34bcd6a66c63bf63f3d08da5b998c26ad107a3874694283d9ef548e3d554c2e7

Analysis

max time kernel
143s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84a217edd62c5e446b60c033a2cc1daf_JaffaCakes118.doc
Size

237KB
MD5

84a217edd62c5e446b60c033a2cc1daf
SHA1

3f24cf2c4869967d8b437a992de223c940277ac3
SHA256

34bcd6a66c63bf63f3d08da5b998c26ad107a3874694283d9ef548e3d554c2e7
SHA512

94aaf4a12e38fd44d01ef1855d5e0d9f4c72c2e4a3fe7d8fd4fba80642f611dc109619ac39fd4910832f4e76434e90ec492763f51a99141dfd4aa01e662de450
SSDEEP

3072:UAw1vPEfOgnPJceKBDa2KdSBjauves7un/DO:UAKvPEfrPJBAEUR5I/K

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
4780	WINWORD.EXE
4780	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	2008	EXCEL.EXE
Token: SeAuditPrivilege	980	EXCEL.EXE
Token: SeAuditPrivilege	1540	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
4780	WINWORD.EXE
4780	WINWORD.EXE
4780	WINWORD.EXE
4780	WINWORD.EXE
4780	WINWORD.EXE
4780	WINWORD.EXE
4780	WINWORD.EXE
2008	EXCEL.EXE
2008	EXCEL.EXE
2008	EXCEL.EXE
2008	EXCEL.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
2712	WINWORD.EXE
980	EXCEL.EXE
980	EXCEL.EXE
980	EXCEL.EXE
980	EXCEL.EXE
1540	EXCEL.EXE
1540	EXCEL.EXE
1540	EXCEL.EXE
1540	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\84a217edd62c5e446b60c033a2cc1daf_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4780

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:980

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
e531567acf604fa1e9d9b8667a8f74c8

SHA1
4188dd9336616e684c107a8efcb19774a2a88943

SHA256
543665a0e6ef9c6fc073139cf7ef2e7e27b0cd4590cf5bdd41ff6f6307675e77

SHA512
58cc26e79eacc74a44d43efd04f00d85610a1cf66af7b11b72b55a474ec2c4149b64d30e03c5505b48fa9d45fc81968344077963bca4d631a70e7f089de9f04c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
fcc0ff6ffa99d49c8b3aff89f5a41080

SHA1
744e46a725bb33e529a4c239fb35b52afbb3e6b2

SHA256
65876a38373db349ebcb6dcd3c84b37788dcce63346dee562bfa0588d57bd6a1

SHA512
93b1efd56afdc153ddf2de125821dd3e2be15f9a4b84c0922961fc13445cb4c08815e9da362d75cee5d2e407b247876c765b1e464ad02fb9ba7b3fb69a30c111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
c29bb23b123b3955d105eec3a6a46c01

SHA1
5819b279abb161e75bb9df78f087f001b38f2fe2

SHA256
573c65f8b0ee381e8a8b329ded93478fa2a7a7925b5b6f9cb8073c823e245d40

SHA512
974e2d7851880a5f874acc97881af77a27d714176b958e4d2ce6e1d37a1b0a7ed2686ae05e0b0ac77e500850de89131c30a9006e45de0ec8e494cdda37818a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

Filesize
128B

MD5
47a4d4636fd6102007db6919a670c222

SHA1
1399912d395ad5936d96e835b040f2972afa5845

SHA256
bafe3f9e5174f6dc4abc78a448e5f07cd57c74ed417200fc79554a4c958a8846

SHA512
b9195f5bb520177e092fc615601c8d1b1a85216522f355786d8889eb6e4ef6ac08373a37b55d7692e85bc5d23ecc1905fcc2486309dd7b00bb64d3040762e0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\386EA5D5-B24D-4B90-826A-78EF2EA4F28E

Filesize
170KB

MD5
d636eb5a9c12814452a4070bfdda4c45

SHA1
a86206c8cb9a7b3966539ed5d6bc65fecc10b9b6

SHA256
60b1bfdcca7117fc3ddf17421e3b651119a632c56ea1c05f20020c2a9f54fc2a

SHA512
ce889a6b6cfa0ba1301931422192af038c02efb37f7f9f22dcca804fac8bebe95e0e4746fbbe1a715d0c8626b2a157939715d96f622bfb3e72969b8f37d0e686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
321KB

MD5
5b4ea7676f0e3aa19f87eaf81cacfc69

SHA1
a776b52f53b1002255d87b4ced9f0d385d4f17ed

SHA256
7e04d3b29ddaa7b7480f081db4d4f3b881e5945b40cd9a7582986603f8ceadaf

SHA512
0a5cbf228584dd5b31b8d640f498ca1003683c571c5f77963b56dc7de6de3e8f5b161781f6d8344e2029816da2909cab293161265eac390646420def640c612b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
332KB

MD5
de7f3a643f43a00f3c7f8d6eb0d2596d

SHA1
c2592f88bead5bafad5bac37e9a6bf1d64faf4bd

SHA256
86fa2103aad0cebf3bc4f3f3f54174d0dc071ef68604cb16477a346b4c272adc

SHA512
0403a01f4bc80ebd5ab7c126156305227eea1c5dc1478f3b709a5a012fa79918aa18045346790057eacf8e0c470967f019ea389a7bb38e1f61269c4c8a0f9503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
10KB

MD5
62b1a5208985e837e15e0253a6e1aaa0

SHA1
55993ae5ccc4f28c99f38ce6e08de4ec4982f8ff

SHA256
5fc9b1c80e283b43e0763d2d4409217ab19295d30b882dcd63d9a466a72eaa77

SHA512
7dc3899f44db0009b92a33f4cc56a16f58047fac867f1baf821f8d2ea5a337462c0963af33a84db87e106f95bccbbfbad16262eb317b854046727f67cea2e987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
88KB

MD5
ad9319e4379defa2971c15df75c8dce8

SHA1
49ec30a9a457fd75d758b8fc92a69967a101254b

SHA256
4cd7cc1c9341d3784c14a88f250cc710be00f65dfd8bdec05d2df3f620ae0938

SHA512
9d55a642b8a746ed21cff14cf5ded2c51e6a02a8e9546d286f48b85e2dbe082002dcf1d6251d607d8e35c0aedd86513da6347032a248390c69e336273be25523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
4KB

MD5
b0eeb78af762a8b950c5b32d52e9c48e

SHA1
35d163dbb77b8e122881067f1094142375e37a98

SHA256
59df83610b5b5fc3f5c4e0a66ae3fd555a4b98865c30ef884c2136af9f2674f8

SHA512
706da27b8995a8868cc5d539901cea51dac29be7c27fe8a1b3deb4a70c324fb7d2b93e67b9624cb621cc6cbb1a12f5c832b3e57bbf736fd825e614cfef5a9c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
7e071f07c18397cdadbc3e14f6630e2b

SHA1
46864482cfb97de104c05d5fb03d7545d322aa47

SHA256
7674a12af03a0c746d884eb0a29915c0ef40fcf9c21f1ee9dc8f39d7e5cd3510

SHA512
3a55cc1eb81e23b2ba1832cbc318c6d8ec2990955b9651c0e582c1423d50f3e69d7c6863ae963763588a35f21c8be126dcaea5abcaf963ab4100369818c5c4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
a7d886d97cffa3a52f7e6ffae0b34678

SHA1
6dc90e0606ddbaa74dd1b5bd82eca57f7dac2d4a

SHA256
a702e03d622c0103326190b87c0dbc83f6d7c4a2f9b6b72432922c8e4b70b3b8

SHA512
e86c37c2dfca7cd40deb190faa81c0167f3661d0d71e82db36fe51f826f57d16fc4adcd839c40167f37bf97617676390808fcb1faf904c8f3b3aa5e8dc472593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
b6a62bbcc0cdcfa8e6f521051b9c28e8

SHA1
aff7ee6156cefb992cbdbb5b5cdb46724835939b

SHA256
001513887e02468018f3d02645de209374b62350560f3ca1a4c03eaf6abea0af

SHA512
fc365f12392f73f9351bfaae4057d52997d0268b34c0e77d10e00636796176e455395d9d7fb3423825f3ee24db1eda4fd8c5174a78d7576333f504eb4bb98997

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDD9AA.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
9fab83592441c0ef2a51f172b3970e9f

SHA1
607e148440378977f2267c6a6650c8309a9daea2

SHA256
977b4eb259dcfbe3e7d21cfd726baf0aa8697225e589103f99ac2797ca4e356b

SHA512
676a76a67bf3a837fe5fbb4aa7c70fd2f0656e471489c960109dbc71eb9e007685ca497e1975834d7bb5ffa3ec183d39cf9d73d2857234167cf56f760eabbd7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4780-16-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-1561-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-17-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-21-0x00007FFC38900000-0x00007FFC38910000-memory.dmp

Filesize
64KB

Download
memory/4780-7-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-20-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-19-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-15-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-8-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-14-0x00007FFC38900000-0x00007FFC38910000-memory.dmp

Filesize
64KB

Download
memory/4780-11-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-6-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-521-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-576-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-1560-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-18-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-1559-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-1558-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-1562-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-12-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-13-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-9-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-10-0x00007FFC7AEF0000-0x00007FFC7B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/4780-5-0x00007FFC7AF8D000-0x00007FFC7AF8E000-memory.dmp

Filesize
4KB

Download
memory/4780-3-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-4-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-1-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-2-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download
memory/4780-0-0x00007FFC3AF70000-0x00007FFC3AF80000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads