darkcomet | 277bc5501e6c7f71ff93312a15dfee2860a1645a349c8c18320cd1395296ac1f

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
Size

850KB
MD5

3fa235f707d94ed2ddf3d0f9fa3aa7c7
SHA1

1e6738e08222e17330ebb46ae4b0d41e1d04507b
SHA256

277bc5501e6c7f71ff93312a15dfee2860a1645a349c8c18320cd1395296ac1f
SHA512

5740ca0e1976264d2201c7a9fa4fc14c54b53babd5e648d763a89f3cb08698e58cbf2a282da22477af38919396a4f6fac0ce00b33066c258da5b2b19fac0dcb5
SSDEEP

12288:pPbpQ6aKtbO+yqChrYZ7kC6csbrZgky5JdjmL7TqyTV6tVW2l:jQ0xChsNkCdsbrZNyRyL77B6tVn

Score

10^/10

darkcomet guest18 persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest18

wepy.no-ip.info:1604

Mutex

DC_MUTEX-BABKDRG

Attributes

gencode
hUo2XWkqodC7
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacbookUpdate.exe	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacbookUpdate.exe	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe

Executes dropped EXE 3 IoCs

pid	Process
2836	Service.exe
2180	CloneU.exe
2828	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe

Loads dropped DLL 4 IoCs

pid	Process
2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2836-11-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-17-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-13-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-19-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-20-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-22-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-21-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-24-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-23-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-26-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-59-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-60-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-61-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-62-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-63-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-64-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-65-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-66-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-67-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-68-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-69-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-70-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-71-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-72-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral1/memory/2836-73-0x0000000000400000-0x00000000004BA000-memory.dmp	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\FacbookUpdate = "C:\\Users\\Admin\\AppData\\Roaming\\FacbookUpdate.exe"	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\autorun.inf	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
File opened for modification	C:\autorun.inf	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2100 set thread context of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2608	PING.EXE

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2836	Service.exe
Token: SeSecurityPrivilege	2836	Service.exe
Token: SeTakeOwnershipPrivilege	2836	Service.exe
Token: SeLoadDriverPrivilege	2836	Service.exe
Token: SeSystemProfilePrivilege	2836	Service.exe
Token: SeSystemtimePrivilege	2836	Service.exe
Token: SeProfSingleProcessPrivilege	2836	Service.exe
Token: SeIncBasePriorityPrivilege	2836	Service.exe
Token: SeCreatePagefilePrivilege	2836	Service.exe
Token: SeBackupPrivilege	2836	Service.exe
Token: SeRestorePrivilege	2836	Service.exe
Token: SeShutdownPrivilege	2836	Service.exe
Token: SeDebugPrivilege	2836	Service.exe
Token: SeSystemEnvironmentPrivilege	2836	Service.exe
Token: SeChangeNotifyPrivilege	2836	Service.exe
Token: SeRemoteShutdownPrivilege	2836	Service.exe
Token: SeUndockPrivilege	2836	Service.exe
Token: SeManageVolumePrivilege	2836	Service.exe
Token: SeImpersonatePrivilege	2836	Service.exe
Token: SeCreateGlobalPrivilege	2836	Service.exe
Token: 33	2836	Service.exe
Token: 34	2836	Service.exe
Token: 35	2836	Service.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2836	Service.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2836	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	28
PID 2100 wrote to memory of 2180	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	29
PID 2100 wrote to memory of 2180	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	29
PID 2100 wrote to memory of 2180	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	29
PID 2100 wrote to memory of 2180	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	29
PID 2100 wrote to memory of 2768	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	30
PID 2100 wrote to memory of 2768	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	30
PID 2100 wrote to memory of 2768	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	30
PID 2100 wrote to memory of 2768	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	30
PID 2768 wrote to memory of 760	2768	vbc.exe	32
PID 2768 wrote to memory of 760	2768	vbc.exe	32
PID 2768 wrote to memory of 760	2768	vbc.exe	32
PID 2768 wrote to memory of 760	2768	vbc.exe	32
PID 2100 wrote to memory of 2828	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	33
PID 2100 wrote to memory of 2828	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	33
PID 2100 wrote to memory of 2828	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	33
PID 2100 wrote to memory of 2828	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	33
PID 2100 wrote to memory of 2712	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	34
PID 2100 wrote to memory of 2712	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	34
PID 2100 wrote to memory of 2712	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	34
PID 2100 wrote to memory of 2712	2100	3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe	34
PID 2712 wrote to memory of 2608	2712	cmd.exe	36
PID 2712 wrote to memory of 2608	2712	cmd.exe	36
PID 2712 wrote to memory of 2608	2712	cmd.exe	36
PID 2712 wrote to memory of 2608	2712	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\plugtemp\Service.exe
  C:\Users\Admin\AppData\Local\Temp\\plugtemp\Service.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\CloneU.exe
  "C:\Users\Admin\AppData\Local\Temp\CloneU.exe"
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ifqi89pt.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB414.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB413.tmp"
    3⤵
    PID:760
- C:\Users\Admin\AppData\Roaming\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe
  "C:\Users\Admin\AppData\Roaming\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  PID:2828
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - Runs ping.exe
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESB414.tmp

Filesize
1KB

MD5
c9809b0864fd302caba42f2e68a5fcb4

SHA1
87e64ef8083388a5b9432735d45dbff1ad1b5080

SHA256
5b1fc20c2c9c821c20696de1aef2781bda16d7ddcec2e31490014fbf3547206f

SHA512
7ba50ec1c1ceb9df9180e826fc037ae6da608d6da2091c8825092a8476490aff0837bfbb8d92c57fc8ed2cde04224b574fe3e2ace03187a49b99d4c607269aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ifqi89pt.0.vb

Filesize
348B

MD5
356e329453f9fc8dd7c0eb8a75b0e488

SHA1
d7bb699e9e9149b861299feb8c8ac2032fd38170

SHA256
1653b44e728c2f605c2189bea1a8653c3440a52ca1f67e2f6ad5f603e90fc11a

SHA512
012e0dc908135a3748c70d496f8c7d32df3d6900cad2a42a4187a3632382a19905747f57b5424d62aa8db743eb98eb31eef57c4ecf0ce4a50ce9f7ead9d285a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ifqi89pt.cmdline

Filesize
235B

MD5
ba99fbc8a65be5fe0b1170af3c181032

SHA1
12144614625d99069d3da0ea5f0ae7d7b4758541

SHA256
8d564d68f822a18ed88fbb1f1fb26e1bfdd8ed30cc3b1aaf27e9e2e264e09d15

SHA512
88665a00db2d9bf1949b417ad2ed82b2eba6b2728280e1e8d576a872a6a80cd5213c1433f9b11d5dc9c478af1dae55e82254c38d5d378dab90e6f64948ef7333

Download Submit
C:\Users\Admin\AppData\Local\Temp\plugtemp\Service.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcB413.tmp

Filesize
804B

MD5
d8f9447cfe071e0e1a4f87bdc4f0d367

SHA1
030b6a2455cc37b67047ecc3dcff4b766c5f0822

SHA256
0434e813002894aed3df67cea469652a22613376c729bbe6c23933be80a09b14

SHA512
a2e31c6a7ec345ec6f64c66b000bfbf7ca845e2f21a9de4dc96f973a4291648d6f988b9997c6051788219723d7d89543969bcf67b494c8d881dcd84d1746a4a8

Download Submit
C:\Users\Admin\AppData\Roaming\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes118.exe

Filesize
850KB

MD5
3fa235f707d94ed2ddf3d0f9fa3aa7c7

SHA1
1e6738e08222e17330ebb46ae4b0d41e1d04507b

SHA256
277bc5501e6c7f71ff93312a15dfee2860a1645a349c8c18320cd1395296ac1f

SHA512
5740ca0e1976264d2201c7a9fa4fc14c54b53babd5e648d763a89f3cb08698e58cbf2a282da22477af38919396a4f6fac0ce00b33066c258da5b2b19fac0dcb5

Download Submit
C:\Users\Admin\AppData\Roaming\3fa235f707d94ed2ddf3d0f9fa3aa7c7_JaffaCakes1181.exe

Filesize
6KB

MD5
45a829d75320ea2222788e814470b3d4

SHA1
bea3ec6fa0314cac2d8fd1c6a183c9b40f79d452

SHA256
5668115f6d408024244fc5909f1d171aa488d28812b15c71ea96e92307524d04

SHA512
0c080dbcef8148372a7220b3b8f05e0792357ab193f91edb7dfc863c48f44ef058c6a58f7e97655f9b37229cee16b6dd1bc35045506fa935a1ad6ce987eb0542

Download Submit
\Users\Admin\AppData\Local\Temp\CloneU.exe

Filesize
23KB

MD5
87acde672a8a4eb57ba1bdbbaec145a2

SHA1
8cb7f023e00b9dccc6b71038c92116f472b4cb72

SHA256
7846fab09ae6d1696513ff5a0187763306b9dbc1f1ce58896a97c4bc97499f92

SHA512
182fb12195d65bffdccc5d02417a98d0f7c4d92fa99e1dd51c74b797b2c23541d55bd30f9d3eaa1971b8f4d237b1b32f22ff2cb2c9459f38d42a78d91cc367f6

Download Submit
memory/2100-58-0x00000000743E0000-0x000000007498B000-memory.dmp

Filesize
5.7MB

Download
memory/2100-3-0x00000000743E0000-0x000000007498B000-memory.dmp

Filesize
5.7MB

Download
memory/2100-0-0x00000000743E1000-0x00000000743E2000-memory.dmp

Filesize
4KB

Download
memory/2100-2-0x00000000743E0000-0x000000007498B000-memory.dmp

Filesize
5.7MB

Download
memory/2100-1-0x00000000743E0000-0x000000007498B000-memory.dmp

Filesize
5.7MB

Download
memory/2836-10-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-59-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-23-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-27-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2836-26-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-21-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-22-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-20-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-19-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-13-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-17-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-11-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2836-24-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-60-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-61-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-62-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-63-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-64-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-65-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-66-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-67-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-68-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-69-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-70-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-71-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-72-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/2836-73-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads