4e5daab3d6dff2b54690cbe8c66ceac53a40aaba3f8c7546d6951652303cc045

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

da3b7faf-72f6-491b-8d55-86a1ce3cf683.xlsm
Size

824KB
MD5

8bdf43eb2922c8d859963443b5e535f9
SHA1

742664464f0f70f4a4dc4d86efcdfb4cbe1a7991
SHA256

4e5daab3d6dff2b54690cbe8c66ceac53a40aaba3f8c7546d6951652303cc045
SHA512

8d225cad60901df2caf50e3791ce8440b03b575531d5dd1efc7b19b316a1d3a1891c19f35519b9484854f1cb2d5b05980b292d468a7c42c031387444feff2f66
SSDEEP

12288:NR73Ph3Y1eCCjqff8OWcQ7qiaPNYz7TuKLcvP56QJc/ea+kgNrI5UMXSmaIut0O0:KvCPOWcQr7aGcvpJceEsr0UIup9mtf

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	4020	756	cmd.exe	29

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3068	ipconfig.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\ = "Font"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}\ = "WHTMLControlEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLOption"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents7"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}\ = "MdcToggleButtonEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents3"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E7A95067-EB8A-47E6-B256-3AA6161649C8}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\VBE"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcCheckBox"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}\ = "IScrollbar"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\TypeLib\{E7A95067-EB8A-47E6-B256-3AA6161649C8}\2.0\ = "Microsoft Forms 2.0 Object Library"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLText"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E7A95067-EB8A-47E6-B256-3AA6161649C8}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}\ = "IScrollbar"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E7A95067-EB8A-47E6-B256-3AA6161649C8}\2.0\ = "Microsoft Forms 2.0 Object Library"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}\ = "ITabStrip"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLText"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLTextArea"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}\ = "IReturnInteger"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}\ = "ScrollbarEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}\ = "SpinbuttonEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents10"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}\ = "IReturnSingle"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}\ = "Tabs"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\ = "MdcTextEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcOptionButton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLReset"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSelect"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
756	EXCEL.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
756	EXCEL.EXE
756	EXCEL.EXE
756	EXCEL.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 4020	756	EXCEL.EXE	30
PID 756 wrote to memory of 4020	756	EXCEL.EXE	30
PID 756 wrote to memory of 4020	756	EXCEL.EXE	30
PID 756 wrote to memory of 4020	756	EXCEL.EXE	30
PID 4020 wrote to memory of 3068	4020	cmd.exe	32
PID 4020 wrote to memory of 3068	4020	cmd.exe	32
PID 4020 wrote to memory of 3068	4020	cmd.exe	32
PID 4020 wrote to memory of 3068	4020	cmd.exe	32

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\da3b7faf-72f6-491b-8d55-86a1ce3cf683.xlsm
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\command.bat""
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\command.bat

Filesize
120B

MD5
6dc6b33f67fd320af9edb961b7ddf678

SHA1
cd54cc00668bbc8b94bacb17b3f4b04a07ac59a5

SHA256
310eb75944ee6efe6b4588647c93db5ebd2918b5ef4b16f4e610979fd4718446

SHA512
0bcff8865695809e0429778535b8e0495330f7105c9be3d751c9a9b2a6515e1cf404829ddca76a71c2bdc10483c0b6180323406c5ddc7c8f9caea3220be8737e

Download Submit
C:\Users\Admin\AppData\Local\Temp\done.txt

Filesize
10B

MD5
12394bec51bc0598cd5a64d1a65523e0

SHA1
1fd91832d3514d64c230b8d80ba1b73fc8226ed2

SHA256
f5a16600f4290bb2ea7414d0eb45b4981a8b8bff888ae9dd60fcbe9f35befead

SHA512
38df994b72aeab649f699ddc054eb88e575da020de832d1c46964967432ed78301d7f88a54327d4be534ed5411a37e09d10ae90f21d758edee543220364b3533

Download Submit
C:\Users\Admin\AppData\Local\Temp\output.txt

Filesize
1KB

MD5
8d4fa0b16c41e709ddf2c5bbb34ea62b

SHA1
3c2b31919035fb4bb249c06e55173b73715eedfa

SHA256
60f2d9baa096de68ecf3eef6f04790737f1ecab5d1ef176c712e0dc48184d460

SHA512
d299e43afa7ff1b3fea57bd161f54cc36da3b672f202a99aa42b6a08064d5463f9f1ead3d9ebf7905331b67440834509abf5b0f9773d3ca6c541736b7326b7a8

Download Submit
memory/756-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/756-1-0x00000000723AD000-0x00000000723B8000-memory.dmp

Filesize
44KB

Download
memory/756-3-0x0000000007550000-0x0000000007650000-memory.dmp

Filesize
1024KB

Download
memory/756-40-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-77-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-38-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-80-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-39-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-114-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-41-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-42-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-43-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-44-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-45-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-144-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-46-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-165-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-197-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-225-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-78-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-79-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-163-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-228-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-226-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-224-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-223-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-222-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-221-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-220-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-219-0x00000000003B0000-0x00000000004B0000-memory.dmp

Filesize
1024KB

Download
memory/756-198-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-196-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-195-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-194-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-193-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-192-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-169-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-168-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-167-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-166-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-164-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-162-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-161-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-152-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-151-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-150-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-149-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-148-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-147-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-146-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-145-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-128-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-127-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-126-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-125-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-124-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-123-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-122-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-121-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-120-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-119-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-118-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-117-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-116-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-115-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-113-0x0000000006100000-0x0000000006200000-memory.dmp

Filesize
1024KB

Download
memory/756-731-0x0000000006AD0000-0x0000000006CD0000-memory.dmp

Filesize
2.0MB

Download
memory/756-1711-0x00000000723AD000-0x00000000723B8000-memory.dmp

Filesize
44KB

Download
memory/756-1712-0x0000000007550000-0x0000000007650000-memory.dmp

Filesize
1024KB

Download
memory/756-1713-0x0000000006AD0000-0x0000000006CD0000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads