96aedb9b7ba5e583d55ef22ddd05962c1f002e064e6f5782fd24a440931f9afe

Analysis

max time kernel
116s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4856a8cc6c4ed0f2d9c983f7ec5769f2_JaffaCakes118.doc
Size

238KB
MD5

4856a8cc6c4ed0f2d9c983f7ec5769f2
SHA1

2f981a3325c3fbc44f74d6af5dddd904b35236ec
SHA256

96aedb9b7ba5e583d55ef22ddd05962c1f002e064e6f5782fd24a440931f9afe
SHA512

e9d0db369df14e68a09aeac1cd288f98211ef7427cf5e5726be5f8d173692841ed1a74927bbba89c44110356ad4e21c09d1d6490d54dc22eefff32a77cfdee23
SSDEEP

3072:J/wDvWETOgnHJcIKBs7/GdSist+dTXpiK:J/avWETrHJ9APUh4VXpv

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
5044	WINWORD.EXE
5044	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	208	EXCEL.EXE
Token: SeAuditPrivilege	2924	EXCEL.EXE
Token: SeAuditPrivilege	2436	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5044	WINWORD.EXE
5044	WINWORD.EXE
5044	WINWORD.EXE
5044	WINWORD.EXE
5044	WINWORD.EXE
5044	WINWORD.EXE
5044	WINWORD.EXE
208	EXCEL.EXE
208	EXCEL.EXE
208	EXCEL.EXE
208	EXCEL.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
3720	WINWORD.EXE
2924	EXCEL.EXE
2924	EXCEL.EXE
2924	EXCEL.EXE
2924	EXCEL.EXE
2436	EXCEL.EXE
2436	EXCEL.EXE
2436	EXCEL.EXE
2436	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\4856a8cc6c4ed0f2d9c983f7ec5769f2_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5044

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:208

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3720

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
81078f55b23214a90b162efce08c5496

SHA1
d8f80b291f7a6b696fba795ffe9d2ad25d742157

SHA256
eca3948e901e45f66846378aaa6ad432a9b1406ea576b130e56b56788ca28869

SHA512
409df815dbc88374e1c8d1d53e59daae85acaa297e04ff93f86f9dc8eb7f3b785d0942e5298f8131303fc9488edc8d977a28f58baf25385eed412d9926a0707d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
9a151e96d1f01aa554d2bcaa08f0a70a

SHA1
5a5215af7107c442c3165c30c366877d12fdeb32

SHA256
f064459e2ad8eaf4140dda41b1ac097cede90955697e7b4e1d1c3ccac00a5fa4

SHA512
05384564fec76461e3f815e5899fc99ef2337aa7ad0de1c83675264d0743dfd5322898b18750f7f6648149dcd99003239e1d80ed3512810535db2797a077e137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
13567eca2e168d1b93b9dce2bd5fa6b8

SHA1
8049e378af26aacb6f354748732888f960764547

SHA256
9a768625b8ef575249fb5854c2694ef9bf0a45be7f4e62eb68acb44b7c292bfe

SHA512
38cf224d808cfa4b9ab022868beb0713f1b1f5f0bd7837b56320876ef689a8f339e44dfdd8a4e5627f056219e17499dd8a488e82e748bd7923695c5593fff5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
c0067f3c597241cedcb086ee331d5db5

SHA1
64e7780e1e75d25c823d769424f741c1c4ae47d0

SHA256
627d40d252d5979b91b2a9d0b6e8ed1c3aaae61c3ac2369478b50cc82c0e8704

SHA512
5f6c1215c7695a61af99820a41f1bc5382054f273cd8943cc251e7e999f01714e5f2b70d8e29af47d95f5dc443db96a5f091e24f726093fbe74351f3b5a10053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
363ca5dc3ec6ca92a5c506050f8aaef9

SHA1
fe5eaa693ed1da8d43734ac88eec5416c1a429a6

SHA256
7ec98478e3bf2654a728602b1828f417c4639eda114ad3f7c1c4f9968ed54a90

SHA512
28a1278a682db15fcf62e1fd8793e2b23bc39e1382cc611973947409674d22e2de02558257110da053cb1c2260b3b3159ce327c482ea380e43d81aee5727e768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5F1B35DB-61E7-4B4F-B218-1187E38F330F

Filesize
168KB

MD5
1e0267d5c90401b8beec867116b24621

SHA1
e1cf5fccb208c127f40ddd1fbcdcb6bc0f393519

SHA256
33358fb20ce670348b559bb1c8010687805d664aedcfa2dca1c7e12c33e55a61

SHA512
50eee1c4b8da9b408bbf38ca9a2181b59701e48c46ad60e8139abacc0897304ff5034a74961015263bb815b970521e47988ae03278aee3695b88dd65eb04f59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
67f36f3c0ac40b3318b0241f929fe06b

SHA1
7b9aee92f248b674b974a8469fd0b0ddddf6243d

SHA256
59f39c79c6f4ce39372c39f194fea499d0bf1eef2ecb2f2b7a941898fd7200f2

SHA512
d58458e054b4c202a887c57b234cdce0913ed83481237700d70ac51412273289d49dcf79c29f06a1b87749020a66a4b7b3a280886ff8ae0c60e5cbc9debef279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
333KB

MD5
e7f663ce715a2b74c17a013567b05926

SHA1
2b281c8ca9e1832394d0561a7cd6217393141545

SHA256
26776f52e21b7864c6a8aff3d8dbd1d73618214a9de454e922852c320465730b

SHA512
5600cc8c25a390b6a0b71108641d8974662b28464be8e5185dfe4313f37e5cd07d32c572219d6079efdf1081b455e1eb5315084fe5a0f1b8dc40cbe4cb1eb7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
10KB

MD5
24e5722cdfe645d387fbc668a0982f27

SHA1
8dd81667ec212c7123491cbd29d44d5ff971f387

SHA256
bc4ccf13a045ddc377d40b671efa04bcc817164f0b48d14a8acd0cd3d4aa8a2e

SHA512
72a0794c64a8cdc1e8a0446a9ce195b7ac14fc9a63fc0d5f898ba95dabaaab0be2cfe2b31b94b535eb56ac5f9041257595f6d6a3e69506f3ace69ff8ac899172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
085ebd119f5fc6b8f63720fac1166ff5

SHA1
af066018aadec31b8e70a124a158736aca897306

SHA256
b8411fe8ec499074fca9047f6983d920279e84ddf3b02b2dd5c08cf07ec44687

SHA512
adb0522830db26123347cb485c43b156f5c888510e52091ba0fafc22b650ad29630c027746c920321905c28259dce7ff63dded93a79efddd5567c68312117875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
8KB

MD5
e107959e9b0d44053efd7ca550865928

SHA1
3977c3be25e2338444f7d00ea38939a16543253f

SHA256
1ecbf36c99683866c51ea844ef32ba83e90fc5586e7e56c17559354bc6a8a961

SHA512
f125f1d857f1a1e3694635a0d1fcbb40f474ce3c90d96b36d71aaf794a769f68c8e7e07ecad7e7231dfaaabf57f4e8ae96d462ffada543fb56214e3511de5eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
376ffeaf19b5f69806d5cc752d5fd7ca

SHA1
590373f8caf8c76e65da3ad7a93067e300811aa3

SHA256
47d150f6767b84d1e59cc1a7506252efb355102558026dc43257c1492be58f4d

SHA512
ae05faf0362bc2d9c1cfc2e443301742495f3324e34730e90cc65028ed7dfa19bf0bd9f3f409d7b997298b33fd0d4019902ecbe39dd92351e44fdd68a39c51e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
04bef81ba518996574817d67929cf03a

SHA1
722d4bb80405c5108abdcc9ecd8724247ac8e27a

SHA256
f06593789e8e079492d5c95fa4d5b9806fef03481f39acdf319735d5239b85b9

SHA512
0cb48b32f1342d20e03a4be0fbf0e3b2d8d1880aa826035a9fa749752cb6682d5486231c3c25a8a9d67e976a64dd6846b5ec328b3d490343d02665333ffa9f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
52b8263d89a98a7d816ce0f58a812adb

SHA1
a542bd1434ae818dd9a10a4242a4eac8a28e1291

SHA256
f58db886cd3bbf759cb7cb50b91973f436a96b90958b779b26554cae35c4f54a

SHA512
1a37a1bd04794d2d939e6f03ead6671a83e4a6a9e4a0570ece01502d88c5f499ad9a7df46cd956e1a61af9d0d2f58ea06bcc80354ab4ccd637f8f5a1fa4a5a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDD7AE.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
68e7d07338d2bfd4dac46aa817072680

SHA1
feeea7dfd972d378041230f2ca8782162bf0cd33

SHA256
617d13c7efbe0b921aaa0676b68955751242952987a40ca1060d3f22de3d75be

SHA512
1566a70f933f0a87b3e1a73c21aa180ab030554eb3041e7001015b31f47438f3177790f50afeb7f6fb8e476942e992c1f6e372a8b163906be57737aac853b393

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/208-1561-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/208-1563-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/208-1562-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/208-1564-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/5044-1572-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-11-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-7-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-14-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-16-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-5-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/5044-17-0x00007FFA00FD0000-0x00007FFA00FE0000-memory.dmp

Filesize
64KB

Download
memory/5044-2-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/5044-523-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-578-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-15-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-9-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-13-0x00007FFA00FD0000-0x00007FFA00FE0000-memory.dmp

Filesize
64KB

Download
memory/5044-12-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-10-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-8-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-6-0x00007FFA438B0000-0x00007FFA43AA5000-memory.dmp

Filesize
2.0MB

Download
memory/5044-3-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/5044-4-0x00007FFA4394D000-0x00007FFA4394E000-memory.dmp

Filesize
4KB

Download
memory/5044-1-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download
memory/5044-0-0x00007FFA03930000-0x00007FFA03940000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads