2bca2d0ac6260ae5e90da53f363fbd740f957cce408f2e2534615128eccd4105

Analysis

max time kernel
110s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bcda222dd6dbb923b6e249dd1d56bc00N.exe
Size

159KB
MD5

bcda222dd6dbb923b6e249dd1d56bc00
SHA1

821fedf0cd5b4f77901e17daaf6500f196b68df4
SHA256

2bca2d0ac6260ae5e90da53f363fbd740f957cce408f2e2534615128eccd4105
SHA512

18b9ca7abf1cc4370c767e928846702944f391eec7f45b088b5a4b5b1db347d712df28b700e6d6b9ba7d03c62449924740772041fdf5b86de5c608410ddb1c6b
SSDEEP

3072:MIagR8NC0WxR+oebwf1nFzwSAJB8FgBY5nd/M9dA:4M0Weo71n6xJmPM9dA

Score

10^/10

discovery persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cbdnko32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cbdnko32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cmgechbh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cmgechbh.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cinfhigl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cinfhigl.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cddjebgb.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdoajb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cdoajb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cddjebgb.exe

Executes dropped EXE 6 IoCs

pid	Process
2844	Cdoajb32.exe
2296	Cmgechbh.exe
2612	Cbdnko32.exe
2340	Cinfhigl.exe
480	Cddjebgb.exe
2516	Ceegmj32.exe

Loads dropped DLL 16 IoCs

pid	Process
3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe
3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe
2844	Cdoajb32.exe
2844	Cdoajb32.exe
2296	Cmgechbh.exe
2296	Cmgechbh.exe
2612	Cbdnko32.exe
2612	Cbdnko32.exe
2340	Cinfhigl.exe
2340	Cinfhigl.exe
480	Cddjebgb.exe
480	Cddjebgb.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Cmgechbh.exe	Cdoajb32.exe
File created	C:\Windows\SysWOW64\Gfpifm32.dll	Cmgechbh.exe
File opened for modification	C:\Windows\SysWOW64\Cddjebgb.exe	Cinfhigl.exe
File created	C:\Windows\SysWOW64\Bhdmagqq.dll	Cinfhigl.exe
File created	C:\Windows\SysWOW64\Cdoajb32.exe	bcda222dd6dbb923b6e249dd1d56bc00N.exe
File created	C:\Windows\SysWOW64\Mblnbcjf.dll	Cbdnko32.exe
File created	C:\Windows\SysWOW64\Cddjebgb.exe	Cinfhigl.exe
File opened for modification	C:\Windows\SysWOW64\Cdoajb32.exe	bcda222dd6dbb923b6e249dd1d56bc00N.exe
File created	C:\Windows\SysWOW64\Dnabbkhk.dll	bcda222dd6dbb923b6e249dd1d56bc00N.exe
File opened for modification	C:\Windows\SysWOW64\Cbdnko32.exe	Cmgechbh.exe
File created	C:\Windows\SysWOW64\Cinfhigl.exe	Cbdnko32.exe
File created	C:\Windows\SysWOW64\Ceegmj32.exe	Cddjebgb.exe
File created	C:\Windows\SysWOW64\Aoogfhfp.dll	Cddjebgb.exe
File created	C:\Windows\SysWOW64\Cmgechbh.exe	Cdoajb32.exe
File created	C:\Windows\SysWOW64\Gnnffg32.dll	Cdoajb32.exe
File created	C:\Windows\SysWOW64\Cbdnko32.exe	Cmgechbh.exe
File opened for modification	C:\Windows\SysWOW64\Cinfhigl.exe	Cbdnko32.exe
File opened for modification	C:\Windows\SysWOW64\Ceegmj32.exe	Cddjebgb.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2788	2516	WerFault.exe	35

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cinfhigl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cddjebgb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ceegmj32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cdoajb32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cmgechbh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cbdnko32.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cmgechbh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dnabbkhk.dll"	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gnnffg32.dll"	Cdoajb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cmgechbh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cbdnko32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cinfhigl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bhdmagqq.dll"	Cinfhigl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cdoajb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gfpifm32.dll"	Cmgechbh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cbdnko32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cddjebgb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cddjebgb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aoogfhfp.dll"	Cddjebgb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	bcda222dd6dbb923b6e249dd1d56bc00N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cdoajb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mblnbcjf.dll"	Cbdnko32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cinfhigl.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2844	3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe	30
PID 3028 wrote to memory of 2844	3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe	30
PID 3028 wrote to memory of 2844	3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe	30
PID 3028 wrote to memory of 2844	3028	bcda222dd6dbb923b6e249dd1d56bc00N.exe	30
PID 2844 wrote to memory of 2296	2844	Cdoajb32.exe	31
PID 2844 wrote to memory of 2296	2844	Cdoajb32.exe	31
PID 2844 wrote to memory of 2296	2844	Cdoajb32.exe	31
PID 2844 wrote to memory of 2296	2844	Cdoajb32.exe	31
PID 2296 wrote to memory of 2612	2296	Cmgechbh.exe	32
PID 2296 wrote to memory of 2612	2296	Cmgechbh.exe	32
PID 2296 wrote to memory of 2612	2296	Cmgechbh.exe	32
PID 2296 wrote to memory of 2612	2296	Cmgechbh.exe	32
PID 2612 wrote to memory of 2340	2612	Cbdnko32.exe	33
PID 2612 wrote to memory of 2340	2612	Cbdnko32.exe	33
PID 2612 wrote to memory of 2340	2612	Cbdnko32.exe	33
PID 2612 wrote to memory of 2340	2612	Cbdnko32.exe	33
PID 2340 wrote to memory of 480	2340	Cinfhigl.exe	34
PID 2340 wrote to memory of 480	2340	Cinfhigl.exe	34
PID 2340 wrote to memory of 480	2340	Cinfhigl.exe	34
PID 2340 wrote to memory of 480	2340	Cinfhigl.exe	34
PID 480 wrote to memory of 2516	480	Cddjebgb.exe	35
PID 480 wrote to memory of 2516	480	Cddjebgb.exe	35
PID 480 wrote to memory of 2516	480	Cddjebgb.exe	35
PID 480 wrote to memory of 2516	480	Cddjebgb.exe	35
PID 2516 wrote to memory of 2788	2516	Ceegmj32.exe	36
PID 2516 wrote to memory of 2788	2516	Ceegmj32.exe	36
PID 2516 wrote to memory of 2788	2516	Ceegmj32.exe	36
PID 2516 wrote to memory of 2788	2516	Ceegmj32.exe	36

C:\Users\Admin\AppData\Local\Temp\bcda222dd6dbb923b6e249dd1d56bc00N.exe
"C:\Users\Admin\AppData\Local\Temp\bcda222dd6dbb923b6e249dd1d56bc00N.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\Cdoajb32.exe
  C:\Windows\system32\Cdoajb32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Windows\SysWOW64\Cmgechbh.exe
    C:\Windows\system32\Cmgechbh.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Windows\SysWOW64\Cbdnko32.exe
      C:\Windows\system32\Cbdnko32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Windows\SysWOW64\Cinfhigl.exe
        
        C:\Windows\system32\Cinfhigl.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2340
      - C:\Windows\SysWOW64\Cddjebgb.exe
        
        C:\Windows\system32\Cddjebgb.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:480
        
        C:\Windows\SysWOW64\Ceegmj32.exe
        
        C:\Windows\system32\Ceegmj32.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 140
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Bhdmagqq.dll

Filesize
7KB

MD5
4f4c60ef839878564469a8bd229f2512

SHA1
add650cfab4f963baa5cdb91643736d4f598e7e4

SHA256
0574f48a59bf6eb24cad72eaa9df152adfe96e692accdd338faabc7a79685dee

SHA512
31100b9312bc01fd15a87cd46c3d9dd291366f57a0eb2af6d0666469e3dccf252930e6081953a434c3d92056345974f3f7b24db9ad1449c24aa59bb04d914f12

Download Submit
C:\Windows\SysWOW64\Cdoajb32.exe

Filesize
159KB

MD5
ada94a5a407a359dc157ae5b57da2d88

SHA1
b380d6f53fa42eeab69002e7e02da4798628fc6c

SHA256
45e99ea1c77fed0d25abbef832c190ff9b684163097dd91a3a1dfb612eede5df

SHA512
67799cc0a38cdea755199b3a836eaca1200824adcc5132fd828fa99214d5380fb82680daaaed589a85bf5502a90b046f374a8e0deed0eb3798069f348b9d6d72

Download Submit
\Windows\SysWOW64\Cbdnko32.exe

Filesize
159KB

MD5
82231e11d518a6a24e5237704e576119

SHA1
8333317ef764041e3274ff13b561aa30addda33a

SHA256
91042d7853dac3b0485b6996272746e49fdf28588a4487317255bd6e674bbd07

SHA512
0466fd36d27733ff5917b2734496bfc8e93d041444f0ef1718a0cfe7d8e70ca2abe4d752895ea109b4091fd82988bc76111b4ba02c4b30566b9b9c7cddd792ca

Download Submit
\Windows\SysWOW64\Cddjebgb.exe

Filesize
159KB

MD5
99da9d51b5f726fa8261212e58b2e862

SHA1
dcb47d2db741b247e557dbc34d74c21b3b850bd7

SHA256
e473eacc19ad94920787fcf568eca448c60187cc64b061397c0be0aa1969d5c1

SHA512
ad7404ad8f02a63db1a005b325a9d63ded916895e819faceb4231892ec549aeffa7758e06cf9636d4743d6650f65ad62db8736bd23c089a76e5211aa66f9b342

Download Submit
\Windows\SysWOW64\Ceegmj32.exe

Filesize
159KB

MD5
51c0be546c94bd9ef1465fdbff03c9c0

SHA1
1ae26a7a90153240f6c2f353749492bcab8fa115

SHA256
0a42df9962d87ee427c6c393fec9593ca54cbc3fbfcbafcc3a2cfaeb13910efb

SHA512
7d3f5a5f4f87f531dae1ea30109da01c22ba69cf48aa0322ec494ef762e0958602380f444b9764069552539c004b0b3132c216c8ccab2d40e13a87bc3dc9e114

Download Submit
\Windows\SysWOW64\Cinfhigl.exe

Filesize
159KB

MD5
d38929ee599cd954d7367d564d693cda

SHA1
101b4eac2faa1acbaa838c84df8efa44ddf8789f

SHA256
aa8f96800a2de51ca0848e2fc34d742752896189082f31bd73abf78bc6ec0731

SHA512
e0fbd10a685a1de3ed0089d5794e6d02b6633ba67d37f0e83dbaecb46af1e4ebd1d2b53743cbe6d81a672c3cfb4b005240e2731cd1ff2205b1336e614dc7d3ca

Download Submit
\Windows\SysWOW64\Cmgechbh.exe

Filesize
159KB

MD5
813ca1c021f3ab0ce03319bac46645ff

SHA1
95decd0aa72c55a8f89da584b7342ba49ca3228b

SHA256
b473205bc6a2438989c923dff563e50c8962ce329e4d3454736e19f75293840d

SHA512
65964bac4145413b1a0ac293e1a225b23387c5bd0d8b832872b8684984e24cf5190ccdfd014a15b7fdcd9b2fdd9c35249bce382b99dc3c04144ed5acc61290bb

Download Submit
memory/480-80-0x0000000000310000-0x0000000000344000-memory.dmp

Filesize
208KB

Download
memory/480-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/480-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2296-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2296-35-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download
memory/2296-90-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2340-62-0x0000000000260000-0x0000000000294000-memory.dmp

Filesize
208KB

Download
memory/2340-68-0x0000000000260000-0x0000000000294000-memory.dmp

Filesize
208KB

Download
memory/2340-92-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2516-83-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2516-94-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2612-52-0x00000000002E0000-0x0000000000314000-memory.dmp

Filesize
208KB

Download
memory/2612-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2844-26-0x0000000000250000-0x0000000000284000-memory.dmp

Filesize
208KB

Download
memory/2844-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2844-89-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-12-0x00000000002F0000-0x0000000000324000-memory.dmp

Filesize
208KB

Download
memory/3028-88-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads