804c258a5942553c64adc87c

SHA1
53945fe1d512cce73f257147eebd7ca53fcd5cc4

SHA256
b9a6a6685e5da28c299cb2d32d3e2ce5c867325cf962c59d876ac27737192522

SHA512
64f33fcb29faaa3f05b81610ac8de73cf3ee823b7f594073adfe17e95ac49477970ace73fa581708056ced7870868dd27fe470a1f1347eb8e6f4866907364977

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbBB21.tmp

Filesize
1KB

MD5
456aba23c80ae46d4c37780fdd630e5c

SHA1
a04033ae1b6c22971daa84d97b4adfc4234906e1

SHA256
a9132fe7ba5d34cf482bf9a5beda16857335f81522725bb53434d283c14bcf69

SHA512
2f63a1bd6d60f66e9b75c598aff4be75035e9b2932ade0fffb2befd78ced6450745bd254dd70f80a52ebeb8c1dd4786771ea44fbdff66036304b7fd427c952de

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbBF5A.tmp

Filesize
1KB

MD5
8dedec68cd3c6727edcd9d868032fe03

SHA1
95858879fa676d0622fdbb04252705426a8e81e7

SHA256
bf7cc7efee31bc39ecb6ae0bc161c3f79d82742b4e8788af98ebd5664a9e201d

SHA512
0a5ab89eaed609ff5846cbcad24949fc54409258aa533464d1148980b35cd9c48664455d7544c2f893303b61476e2f313405c4017ce558cbea2a6d56d171c9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbBF7A.tmp

Filesize
1KB

MD5
4a60e57cb0e0870c705b767d5f062fd5

SHA1
ea1cb568abc128e7253b1c4495d52cbe21b79beb

SHA256
1577b5175189816d6b3853140af391a14d6fc7be0332964f47af4745c51db6e7

SHA512
db7891d9320842b2595c3f0b1021fd035467da8f58a3cb48b31d9e588794113055a1883d8ce572a04a42ac76860f7e57da8d154a45d1f4879848bf76122f9997

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbC0A4.tmp

Filesize
1KB

MD5
dd366a1aa8ff08588a4e2bcb45d457ef

SHA1
b95e345b10380b61937c90a2bc7a10384882628c

SHA256
ea362d6ebb9d153a4809ab732faa7c57b6e768574b64a78ea059c613fcf9a462

SHA512
423684f89c971146e270412007776803588e6439dc717941c4f98db1fc5cfabf857812973fa02fc552d9593b2ec9fafa15f1335185b88e96e0de5a74d30f4ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbC0A5.tmp

Filesize
1KB

MD5
b24e1a4e95ef8cd7522899420063b1f3

SHA1
ae1586aba28b089fa62edb4f607039e79137559e

SHA256
65a87347e5c4f633f542ac66a3e3c1a220666523aa4aa13d4dd0842595b47711

SHA512
b128b8161e9024dfe40ad22482957ece534dd97264a99965d6621b72d25b934bb49e7f78fa1b4c7077aa2d36efd2e05e3f6b57b1968857d857a087cf2c1e1ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbC0E4.tmp

Filesize
1KB

MD5
ba9031abb5e4e62c27f35144a63396b4

SHA1
c2d44ccd657495c0a82d40d1f3473e0cde3092a9

SHA256
2498201d354b7b8c12bfb7fb7e610abdd9a7bbe08629c7191460430dfffe36ab

SHA512
86bd41e55976fee081227b1a1aa192211e218ea62dcdec577b8acc80cd7de5bb057961b1cdcfad8e8c72b1a314b044ce34b285d6de2c6a48a11d3f463ed793c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbC105.tmp

Filesize
1KB

MD5
14b543fa3f4a4ba3bf24d3d114400281

SHA1
10948e30aa38ce30e3d33469e75b939f55c95d4a

SHA256
f759cb9e80161e56870d00987aa82b3389d893ddfd9f3f5e0cf17098647d69ea

SHA512
b14aa57493136cddfc9534fb0b2c0b94b9e4de89016552c9aa26c43108537cf89034f0a2f83c247d156be7def41e9ddfa5dfe520232afff25f446b28da8adcb5

Download Submit
memory/1816-83-0x0000000180000000-0x00000001805CC000-memory.dmp

Filesize
5.8MB

Download
memory/1816-144-0x0000000006930000-0x0000000006945000-memory.dmp

Filesize
84KB

Download
memory/1816-32-0x00000000056D0000-0x00000000056F7000-memory.dmp

Filesize
156KB

Download
memory/1816-48-0x0000000005730000-0x0000000005755000-memory.dmp

Filesize
148KB

Download
memory/1816-55-0x0000000005760000-0x000000000577F000-memory.dmp

Filesize
124KB

Download
memory/1816-60-0x0000000005780000-0x000000000578B000-memory.dmp

Filesize
44KB

Download
memory/1816-59-0x0000000005780000-0x000000000578B000-memory.dmp

Filesize
44KB

Download
memory/1816-34-0x00000000056D0000-0x00000000056F7000-memory.dmp

Filesize
156KB

Download
memory/1816-64-0x00000000063E0000-0x00000000063F5000-memory.dmp

Filesize
84KB

Download
memory/1816-63-0x00000000063E0000-0x00000000063F5000-memory.dmp

Filesize
84KB

Download
memory/1816-38-0x0000000005700000-0x0000000005725000-memory.dmp

Filesize
148KB

Download
memory/1816-53-0x0000000005760000-0x000000000577F000-memory.dmp

Filesize
124KB

Download
memory/1816-40-0x0000000005700000-0x0000000005725000-memory.dmp

Filesize
148KB

Download
memory/1816-69-0x0000000006410000-0x0000000006439000-memory.dmp

Filesize
164KB

Download
memory/1816-67-0x0000000006410000-0x0000000006439000-memory.dmp

Filesize
164KB

Download
memory/1816-73-0x0000000006450000-0x0000000006461000-memory.dmp

Filesize
68KB

Download
memory/1816-75-0x0000000006450000-0x0000000006461000-memory.dmp

Filesize
68KB

Download
memory/1816-29-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-79-0x0000000006480000-0x00000000067CF000-memory.dmp

Filesize
3.3MB

Download
memory/1816-28-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-90-0x0000000005730000-0x0000000005755000-memory.dmp

Filesize
148KB

Download
memory/1816-89-0x0000000001750000-0x000000000175C000-memory.dmp

Filesize
48KB

Download
memory/1816-98-0x0000000006450000-0x0000000006461000-memory.dmp

Filesize
68KB

Download
memory/1816-101-0x0000000006480000-0x00000000067CF000-memory.dmp

Filesize
3.3MB

Download
memory/1816-27-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-104-0x00000000067F0000-0x0000000006817000-memory.dmp

Filesize
156KB

Download
memory/1816-97-0x0000000006410000-0x0000000006439000-memory.dmp

Filesize
164KB

Download
memory/1816-96-0x00000000063E0000-0x00000000063F5000-memory.dmp

Filesize
84KB

Download
memory/1816-95-0x0000000005780000-0x000000000578B000-memory.dmp

Filesize
44KB

Download
memory/1816-26-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-94-0x0000000005760000-0x000000000577F000-memory.dmp

Filesize
124KB

Download
memory/1816-23-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-22-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-88-0x0000000005700000-0x0000000005725000-memory.dmp

Filesize
148KB

Download
memory/1816-87-0x00000000056D0000-0x00000000056F7000-memory.dmp

Filesize
156KB

Download
memory/1816-19-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-18-0x0000000001710000-0x000000000172B000-memory.dmp

Filesize
108KB

Download
memory/1816-85-0x0000000006480000-0x00000000067CF000-memory.dmp

Filesize
3.3MB

Download
memory/1816-17-0x0000000180000000-0x00000001805CC000-memory.dmp

Filesize
5.8MB

Download
memory/1816-142-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-146-0x0000000006E80000-0x0000000006EA8000-memory.dmp

Filesize
160KB

Download
memory/1816-149-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-148-0x0000000007070000-0x00000000070F4000-memory.dmp

Filesize
528KB

Download
memory/1816-147-0x0000000006EC0000-0x0000000006F6E000-memory.dmp

Filesize
696KB

Download
memory/1816-145-0x0000000006D60000-0x0000000006D69000-memory.dmp

Filesize
36KB

Download
memory/1816-16-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-15-0x00007FFC797CD000-0x00007FFC797CE000-memory.dmp

Filesize
4KB

Download
memory/1816-46-0x0000000005730000-0x0000000005755000-memory.dmp

Filesize
148KB

Download
memory/1816-14-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-10-0x0000000001710000-0x000000000172B000-memory.dmp

Filesize
108KB

Download
memory/1816-12-0x0000000001710000-0x000000000172B000-memory.dmp

Filesize
108KB

Download
memory/1816-2-0x0000000180000000-0x00000001805CC000-memory.dmp

Filesize
5.8MB

Download
memory/1816-143-0x00000000067D0000-0x00000000067D7000-memory.dmp

Filesize
28KB

Download
memory/1816-141-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-175-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-177-0x00000000067F0000-0x0000000006817000-memory.dmp

Filesize
156KB

Download
memory/1816-178-0x0000000007250000-0x0000000007272000-memory.dmp

Filesize
136KB

Download
memory/1816-183-0x00000000078F0000-0x0000000007902000-memory.dmp

Filesize
72KB

Download
memory/1816-182-0x0000000007750000-0x0000000007788000-memory.dmp

Filesize
224KB

Download
memory/1816-181-0x00000000075F0000-0x00000000075FF000-memory.dmp

Filesize
60KB

Download
memory/1816-180-0x00000000075C0000-0x00000000075D4000-memory.dmp

Filesize
80KB

Download
memory/1816-179-0x0000000007290000-0x00000000073A8000-memory.dmp

Filesize
1.1MB

Download
memory/1816-176-0x0000000180000000-0x00000001805CC000-memory.dmp

Filesize
5.8MB

Download
memory/1816-186-0x0000000007230000-0x0000000007237000-memory.dmp

Filesize
28KB

Download
memory/1816-185-0x0000000007110000-0x0000000007119000-memory.dmp

Filesize
36KB

Download
memory/1816-184-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-212-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-264-0x0000000007110000-0x0000000007119000-memory.dmp

Filesize
36KB

Download
memory/1816-263-0x00007FFC79730000-0x00007FFC79925000-memory.dmp

Filesize
2.0MB

Download
memory/1816-265-0x0000000001750000-0x000000000175C000-memory.dmp

Filesize
48KB

Download
memory/1816-266-0x0000000007230000-0x0000000007237000-memory.dmp

Filesize
28KB

Download
memory/1816-267-0x0000000005730000-0x0000000005755000-memory.dmp

Filesize
148KB

Download
memory/1816-268-0x0000000180000000-0x00000001805CC000-memory.dmp

Filesize
5.8MB

Download
memory/1816-269-0x0000000001710000-0x000000000172B000-memory.dmp

Filesize
108KB

Download
memory/1816-270-0x00000000067F0000-0x0000000006817000-memory.dmp

Filesize
156KB

Download
memory/1816-271-0x00000000056D0000-0x00000000056F7000-memory.dmp

Filesize
156KB

Download
memory/1816-272-0x0000000005700000-0x0000000005725000-memory.dmp

Filesize
148KB

Download
memory/1816-278-0x00000000067D0000-0x00000000067D7000-memory.dmp

Filesize
28KB

Download
memory/1816-279-0x0000000006480000-0x00000000067CF000-memory.dmp

Filesize
3.3MB

Download
memory/1816-284-0x0000000007070000-0x00000000070F4000-memory.dmp

Filesize
528KB

Download
memory/1816-283-0x0000000006EC0000-0x0000000006F6E000-memory.dmp

Filesize
696KB

Download
memory/1816-282-0x0000000006E80000-0x0000000006EA8000-memory.dmp

Filesize
160KB

Download
memory/1816-281-0x0000000006D60000-0x0000000006D69000-memory.dmp

Filesize
36KB

Download
memory/1816-280-0x0000000006930000-0x0000000006945000-memory.dmp

Filesize
84KB

Download
memory/1816-277-0x0000000006450000-0x0000000006461000-memory.dmp

Filesize
68KB

Download
memory/1816-276-0x0000000006410000-0x0000000006439000-memory.dmp

Filesize
164KB

Download
memory/1816-275-0x00000000063E0000-0x00000000063F5000-memory.dmp

Filesize
84KB

Download
memory/1816-274-0x0000000005780000-0x000000000578B000-memory.dmp

Filesize
44KB

Download
memory/1816-273-0x0000000005760000-0x000000000577F000-memory.dmp

Filesize
124KB

Download
memory/1816-285-0x0000000140000000-0x0000000142791000-memory.dmp

Filesize
39.6MB

Download
memory/1816-286-0x0000000007250000-0x0000000007272000-memory.dmp

Filesize
136KB

Download
memory/1816-290-0x00000000078F0000-0x0000000007902000-memory.dmp

Filesize
72KB

Download
memory/1816-289-0x0000000007750000-0x0000000007788000-memory.dmp

Filesize
224KB

Download
memory/1816-288-0x00000000075C0000-0x00000000075D4000-memory.dmp

Filesize
80KB

Download
memory/1816-287-0x0000000007290000-0x00000000073A8000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads