33fc2971d6a177f97b59aaeccbd18cb656d869e9de43a39c3b32fdb21b4e0ee6

Analysis

max time kernel
144s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
Size

285KB
MD5

44b06e86aeb82f177ef47d87784c00e6
SHA1

84d3926cfbbcb26f540a8396fe321050767b3f10
SHA256

33fc2971d6a177f97b59aaeccbd18cb656d869e9de43a39c3b32fdb21b4e0ee6
SHA512

5da313909d245872b3439f0d3433f5e26183bdbca144ce6215498e50b6dc31656bb72fe00e9a0359d77ac7727825e568b22efab2bef071f9df7b56d73ea8f8e9
SSDEEP

6144:oNaI2cGLApO7JJi1X3wAisb9JlKFnTsrYVK9M9kUu+W5dxrXu48sCdH0xkMzqDUG:osaC6+PhAi0lKFnTsrAac9u+W5dxrXuF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 23 IoCs

pid	Process
3000	xhencs.exe
2760	mkqebu.exe
2784	xbahpu.exe
2580	qtktdu.exe
1080	clufsv.exe
2344	vdejyd.exe
2464	gdoune.exe
2480	rvggbe.exe
2812	knqkpe.exe
3036	weaven.exe
1720	hwkhkn.exe
1272	awulyo.exe
1940	lodxno.exe
2332	fgnabp.exe
776	qyxmpx.exe
2620	bqpywx.exe
2636	upzbky.exe
2200	fhjnzy.exe
2780	rztznh.exe
2648	krddbh.exe
2024	vjnoih.exe
1700	obxswi.exe
1204	zbpekq.exe

Loads dropped DLL 46 IoCs

pid	Process
2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
3000	xhencs.exe
3000	xhencs.exe
2760	mkqebu.exe
2760	mkqebu.exe
2784	xbahpu.exe
2784	xbahpu.exe
2580	qtktdu.exe
2580	qtktdu.exe
1080	clufsv.exe
1080	clufsv.exe
2344	vdejyd.exe
2344	vdejyd.exe
2464	gdoune.exe
2464	gdoune.exe
2480	rvggbe.exe
2480	rvggbe.exe
2812	knqkpe.exe
2812	knqkpe.exe
3036	weaven.exe
3036	weaven.exe
1720	hwkhkn.exe
1720	hwkhkn.exe
1272	awulyo.exe
1272	awulyo.exe
1940	lodxno.exe
1940	lodxno.exe
2332	fgnabp.exe
2332	fgnabp.exe
776	qyxmpx.exe
776	qyxmpx.exe
2620	bqpywx.exe
2620	bqpywx.exe
2636	upzbky.exe
2636	upzbky.exe
2200	fhjnzy.exe
2200	fhjnzy.exe
2780	rztznh.exe
2780	rztznh.exe
2648	krddbh.exe
2648	krddbh.exe
2024	vjnoih.exe
2024	vjnoih.exe
1700	obxswi.exe
1700	obxswi.exe

Drops file in System32 directory 46 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\xhencs.exe	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\vdejyd.exe	clufsv.exe
File opened for modification	C:\Windows\SysWOW64\gdoune.exe	vdejyd.exe
File opened for modification	C:\Windows\SysWOW64\awulyo.exe	hwkhkn.exe
File opened for modification	C:\Windows\SysWOW64\fhjnzy.exe	upzbky.exe
File created	C:\Windows\SysWOW64\rztznh.exe	fhjnzy.exe
File opened for modification	C:\Windows\SysWOW64\qyxmpx.exe	fgnabp.exe
File created	C:\Windows\SysWOW64\fhjnzy.exe	upzbky.exe
File opened for modification	C:\Windows\SysWOW64\xbahpu.exe	mkqebu.exe
File created	C:\Windows\SysWOW64\rvggbe.exe	gdoune.exe
File opened for modification	C:\Windows\SysWOW64\hwkhkn.exe	weaven.exe
File created	C:\Windows\SysWOW64\awulyo.exe	hwkhkn.exe
File opened for modification	C:\Windows\SysWOW64\lodxno.exe	awulyo.exe
File created	C:\Windows\SysWOW64\qyxmpx.exe	fgnabp.exe
File opened for modification	C:\Windows\SysWOW64\rztznh.exe	fhjnzy.exe
File opened for modification	C:\Windows\SysWOW64\qtktdu.exe	xbahpu.exe
File opened for modification	C:\Windows\SysWOW64\weaven.exe	knqkpe.exe
File created	C:\Windows\SysWOW64\bqpywx.exe	qyxmpx.exe
File created	C:\Windows\SysWOW64\upzbky.exe	bqpywx.exe
File opened for modification	C:\Windows\SysWOW64\upzbky.exe	bqpywx.exe
File created	C:\Windows\SysWOW64\obxswi.exe	vjnoih.exe
File opened for modification	C:\Windows\SysWOW64\zbpekq.exe	obxswi.exe
File created	C:\Windows\SysWOW64\xbahpu.exe	mkqebu.exe
File created	C:\Windows\SysWOW64\qtktdu.exe	xbahpu.exe
File opened for modification	C:\Windows\SysWOW64\rvggbe.exe	gdoune.exe
File opened for modification	C:\Windows\SysWOW64\knqkpe.exe	rvggbe.exe
File created	C:\Windows\SysWOW64\hwkhkn.exe	weaven.exe
File created	C:\Windows\SysWOW64\zbpekq.exe	obxswi.exe
File created	C:\Windows\SysWOW64\vdejyd.exe	clufsv.exe
File created	C:\Windows\SysWOW64\knqkpe.exe	rvggbe.exe
File created	C:\Windows\SysWOW64\vjnoih.exe	krddbh.exe
File opened for modification	C:\Windows\SysWOW64\obxswi.exe	vjnoih.exe
File opened for modification	C:\Windows\SysWOW64\xhencs.exe	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\clufsv.exe	qtktdu.exe
File created	C:\Windows\SysWOW64\weaven.exe	knqkpe.exe
File created	C:\Windows\SysWOW64\fgnabp.exe	lodxno.exe
File opened for modification	C:\Windows\SysWOW64\bqpywx.exe	qyxmpx.exe
File opened for modification	C:\Windows\SysWOW64\vjnoih.exe	krddbh.exe
File created	C:\Windows\SysWOW64\mkqebu.exe	xhencs.exe
File opened for modification	C:\Windows\SysWOW64\mkqebu.exe	xhencs.exe
File created	C:\Windows\SysWOW64\clufsv.exe	qtktdu.exe
File created	C:\Windows\SysWOW64\gdoune.exe	vdejyd.exe
File created	C:\Windows\SysWOW64\lodxno.exe	awulyo.exe
File opened for modification	C:\Windows\SysWOW64\fgnabp.exe	lodxno.exe
File created	C:\Windows\SysWOW64\krddbh.exe	rztznh.exe
File opened for modification	C:\Windows\SysWOW64\krddbh.exe	rztznh.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 3000	2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe	31
PID 2072 wrote to memory of 3000	2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe	31
PID 2072 wrote to memory of 3000	2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe	31
PID 2072 wrote to memory of 3000	2072	44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe	31
PID 3000 wrote to memory of 2760	3000	xhencs.exe	32
PID 3000 wrote to memory of 2760	3000	xhencs.exe	32
PID 3000 wrote to memory of 2760	3000	xhencs.exe	32
PID 3000 wrote to memory of 2760	3000	xhencs.exe	32
PID 2760 wrote to memory of 2784	2760	mkqebu.exe	33
PID 2760 wrote to memory of 2784	2760	mkqebu.exe	33
PID 2760 wrote to memory of 2784	2760	mkqebu.exe	33
PID 2760 wrote to memory of 2784	2760	mkqebu.exe	33
PID 2784 wrote to memory of 2580	2784	xbahpu.exe	34
PID 2784 wrote to memory of 2580	2784	xbahpu.exe	34
PID 2784 wrote to memory of 2580	2784	xbahpu.exe	34
PID 2784 wrote to memory of 2580	2784	xbahpu.exe	34
PID 2580 wrote to memory of 1080	2580	qtktdu.exe	35
PID 2580 wrote to memory of 1080	2580	qtktdu.exe	35
PID 2580 wrote to memory of 1080	2580	qtktdu.exe	35
PID 2580 wrote to memory of 1080	2580	qtktdu.exe	35
PID 1080 wrote to memory of 2344	1080	clufsv.exe	36
PID 1080 wrote to memory of 2344	1080	clufsv.exe	36
PID 1080 wrote to memory of 2344	1080	clufsv.exe	36
PID 1080 wrote to memory of 2344	1080	clufsv.exe	36
PID 2344 wrote to memory of 2464	2344	vdejyd.exe	37
PID 2344 wrote to memory of 2464	2344	vdejyd.exe	37
PID 2344 wrote to memory of 2464	2344	vdejyd.exe	37
PID 2344 wrote to memory of 2464	2344	vdejyd.exe	37
PID 2464 wrote to memory of 2480	2464	gdoune.exe	38
PID 2464 wrote to memory of 2480	2464	gdoune.exe	38
PID 2464 wrote to memory of 2480	2464	gdoune.exe	38
PID 2464 wrote to memory of 2480	2464	gdoune.exe	38
PID 2480 wrote to memory of 2812	2480	rvggbe.exe	39
PID 2480 wrote to memory of 2812	2480	rvggbe.exe	39
PID 2480 wrote to memory of 2812	2480	rvggbe.exe	39
PID 2480 wrote to memory of 2812	2480	rvggbe.exe	39
PID 2812 wrote to memory of 3036	2812	knqkpe.exe	40
PID 2812 wrote to memory of 3036	2812	knqkpe.exe	40
PID 2812 wrote to memory of 3036	2812	knqkpe.exe	40
PID 2812 wrote to memory of 3036	2812	knqkpe.exe	40
PID 3036 wrote to memory of 1720	3036	weaven.exe	41
PID 3036 wrote to memory of 1720	3036	weaven.exe	41
PID 3036 wrote to memory of 1720	3036	weaven.exe	41
PID 3036 wrote to memory of 1720	3036	weaven.exe	41
PID 1720 wrote to memory of 1272	1720	hwkhkn.exe	42
PID 1720 wrote to memory of 1272	1720	hwkhkn.exe	42
PID 1720 wrote to memory of 1272	1720	hwkhkn.exe	42
PID 1720 wrote to memory of 1272	1720	hwkhkn.exe	42
PID 1272 wrote to memory of 1940	1272	awulyo.exe	43
PID 1272 wrote to memory of 1940	1272	awulyo.exe	43
PID 1272 wrote to memory of 1940	1272	awulyo.exe	43
PID 1272 wrote to memory of 1940	1272	awulyo.exe	43
PID 1940 wrote to memory of 2332	1940	lodxno.exe	44
PID 1940 wrote to memory of 2332	1940	lodxno.exe	44
PID 1940 wrote to memory of 2332	1940	lodxno.exe	44
PID 1940 wrote to memory of 2332	1940	lodxno.exe	44
PID 2332 wrote to memory of 776	2332	fgnabp.exe	45
PID 2332 wrote to memory of 776	2332	fgnabp.exe	45
PID 2332 wrote to memory of 776	2332	fgnabp.exe	45
PID 2332 wrote to memory of 776	2332	fgnabp.exe	45
PID 776 wrote to memory of 2620	776	qyxmpx.exe	46
PID 776 wrote to memory of 2620	776	qyxmpx.exe	46
PID 776 wrote to memory of 2620	776	qyxmpx.exe	46
PID 776 wrote to memory of 2620	776	qyxmpx.exe	46

C:\Users\Admin\AppData\Local\Temp\44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\xhencs.exe
  C:\Windows\system32\xhencs.exe 556 "C:\Users\Admin\AppData\Local\Temp\44b06e86aeb82f177ef47d87784c00e6_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Windows\SysWOW64\mkqebu.exe
    C:\Windows\system32\mkqebu.exe 524 "C:\Windows\SysWOW64\xhencs.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Windows\SysWOW64\xbahpu.exe
      C:\Windows\system32\xbahpu.exe 532 "C:\Windows\SysWOW64\mkqebu.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Windows\SysWOW64\qtktdu.exe
        
        C:\Windows\system32\qtktdu.exe 572 "C:\Windows\SysWOW64\xbahpu.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2580
      - C:\Windows\SysWOW64\clufsv.exe
        
        C:\Windows\system32\clufsv.exe 528 "C:\Windows\SysWOW64\qtktdu.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1080
        
        C:\Windows\SysWOW64\vdejyd.exe
        
        C:\Windows\system32\vdejyd.exe 536 "C:\Windows\SysWOW64\clufsv.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2344
        
        C:\Windows\SysWOW64\gdoune.exe
        
        C:\Windows\system32\gdoune.exe 540 "C:\Windows\SysWOW64\vdejyd.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        C:\Windows\SysWOW64\rvggbe.exe
        
        C:\Windows\system32\rvggbe.exe 568 "C:\Windows\SysWOW64\gdoune.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2480
        
        C:\Windows\SysWOW64\knqkpe.exe
        
        C:\Windows\system32\knqkpe.exe 544 "C:\Windows\SysWOW64\rvggbe.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Windows\SysWOW64\weaven.exe
        
        C:\Windows\system32\weaven.exe 580 "C:\Windows\SysWOW64\knqkpe.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Windows\SysWOW64\hwkhkn.exe
        
        C:\Windows\system32\hwkhkn.exe 552 "C:\Windows\SysWOW64\weaven.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1720
        
        C:\Windows\SysWOW64\awulyo.exe
        
        C:\Windows\system32\awulyo.exe 656 "C:\Windows\SysWOW64\hwkhkn.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1272
        
        C:\Windows\SysWOW64\lodxno.exe
        
        C:\Windows\system32\lodxno.exe 564 "C:\Windows\SysWOW64\awulyo.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1940
        
        C:\Windows\SysWOW64\fgnabp.exe
        
        C:\Windows\system32\fgnabp.exe 660 "C:\Windows\SysWOW64\lodxno.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2332
        
        C:\Windows\SysWOW64\qyxmpx.exe
        
        C:\Windows\system32\qyxmpx.exe 576 "C:\Windows\SysWOW64\fgnabp.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:776
        
        C:\Windows\SysWOW64\bqpywx.exe
        
        C:\Windows\system32\bqpywx.exe 592 "C:\Windows\SysWOW64\qyxmpx.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2620
        
        C:\Windows\SysWOW64\upzbky.exe
        
        C:\Windows\system32\upzbky.exe 608 "C:\Windows\SysWOW64\bqpywx.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2636
        
        C:\Windows\SysWOW64\fhjnzy.exe
        
        C:\Windows\system32\fhjnzy.exe 672 "C:\Windows\SysWOW64\upzbky.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2200
        
        C:\Windows\SysWOW64\rztznh.exe
        
        C:\Windows\system32\rztznh.exe 588 "C:\Windows\SysWOW64\fhjnzy.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2780
        
        C:\Windows\SysWOW64\krddbh.exe
        
        C:\Windows\system32\krddbh.exe 684 "C:\Windows\SysWOW64\rztznh.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2648
        
        C:\Windows\SysWOW64\vjnoih.exe
        
        C:\Windows\system32\vjnoih.exe 596 "C:\Windows\SysWOW64\krddbh.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2024
        
        C:\Windows\SysWOW64\obxswi.exe
        
        C:\Windows\system32\obxswi.exe 612 "C:\Windows\SysWOW64\vjnoih.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1700
        
        C:\Windows\SysWOW64\zbpekq.exe
        
        C:\Windows\system32\zbpekq.exe 548 "C:\Windows\SysWOW64\obxswi.exe"
        24⤵
        Executes dropped EXE
        
        PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\xhencs.exe

Filesize
285KB

MD5
44b06e86aeb82f177ef47d87784c00e6

SHA1
84d3926cfbbcb26f540a8396fe321050767b3f10

SHA256
33fc2971d6a177f97b59aaeccbd18cb656d869e9de43a39c3b32fdb21b4e0ee6

SHA512
5da313909d245872b3439f0d3433f5e26183bdbca144ce6215498e50b6dc31656bb72fe00e9a0359d77ac7727825e568b22efab2bef071f9df7b56d73ea8f8e9

Download Submit
memory/776-192-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/1080-82-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/1272-159-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/1700-242-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/1720-148-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/1940-170-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2024-235-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2072-15-0x0000000003C80000-0x000000000423D000-memory.dmp

Filesize
5.7MB

Download
memory/2072-17-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2072-0-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2072-12-0x0000000003C80000-0x000000000423D000-memory.dmp

Filesize
5.7MB

Download
memory/2072-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2200-214-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2332-181-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2344-93-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2464-104-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2480-115-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2580-69-0x0000000003890000-0x0000000003E4D000-memory.dmp

Filesize
5.7MB

Download
memory/2580-71-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2580-68-0x0000000003890000-0x0000000003E4D000-memory.dmp

Filesize
5.7MB

Download
memory/2620-200-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2636-207-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2648-228-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2760-42-0x0000000003B30000-0x00000000040ED000-memory.dmp

Filesize
5.7MB

Download
memory/2760-41-0x0000000003B30000-0x00000000040ED000-memory.dmp

Filesize
5.7MB

Download
memory/2760-44-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2760-29-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2780-221-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2784-55-0x0000000003AF0000-0x00000000040AD000-memory.dmp

Filesize
5.7MB

Download
memory/2784-56-0x0000000003AF0000-0x00000000040AD000-memory.dmp

Filesize
5.7MB

Download
memory/2784-57-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/2812-126-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/3000-30-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/3000-28-0x0000000003A70000-0x000000000402D000-memory.dmp

Filesize
5.7MB

Download
memory/3000-13-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download
memory/3000-14-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/3036-137-0x0000000000400000-0x00000000009BCA4E-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads