e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
Size

1.1MB
MD5

61cf4714edf855a2c62b86aaa3236fab
SHA1

76b327625e253a7b2728c7a3fee4478b6d718d61
SHA256

e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a
SHA512

a29fe116a3826ddc9cf5467434b9f26be8101d7b01c03f95c61c67255a97c7ecf44f51f2246b04d924bfac150c2779083ebd2106285fdd28827a420689571ca1
SSDEEP

24576:wX/eO4qA611ZlZ38YrKkEROaL3v9Xjrh1TqM:7O4Zs1ZrbhEYUFXjFtF

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Roaming\\hjpk.exe -dwup"	hjpk.exe

Executes dropped EXE 49 IoCs

pid	Process
2572	hjpk.exe
2704	hjpk.exe
2424	hjpk.exe
2752	hjpk.exe
2784	hjpk.exe
1728	hjpk.exe
752	hjpk.exe
2712	hjpk.exe
2480	hjpk.exe
1052	hjpk.exe
2012	hjpk.exe
1260	hjpk.exe
2400	hjpk.exe
1088	hjpk.exe
2144	hjpk.exe
2388	hjpk.exe
2652	hjpk.exe
688	hjpk.exe
332	hjpk.exe
2308	hjpk.exe
1620	hjpk.exe
3008	hjpk.exe
2840	hjpk.exe
1568	hjpk.exe
1680	hjpk.exe
2564	hjpk.exe
2620	hjpk.exe
2580	hjpk.exe
2544	hjpk.exe
2548	hjpk.exe
3004	hjpk.exe
2780	hjpk.exe
2976	hjpk.exe
2932	hjpk.exe
2724	hjpk.exe
1820	hjpk.exe
1796	hjpk.exe
1640	hjpk.exe
884	hjpk.exe
1224	hjpk.exe
676	hjpk.exe
408	hjpk.exe
2956	hjpk.exe
1672	hjpk.exe
1544	hjpk.exe
536	hjpk.exe
1444	hjpk.exe
1512	hjpk.exe
1564	hjpk.exe

Loads dropped DLL 2 IoCs

pid	Process
1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe

Suspicious use of SetThreadContext 25 IoCs

description	pid	Process	procid_target
PID 2604 set thread context of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2572 set thread context of 2704	2572	hjpk.exe	32
PID 2752 set thread context of 2784	2752	hjpk.exe	36
PID 1728 set thread context of 752	1728	hjpk.exe	38
PID 2712 set thread context of 2480	2712	hjpk.exe	40
PID 1052 set thread context of 2012	1052	hjpk.exe	42
PID 1260 set thread context of 2400	1260	hjpk.exe	44
PID 1088 set thread context of 2144	1088	hjpk.exe	46
PID 2388 set thread context of 2652	2388	hjpk.exe	48
PID 688 set thread context of 332	688	hjpk.exe	50
PID 2308 set thread context of 1620	2308	hjpk.exe	52
PID 3008 set thread context of 2840	3008	hjpk.exe	54
PID 1568 set thread context of 1680	1568	hjpk.exe	56
PID 2564 set thread context of 2620	2564	hjpk.exe	58
PID 2580 set thread context of 2544	2580	hjpk.exe	60
PID 2548 set thread context of 3004	2548	hjpk.exe	62
PID 2780 set thread context of 2976	2780	hjpk.exe	64
PID 2932 set thread context of 2724	2932	hjpk.exe	66
PID 1820 set thread context of 1796	1820	hjpk.exe	68
PID 1640 set thread context of 884	1640	hjpk.exe	70
PID 1224 set thread context of 676	1224	hjpk.exe	72
PID 408 set thread context of 2956	408	hjpk.exe	74
PID 1672 set thread context of 1544	1672	hjpk.exe	76
PID 536 set thread context of 1444	536	hjpk.exe	78
PID 1512 set thread context of 1564	1512	hjpk.exe	80

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 2604 wrote to memory of 1704	2604	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	30
PID 1704 wrote to memory of 2572	1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	31
PID 1704 wrote to memory of 2572	1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	31
PID 1704 wrote to memory of 2572	1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	31
PID 1704 wrote to memory of 2572	1704	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	31
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2572 wrote to memory of 2704	2572	hjpk.exe	32
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2704 wrote to memory of 2424	2704	hjpk.exe	33
PID 2424 wrote to memory of 2752	2424	hjpk.exe	35
PID 2424 wrote to memory of 2752	2424	hjpk.exe	35
PID 2424 wrote to memory of 2752	2424	hjpk.exe	35
PID 2424 wrote to memory of 2752	2424	hjpk.exe	35
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2752 wrote to memory of 2784	2752	hjpk.exe	36
PID 2424 wrote to memory of 1728	2424	hjpk.exe	37
PID 2424 wrote to memory of 1728	2424	hjpk.exe	37
PID 2424 wrote to memory of 1728	2424	hjpk.exe	37
PID 2424 wrote to memory of 1728	2424	hjpk.exe	37
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 1728 wrote to memory of 752	1728	hjpk.exe	38
PID 2424 wrote to memory of 2712	2424	hjpk.exe	39
PID 2424 wrote to memory of 2712	2424	hjpk.exe	39
PID 2424 wrote to memory of 2712	2424	hjpk.exe	39
PID 2424 wrote to memory of 2712	2424	hjpk.exe	39
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40
PID 2712 wrote to memory of 2480	2712	hjpk.exe	40

C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Users\Admin\AppData\Roaming\hjpk.exe
    C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe -dwup
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Roaming\hjpk.exe
      C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe -dwup
      4⤵
      Modifies WinLogon for persistence
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2424
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2784
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1728
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:752
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2712
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2480
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1052
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2012
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1260
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2400
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1088
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2144
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2388
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2652
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:688
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:332
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2308
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1620
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3008
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2840
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1568
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1680
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2564
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2620
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2580
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2544
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2548
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:3004
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2780
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2976
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2932
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2724
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1820
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1796
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1640
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:884
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1224
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:676
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:408
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:2956
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1544
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:536
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1444
      - C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1512
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        
        C:\Users\Admin\AppData\Roaming\hjpk.exe
        7⤵
        Executes dropped EXE
        
        PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\hjpk.exe

Filesize
1.1MB

MD5
61cf4714edf855a2c62b86aaa3236fab

SHA1
76b327625e253a7b2728c7a3fee4478b6d718d61

SHA256
e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a

SHA512
a29fe116a3826ddc9cf5467434b9f26be8101d7b01c03f95c61c67255a97c7ecf44f51f2246b04d924bfac150c2779083ebd2106285fdd28827a420689571ca1

Download Submit
memory/1704-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-12-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-6-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-4-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-2-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-10-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-13-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1704-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2424-44-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2424-48-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2424-50-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2704-41-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2704-51-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2784-67-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads