e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
Size

1.1MB
MD5

61cf4714edf855a2c62b86aaa3236fab
SHA1

76b327625e253a7b2728c7a3fee4478b6d718d61
SHA256

e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a
SHA512

a29fe116a3826ddc9cf5467434b9f26be8101d7b01c03f95c61c67255a97c7ecf44f51f2246b04d924bfac150c2779083ebd2106285fdd28827a420689571ca1
SSDEEP

24576:wX/eO4qA611ZlZ38YrKkEROaL3v9Xjrh1TqM:7O4Zs1ZrbhEYUFXjFtF

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Roaming\\yiim.exe -dwup"	yiim.exe

Executes dropped EXE 49 IoCs

pid	Process
4108	yiim.exe
2704	yiim.exe
4052	yiim.exe
4324	yiim.exe
4656	yiim.exe
3928	yiim.exe
3492	yiim.exe
1864	yiim.exe
2304	yiim.exe
4164	yiim.exe
700	yiim.exe
4936	yiim.exe
5112	yiim.exe
4300	yiim.exe
4276	yiim.exe
4016	yiim.exe
4884	yiim.exe
1032	yiim.exe
772	yiim.exe
824	yiim.exe
384	yiim.exe
2364	yiim.exe
4380	yiim.exe
4640	yiim.exe
2272	yiim.exe
1036	yiim.exe
884	yiim.exe
4728	yiim.exe
2252	yiim.exe
4844	yiim.exe
3648	yiim.exe
780	yiim.exe
1060	yiim.exe
1556	yiim.exe
624	yiim.exe
1084	yiim.exe
5076	yiim.exe
2256	yiim.exe
4788	yiim.exe
2144	yiim.exe
424	yiim.exe
2480	yiim.exe
4240	yiim.exe
1596	yiim.exe
3688	yiim.exe
1164	yiim.exe
4396	yiim.exe
5032	yiim.exe
3224	yiim.exe

Suspicious use of SetThreadContext 25 IoCs

description	pid	Process	procid_target
PID 3532 set thread context of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 4108 set thread context of 2704	4108	yiim.exe	91
PID 4324 set thread context of 4656	4324	yiim.exe	99
PID 3928 set thread context of 3492	3928	yiim.exe	101
PID 1864 set thread context of 2304	1864	yiim.exe	103
PID 4164 set thread context of 700	4164	yiim.exe	108
PID 4936 set thread context of 5112	4936	yiim.exe	110
PID 4300 set thread context of 4276	4300	yiim.exe	112
PID 4016 set thread context of 4884	4016	yiim.exe	114
PID 1032 set thread context of 772	1032	yiim.exe	116
PID 824 set thread context of 384	824	yiim.exe	118
PID 2364 set thread context of 4380	2364	yiim.exe	121
PID 4640 set thread context of 2272	4640	yiim.exe	123
PID 1036 set thread context of 884	1036	yiim.exe	125
PID 4728 set thread context of 2252	4728	yiim.exe	127
PID 4844 set thread context of 3648	4844	yiim.exe	129
PID 780 set thread context of 1060	780	yiim.exe	138
PID 1556 set thread context of 624	1556	yiim.exe	141
PID 1084 set thread context of 5076	1084	yiim.exe	143
PID 2256 set thread context of 4788	2256	yiim.exe	145
PID 2144 set thread context of 424	2144	yiim.exe	147
PID 2480 set thread context of 4240	2480	yiim.exe	149
PID 1596 set thread context of 3688	1596	yiim.exe	151
PID 1164 set thread context of 4396	1164	yiim.exe	156
PID 5032 set thread context of 3224	5032	yiim.exe	158

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3532 wrote to memory of 3584	3532	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	87
PID 3584 wrote to memory of 4108	3584	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	88
PID 3584 wrote to memory of 4108	3584	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	88
PID 3584 wrote to memory of 4108	3584	61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe	88
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 4108 wrote to memory of 2704	4108	yiim.exe	91
PID 2704 wrote to memory of 4052	2704	yiim.exe	94
PID 2704 wrote to memory of 4052	2704	yiim.exe	94
PID 2704 wrote to memory of 4052	2704	yiim.exe	94
PID 2704 wrote to memory of 4052	2704	yiim.exe	94
PID 2704 wrote to memory of 4052	2704	yiim.exe	94
PID 4052 wrote to memory of 4324	4052	yiim.exe	98
PID 4052 wrote to memory of 4324	4052	yiim.exe	98
PID 4052 wrote to memory of 4324	4052	yiim.exe	98
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4324 wrote to memory of 4656	4324	yiim.exe	99
PID 4052 wrote to memory of 3928	4052	yiim.exe	100
PID 4052 wrote to memory of 3928	4052	yiim.exe	100
PID 4052 wrote to memory of 3928	4052	yiim.exe	100
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 3928 wrote to memory of 3492	3928	yiim.exe	101
PID 4052 wrote to memory of 1864	4052	yiim.exe	102
PID 4052 wrote to memory of 1864	4052	yiim.exe	102
PID 4052 wrote to memory of 1864	4052	yiim.exe	102
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 1864 wrote to memory of 2304	1864	yiim.exe	103
PID 4052 wrote to memory of 4164	4052	yiim.exe	107
PID 4052 wrote to memory of 4164	4052	yiim.exe	107
PID 4052 wrote to memory of 4164	4052	yiim.exe	107
PID 4164 wrote to memory of 700	4164	yiim.exe	108
PID 4164 wrote to memory of 700	4164	yiim.exe	108
PID 4164 wrote to memory of 700	4164	yiim.exe	108
PID 4164 wrote to memory of 700	4164	yiim.exe	108

C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3584
- - C:\Users\Admin\AppData\Roaming\yiim.exe
    C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe -dwup
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4108
  - - C:\Users\Admin\AppData\Roaming\yiim.exe
      C:\Users\Admin\AppData\Local\Temp\61cf4714edf855a2c62b86aaa3236fab_JaffaCakes118.exe -dwup
      4⤵
      Modifies WinLogon for persistence
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4052
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4324
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4656
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3928
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:3492
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1864
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:2304
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4164
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:700
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4936
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:5112
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4300
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4276
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4016
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4884
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1032
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:772
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:824
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:384
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2364
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4380
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4640
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:2272
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1036
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:884
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4728
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:2252
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4844
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:3648
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:780
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:1060
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1556
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:624
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1084
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:5076
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2256
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4788
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2144
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:424
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2480
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4240
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1596
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:3688
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1164
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:4396
      - C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5032
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        
        C:\Users\Admin\AppData\Roaming\yiim.exe
        7⤵
        Executes dropped EXE
        
        PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\yiim.exe

Filesize
1.1MB

MD5
61cf4714edf855a2c62b86aaa3236fab

SHA1
76b327625e253a7b2728c7a3fee4478b6d718d61

SHA256
e787c605f42483df51d1ea9ba298c3b987794182bffc9685715ad95b390b573a

SHA512
a29fe116a3826ddc9cf5467434b9f26be8101d7b01c03f95c61c67255a97c7ecf44f51f2246b04d924bfac150c2779083ebd2106285fdd28827a420689571ca1

Download Submit
memory/384-83-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/700-49-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/772-76-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2304-42-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2704-15-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2704-16-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2704-51-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2704-22-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3492-35-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3584-2-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3584-3-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3584-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4052-21-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4052-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4276-63-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4380-89-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4656-28-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4884-69-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/5112-56-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads