2fe6498c74c00c994a8e5858ade40e5bfdf9a515e7a787cfb8cad95a395f7aaa

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 20:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8bd1344d605a331d0c95140adc10dedf_JaffaCakes118.doc
Size

239KB
MD5

8bd1344d605a331d0c95140adc10dedf
SHA1

38365dd74bf0698ff512a7233588be86865d601e
SHA256

2fe6498c74c00c994a8e5858ade40e5bfdf9a515e7a787cfb8cad95a395f7aaa
SHA512

2da9d83940ea0c6ebd076adf8877b45d20e04c769076a113fb809d99a790b0eea8e6c3eec5f882cfce274979e6778b281209f9b580ce54ab064a88950ea27ed6
SSDEEP

3072:L/wDvWETOgnHJcIKBs728dSMVfhT4MeNfhr:L/avWETrHJ9AGUMjTyz

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1524	WINWORD.EXE
1524	WINWORD.EXE
1416	WINWORD.EXE
1784	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	4532	EXCEL.EXE
Token: SeAuditPrivilege	1784	EXCEL.EXE
Token: SeAuditPrivilege	3328	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
1524	WINWORD.EXE
1524	WINWORD.EXE
1524	WINWORD.EXE
1524	WINWORD.EXE
1524	WINWORD.EXE
1524	WINWORD.EXE
1524	WINWORD.EXE
4532	EXCEL.EXE
4532	EXCEL.EXE
4532	EXCEL.EXE
4532	EXCEL.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1416	WINWORD.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
3328	EXCEL.EXE
3328	EXCEL.EXE
3328	EXCEL.EXE
3328	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8bd1344d605a331d0c95140adc10dedf_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4532

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
eaa327a444d7f3489550986d9fa94b4a

SHA1
894b0bc575dbb6c9ce2f0e866b7695728d7118e8

SHA256
98be7f507291fe723327a4eb2c88c13b4510099facdcd4c934aee3a2f7ec3d6f

SHA512
3de08cef116e376e58ce9a79226e8bba3e3cfc90272c2ce91b92a44a56c2e44fe7119f35a5c3b4977238948ec09233c6851a8e319471dd252f355252b9a0d661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
83e98c52b56fcded5d0e4da4bcdd80f3

SHA1
496852694e05b618ba0139e961d4fe6785ac71e8

SHA256
1f0387593818547789d7ba87b8d30a867a0742bd09cceeb1f603ef674b79ea71

SHA512
bdb157f3b1776515c5097cf4ea6f232d73a6a50e6b5e82384927395158a6a819bc3682e7cb4e295fd95b378d0d48af23857573befad7d1776170a567f7bcab8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
7a110550a541eb781ecda135feb5da14

SHA1
a005898d7027485b323d5ec47aedbeae927c9d3a

SHA256
90bbc1ca18171549970969dd7ddb858a98c61480b9c242fdfd22f535ba03e9f6

SHA512
1fd715133fb1cf512a18adca7e27ea3ec54e0ad5c45d2f96bf9c70fce710d3a269fd80dbf65f1c676d1c84616ef002ab9e63078808320066e712edb8da6d79b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

Filesize
64B

MD5
1d7f54d4d23835af777aba4f4fa3e0d1

SHA1
71dee0cb1da3c8215c859ac58cd029eab8cc9146

SHA256
45688ef61cff2616cab90b3baa08654a033761f337a433e9cad51b09f28f1c0d

SHA512
04331b05b0193d1aa8236388ed214ed55b957b92504bbd412967303251297bd29297060ab23a30023d5d1164bc857638df4bf3bb4d1e97adc02e01a5b567d751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

Filesize
192B

MD5
79478f434c7d8dc219694eb2bee7be6d

SHA1
9973be44ea1fbd91452c51b27a546c4fb5284a07

SHA256
9094cd7f2897707738cd771f03a6d84c51e96c85fcde0f60063d8f397369b584

SHA512
94ca109a0ebae66268f4881634e79a94c535e70d70490d741a8a452cee6ccc867d7ca89941bdedabb0929cbefb657bf4e5583c3e6bb9fa65e0df5e37f09b2a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3D361B76-4E80-4BC6-A5CB-3AAA11D50398

Filesize
170KB

MD5
a2e56f4628bef343344ce198ba860aec

SHA1
04b3beca725f6091bdec3008968eaa487ffebe5c

SHA256
1ca5cdb60c91ab14dd6896ac9f32e6cac4323c538c2134c7df4c64c31b1191df

SHA512
f409b6f5170eb21e6c3bf21ee0f1ad001815926b9b22dddf61d6e82476533982452da13f0468d524160e270565a7c3c78e9523ed68d7821e889fe04296ce8e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
320KB

MD5
1c0d4e4f1d82d7bce8f78e553f41a509

SHA1
f5c1be3c36837f9dd46696d9c834e6e2988bc049

SHA256
fe33502989999d737a66c400e3fccd19795a9a7592726c0a60ff83e6dfaa607d

SHA512
8d1cab2e17eac006126c354d16d386a4704dac1a47022bfddad2d4d6316b4fa9c7c0449af2d9acddce5766f57504ea0ccd30b0cc59c5a4d6a186ec422d32bd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
331KB

MD5
299790eb4da891c0cad926473bdea5f7

SHA1
dacbd07b42d91a20ba9bfcdee5cdd75ce15644da

SHA256
6fac6770bea97503592e79ac1d458450afd373eb2fa1accf4218d5ee447d52d9

SHA512
3ab4b0d6b5c1eecc6b3fb37ffdf061713906c92b6c2e15f7f869f7b6a8b45a6dd069743080f3fe57f9726770f49a8826b07f50987fa148b882593481bb3670be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
10KB

MD5
b2c7b9985b81dc8a7f667221fa4032bb

SHA1
e0bd69e8cd47834c013771228de6aafbd9301f55

SHA256
4ee92c0bc6661fc215154a9c0f6f8975f245a5f3ea2cfe62769e8316e1019021

SHA512
79a70d0d5118c864cefd1ed8ef5bedaed0defc54fb970a399374803b6b2fedb7187bd1b69d6e9c642ecddcb590cb67a62db266c667c1cc739aca89af032c35d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
12KB

MD5
3e8c83777da78520c1e8e81ce8edcac2

SHA1
83b90668128dd2151f0e9af39a2b33a5d41668a4

SHA256
ae2d104e41fc0ba6db94012aadbb21e170f33bb261b6c104b13e670614cd688f

SHA512
f43cb81d0d5d22a761b3f89734eba014abc1c75c3830efe45ee48453bf91f66fee44ecb6b892a53ebe1c9105cc0fe9e2637e9d641a182642ab3aa014ca8c82e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
402KB

MD5
56dea535adfe5d96e4cbc0283b9f3f7f

SHA1
9c47f717d8a1b2d914f5f833614a6a5e75e3c736

SHA256
e502cb808b59a74f0be244e2978f43bb136a6d42b8de28a60933f570f99bebe0

SHA512
ca59b6436e4d08aac8c7d5eeabc1710c6f29318ec6398e934e1b97a4a48dab0e56bb9b93ff1bae912047c85fc94c90246e2569f7f64082c3d6c45bd8a8df5186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
6522d6d5071bca28e001970cf71637eb

SHA1
c70458ffeb5c0f0e17736135f3cba278fe90a2d5

SHA256
d5b6d29ce96adca905e78e2a7141bcd9a66d5b99f4df2fbed46d9a9efe1b636a

SHA512
f1375b02e227b628b502d5aa1b2bd483881f3997e257314bea6d99eda3f064b2578fde23cb0ee32a5487e337a9bbbd8f7537945d5e073ba6057a11059d64464f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
05287b2ff6457b5c3f078e14d7f83af1

SHA1
11c40c49a5c717a699172d8622353ebb73bf8f43

SHA256
07e9c06b553ab6216894b7b7622ba39fa957e985803db7cb5e4a0888994a6ad8

SHA512
ec88ca2e6388c5a55c9b34188af588c882e4b5f8971698bf0f2dd422d4f2ca145c66c4f789c9eced56b641fd7830d3918ae13771f506ede3430cfb24406b5c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
e89bed440868a2785a45c68b07cc7d15

SHA1
98ec7fc2da4a008f2ef93918551a76df72494f6e

SHA256
20024684d333656052e5e300f37aeb795d310a69d041a3f2a6a4516c8ee875f1

SHA512
2e8d21346618bac15297d2820e595243a664cbbae050706a4186bbd245ac1a0f88cc020f7cae1903f72c6ebd0b900cda00c1127cb037d3748ed1964eff457dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDB4D.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
22f99f7171dcb02dd7befc50958e6335

SHA1
4847074f8a6865ef312b3f564dc854db91aac6f5

SHA256
d803f2189b91e042c814842780ca6becbe07aa57df1ec55055f7172d2bf61fa9

SHA512
0de81bb263a5fc2844cde6b3cf6270af091b3f0311baa819b1004a88a2e9c548b6bd12ead6b3d6067a76cbe3e74c4df0aabbf63f9d75fb1265be7e75a2194b24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1416-2433-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1416-2436-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1416-2435-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1416-2434-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-15-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-6-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-56-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-13-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-14-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-16-0x00007FF96C470000-0x00007FF96C480000-memory.dmp

Filesize
64KB

Download
memory/1524-17-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-18-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-21-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-22-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-20-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-19-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-0-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-588-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-12-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-11-0x00007FF96C470000-0x00007FF96C480000-memory.dmp

Filesize
64KB

Download
memory/1524-7-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-9-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-10-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-8-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-5-0x00007FF9AED8D000-0x00007FF9AED8E000-memory.dmp

Filesize
4KB

Download
memory/1524-4-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-3-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-2-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-2449-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download
memory/1524-1-0x00007FF96ED70000-0x00007FF96ED80000-memory.dmp

Filesize
64KB

Download
memory/1524-2480-0x00007FF9AECF0000-0x00007FF9AEEE5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads