metasploit | e4978064cdb5fa609a0c55d8e71a6d0c49bb9d3e43941aab62dfca67203ee1a8

Analysis

max time kernel
148s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
Size

265KB
MD5

3f4823fdae4804d5bf5d05effd0a9849
SHA1

1998ec66a865f99724137586adc27f04dbd55ee8
SHA256

e4978064cdb5fa609a0c55d8e71a6d0c49bb9d3e43941aab62dfca67203ee1a8
SHA512

917748ae8c677a11c2cc436254331bedd6904177c10b5447af3662158f07dab974d4e7b62b9dfdad557fd66d616b79d796a41a2e881b76253bb3a5c322388489
SSDEEP

6144:XFrD6QHF+b9vtt7Ucy2g6Dk7hvpQSwAxM8uV4f0wsw:X96QH89vtdUbVGShlwA28uVTwj

Score

10^/10

metasploit backdoor bootkit persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 10 IoCs

pid	Process
2568	spwls.exe
1160	spwls.exe
2828	spwls.exe
2612	spwls.exe
616	spwls.exe
1892	spwls.exe
2112	spwls.exe
476	spwls.exe
1716	spwls.exe
3056	spwls.exe

Loads dropped DLL 20 IoCs

pid	Process
2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
2568	spwls.exe
2568	spwls.exe
1160	spwls.exe
1160	spwls.exe
2828	spwls.exe
2828	spwls.exe
2612	spwls.exe
2612	spwls.exe
616	spwls.exe
616	spwls.exe
1892	spwls.exe
1892	spwls.exe
2112	spwls.exe
2112	spwls.exe
476	spwls.exe
476	spwls.exe
1716	spwls.exe
1716	spwls.exe

Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe
File opened for modification	\??\PhysicalDrive0	spwls.exe

Drops file in System32 directory 32 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File created	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\spwls.exe	spwls.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	spwls.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2568	2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2568	2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2568	2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2568	2824	3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1160	2568	spwls.exe	31
PID 2568 wrote to memory of 1160	2568	spwls.exe	31
PID 2568 wrote to memory of 1160	2568	spwls.exe	31
PID 2568 wrote to memory of 1160	2568	spwls.exe	31
PID 1160 wrote to memory of 2828	1160	spwls.exe	32
PID 1160 wrote to memory of 2828	1160	spwls.exe	32
PID 1160 wrote to memory of 2828	1160	spwls.exe	32
PID 1160 wrote to memory of 2828	1160	spwls.exe	32
PID 2828 wrote to memory of 2612	2828	spwls.exe	33
PID 2828 wrote to memory of 2612	2828	spwls.exe	33
PID 2828 wrote to memory of 2612	2828	spwls.exe	33
PID 2828 wrote to memory of 2612	2828	spwls.exe	33
PID 2612 wrote to memory of 616	2612	spwls.exe	34
PID 2612 wrote to memory of 616	2612	spwls.exe	34
PID 2612 wrote to memory of 616	2612	spwls.exe	34
PID 2612 wrote to memory of 616	2612	spwls.exe	34
PID 616 wrote to memory of 1892	616	spwls.exe	35
PID 616 wrote to memory of 1892	616	spwls.exe	35
PID 616 wrote to memory of 1892	616	spwls.exe	35
PID 616 wrote to memory of 1892	616	spwls.exe	35
PID 1892 wrote to memory of 2112	1892	spwls.exe	36
PID 1892 wrote to memory of 2112	1892	spwls.exe	36
PID 1892 wrote to memory of 2112	1892	spwls.exe	36
PID 1892 wrote to memory of 2112	1892	spwls.exe	36
PID 2112 wrote to memory of 476	2112	spwls.exe	37
PID 2112 wrote to memory of 476	2112	spwls.exe	37
PID 2112 wrote to memory of 476	2112	spwls.exe	37
PID 2112 wrote to memory of 476	2112	spwls.exe	37
PID 476 wrote to memory of 1716	476	spwls.exe	38
PID 476 wrote to memory of 1716	476	spwls.exe	38
PID 476 wrote to memory of 1716	476	spwls.exe	38
PID 476 wrote to memory of 1716	476	spwls.exe	38
PID 1716 wrote to memory of 3056	1716	spwls.exe	39
PID 1716 wrote to memory of 3056	1716	spwls.exe	39
PID 1716 wrote to memory of 3056	1716	spwls.exe	39
PID 1716 wrote to memory of 3056	1716	spwls.exe	39

C:\Users\Admin\AppData\Local\Temp\3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\spwls.exe
  C:\Windows\system32\spwls.exe 476 "C:\Users\Admin\AppData\Local\Temp\3f4823fdae4804d5bf5d05effd0a9849_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Windows\SysWOW64\spwls.exe
    C:\Windows\system32\spwls.exe 528 "C:\Windows\SysWOW64\spwls.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Windows\SysWOW64\spwls.exe
      C:\Windows\system32\spwls.exe 532 "C:\Windows\SysWOW64\spwls.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 520 "C:\Windows\SysWOW64\spwls.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2612
      - C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 552 "C:\Windows\SysWOW64\spwls.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:616
        
        C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 548 "C:\Windows\SysWOW64\spwls.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 540 "C:\Windows\SysWOW64\spwls.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2112
        
        C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 560 "C:\Windows\SysWOW64\spwls.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:476
        
        C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 568 "C:\Windows\SysWOW64\spwls.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1716
        
        C:\Windows\SysWOW64\spwls.exe
        
        C:\Windows\system32\spwls.exe 564 "C:\Windows\SysWOW64\spwls.exe"
        11⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Drops file in System32 directory
        
        PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\spwls.exe

Filesize
265KB

MD5
3f4823fdae4804d5bf5d05effd0a9849

SHA1
1998ec66a865f99724137586adc27f04dbd55ee8

SHA256
e4978064cdb5fa609a0c55d8e71a6d0c49bb9d3e43941aab62dfca67203ee1a8

SHA512
917748ae8c677a11c2cc436254331bedd6904177c10b5447af3662158f07dab974d4e7b62b9dfdad557fd66d616b79d796a41a2e881b76253bb3a5c322388489

Download Submit
memory/476-135-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/476-129-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/476-127-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/616-116-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/616-108-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1160-93-0x0000000002E30000-0x0000000002F77000-memory.dmp

Filesize
1.3MB

Download
memory/1160-96-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1160-89-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1160-86-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1716-133-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1716-139-0x0000000002F70000-0x00000000030B7000-memory.dmp

Filesize
1.3MB

Download
memory/1716-141-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1892-117-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1892-115-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/1892-122-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2112-121-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2112-123-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2112-128-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2568-87-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2568-88-0x00000000002A0000-0x00000000002E4000-memory.dmp

Filesize
272KB

Download
memory/2568-74-0x00000000002A0000-0x00000000002E4000-memory.dmp

Filesize
272KB

Download
memory/2568-85-0x0000000002E70000-0x0000000002FB7000-memory.dmp

Filesize
1.3MB

Download
memory/2568-81-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2568-75-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2568-76-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2568-72-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2568-73-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2612-101-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2612-110-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2824-47-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2824-43-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/2824-39-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2824-38-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2824-37-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2824-36-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2824-35-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2824-34-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2824-33-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2824-32-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2824-31-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2824-30-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2824-29-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2824-28-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2824-27-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-26-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2824-25-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2824-24-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-23-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2824-22-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2824-21-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2824-20-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2824-19-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2824-18-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2824-17-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2824-16-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2824-15-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/2824-14-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2824-13-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2824-12-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/2824-11-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2824-41-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2824-42-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2824-40-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2824-44-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2824-45-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2824-71-0x0000000002E30000-0x0000000002F77000-memory.dmp

Filesize
1.3MB

Download
memory/2824-46-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2824-79-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2824-78-0x0000000000550000-0x0000000000594000-memory.dmp

Filesize
272KB

Download
memory/2824-7-0x00000000022C0000-0x00000000022C5000-memory.dmp

Filesize
20KB

Download
memory/2824-48-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2824-49-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/2824-50-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2824-51-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2824-52-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/2824-6-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/2824-53-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/2824-54-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2824-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2824-55-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2824-4-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2824-56-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2824-57-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2824-58-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/2824-59-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/2824-60-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/2824-61-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/2824-62-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/2824-63-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2824-0-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2824-1-0x00000000003A0000-0x00000000003A2000-memory.dmp

Filesize
8KB

Download
memory/2824-2-0x0000000000550000-0x0000000000594000-memory.dmp

Filesize
272KB

Download
memory/2824-3-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2828-103-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2828-97-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2828-94-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads