5d91e845ee3f9446a24ca36ad0e215c44164492efd2fb0e5d8eb423645a8968b

Analysis

max time kernel
75s
max time network
80s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-08-2024 02:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe
Size

684KB
MD5

989fe32c814a09a49cbb56443de5d1d7
SHA1

ccdf0e1e4365395016533cf162a2e434879dd943
SHA256

5d91e845ee3f9446a24ca36ad0e215c44164492efd2fb0e5d8eb423645a8968b
SHA512

921c281be5dfe1c4d35e39779b9321ed913ad3c1f49c909e7acfd39601bb3625f810790f0f088eb6f8b40b895a05c02b792b295608ca3239c7fd7c1b0950d8ca
SSDEEP

12288:C6HgI0cchRB19jEfo3DPtITbL4kEJXqQUDVGMUIA:CB1Dl6o3D1IXXEJaXVGY

Score

9^/10

defense_evasion discovery evasion persistence ransomware

Malware Config

Signatures

Modifies boot configuration data using bcdedit 1 TTPs 10 IoCs

ransomware evasion

Inhibit System Recovery

T1490

Processes:

bcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exe

pid	process
2800	bcdedit.exe
396	bcdedit.exe
3064	bcdedit.exe
2616	bcdedit.exe
2720	bcdedit.exe
1368	bcdedit.exe
2244	bcdedit.exe
2636	bcdedit.exe
1256	bcdedit.exe
2896	bcdedit.exe

Drops file in Drivers directory 1 IoCs

Processes:

uqhoo.exe

description ioc process

File created C:\Windows\system32\drivers\f786eba.sys uqhoo.exe

description	ioc	process
File created	C:\Windows\system32\drivers\f786eba.sys	uqhoo.exe

Enables test signing to bypass driver trust controls 1 TTPs 10 IoCs

Allows any signed driver to load without validation against a trusted certificate authority.

defense_evasion

Code Signing Policy Modification

T1553.006

Processes:

bcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exe

pid	process
3064	bcdedit.exe
2616	bcdedit.exe
1368	bcdedit.exe
2244	bcdedit.exe
2636	bcdedit.exe
2800	bcdedit.exe
396	bcdedit.exe
2720	bcdedit.exe
1256	bcdedit.exe
2896	bcdedit.exe

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

944 cmd.exe
Executes dropped EXE 1 IoCs

Processes:

uqhoo.exe

pid process

1848 uqhoo.exe
Loads dropped DLL 1 IoCs

Processes:

989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe

pid process

2472 989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe

pid	process
944	cmd.exe

pid	process
1848	uqhoo.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

uqhoo.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\Uqhoo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Abycak\\uqhoo.exe"	uqhoo.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe

description pid process target process

PID 2472 set thread context of 944 2472 989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe cmd.exe

description	pid	process	target process
PID 2472 set thread context of 944	2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe	cmd.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exe989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exeuqhoo.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uqhoo.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exeuqhoo.exe

pid	process
2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe
1848	uqhoo.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

464
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

uqhoo.exe

description pid process

Token: SeShutdownPrivilege 1848 uqhoo.exe

pid	process
464

description	pid	process
Token: SeShutdownPrivilege	1848	uqhoo.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exeuqhoo.exe

description	pid	process	target process
PID 2472 wrote to memory of 1848	2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe	uqhoo.exe
PID 2472 wrote to memory of 1848	2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe	uqhoo.exe
PID 2472 wrote to memory of 1848	2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe	uqhoo.exe
PID 2472 wrote to memory of 1848	2472	989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe	uqhoo.exe
PID 1848 wrote to memory of 2800	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2800	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2800	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2800	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 396	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 396	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 396	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 396	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2896	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2896	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2896	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2896	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 3064	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 3064	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 3064	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 3064	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2616	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2616	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2616	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2616	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1256	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1256	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1256	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1256	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2636	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2636	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2636	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2636	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2244	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2244	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2244	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2244	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1368	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1368	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1368	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1368	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2720	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2720	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2720	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 2720	1848	uqhoo.exe	bcdedit.exe
PID 1848 wrote to memory of 1124	1848	uqhoo.exe	taskhost.exe
PID 1848 wrote to memory of 1124	1848	uqhoo.exe	taskhost.exe
PID 1848 wrote to memory of 1124	1848	uqhoo.exe	taskhost.exe
PID 1848 wrote to memory of 1124	1848	uqhoo.exe	taskhost.exe
PID 1848 wrote to memory of 1124	1848	uqhoo.exe	taskhost.exe
PID 1848 wrote to memory of 1180	1848	uqhoo.exe	Dwm.exe
PID 1848 wrote to memory of 1180	1848	uqhoo.exe	Dwm.exe
PID 1848 wrote to memory of 1180	1848	uqhoo.exe	Dwm.exe
PID 1848 wrote to memory of 1180	1848	uqhoo.exe	Dwm.exe
PID 1848 wrote to memory of 1180	1848	uqhoo.exe	Dwm.exe
PID 1848 wrote to memory of 1208	1848	uqhoo.exe	Explorer.EXE
PID 1848 wrote to memory of 1208	1848	uqhoo.exe	Explorer.EXE
PID 1848 wrote to memory of 1208	1848	uqhoo.exe	Explorer.EXE
PID 1848 wrote to memory of 1208	1848	uqhoo.exe	Explorer.EXE
PID 1848 wrote to memory of 1208	1848	uqhoo.exe	Explorer.EXE
PID 1848 wrote to memory of 1728	1848	uqhoo.exe	DllHost.exe
PID 1848 wrote to memory of 1728	1848	uqhoo.exe	DllHost.exe
PID 1848 wrote to memory of 1728	1848	uqhoo.exe	DllHost.exe
PID 1848 wrote to memory of 1728	1848	uqhoo.exe	DllHost.exe
PID 1848 wrote to memory of 1728	1848	uqhoo.exe	DllHost.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1124

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1180

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1208
- C:\Users\Admin\AppData\Local\Temp\989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\989fe32c814a09a49cbb56443de5d1d7_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Abycak\uqhoo.exe
    "C:\Users\Admin\AppData\Local\Temp\Abycak\uqhoo.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2800
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:396
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2896
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:3064
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2616
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:1256
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2636
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2244
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:1368
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe -set TESTSIGNING ON
      4⤵
      Modifies boot configuration data using bcdedit
      Enables test signing to bypass driver trust controls
      PID:2720
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KKJ8B90.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:944

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1728

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2304

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Code Signing Policy Modification

T1553.006

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\KKJ8B90.bat

Filesize
248B

MD5
1826237a7eea84e2bbd3f3cb570845ad

SHA1
7945aab4baf50ad29ecf7302b8196b0dd4263da0

SHA256
06031c735363eb3607abf04c3cb9ab417953992a4a52a1ad9c44b476c4286ddb

SHA512
fcf06114db88d64e89692efbe454296af0dc23ee66982cead6f6031b0d530615d6794b05c6a51687d96fb4014f9f5ac03f4357c11bbd283e7d88a689fe80db3a

Download Submit
\Users\Admin\AppData\Local\Temp\Abycak\uqhoo.exe

Filesize
684KB

MD5
51cd6fb9a34219e5fe82e6bf330ebe97

SHA1
6719cdfcc305f229c3b0649690e83642865e1175

SHA256
141b99b31537578c3f43352254090684aa605ebc2d46f3ad30d94b79d418ecfe

SHA512
2d28da4c3f57ca714cecee83082b5609be3a46fcd7ce5559476048d6ffaf13438bb7c84714e049aa6ca144fb7c1d880eb4d756537d3670a439b40db582544bcd

Download Submit
memory/944-66-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-63-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-61-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-62-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-64-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-65-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-67-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/944-68-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/944-54-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/944-71-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/944-56-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/944-57-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/944-58-0x0000000000050000-0x00000000000BD000-memory.dmp

Filesize
436KB

Download
memory/1124-21-0x0000000001F20000-0x0000000001F8D000-memory.dmp

Filesize
436KB

Download
memory/1124-16-0x0000000001F20000-0x0000000001F8D000-memory.dmp

Filesize
436KB

Download
memory/1124-18-0x0000000001F20000-0x0000000001F8D000-memory.dmp

Filesize
436KB

Download
memory/1124-19-0x0000000001F20000-0x0000000001F8D000-memory.dmp

Filesize
436KB

Download
memory/1124-20-0x0000000001F20000-0x0000000001F8D000-memory.dmp

Filesize
436KB

Download
memory/1180-24-0x0000000000120000-0x000000000018D000-memory.dmp

Filesize
436KB

Download
memory/1180-26-0x0000000000120000-0x000000000018D000-memory.dmp

Filesize
436KB

Download
memory/1180-25-0x0000000000120000-0x000000000018D000-memory.dmp

Filesize
436KB

Download
memory/1180-23-0x0000000000120000-0x000000000018D000-memory.dmp

Filesize
436KB

Download
memory/1208-31-0x00000000029B0000-0x0000000002A1D000-memory.dmp

Filesize
436KB

Download
memory/1208-30-0x00000000029B0000-0x0000000002A1D000-memory.dmp

Filesize
436KB

Download
memory/1208-29-0x00000000029B0000-0x0000000002A1D000-memory.dmp

Filesize
436KB

Download
memory/1208-28-0x00000000029B0000-0x0000000002A1D000-memory.dmp

Filesize
436KB

Download
memory/1728-36-0x0000000001D50000-0x0000000001DBD000-memory.dmp

Filesize
436KB

Download
memory/1728-34-0x0000000001D50000-0x0000000001DBD000-memory.dmp

Filesize
436KB

Download
memory/1728-33-0x0000000001D50000-0x0000000001DBD000-memory.dmp

Filesize
436KB

Download
memory/1728-35-0x0000000001D50000-0x0000000001DBD000-memory.dmp

Filesize
436KB

Download
memory/1848-10-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-14-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-80-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-79-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-78-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-77-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-76-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-75-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-74-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-73-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-9-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/1848-11-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/2472-60-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/2472-0-0x0000000000488000-0x000000000048C000-memory.dmp

Filesize
16KB

Download
memory/2472-1-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/2472-15-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/2472-49-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-48-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-47-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-38-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-2-0x0000000000400000-0x000000000053F000-memory.dmp

Filesize
1.2MB

Download
memory/2472-42-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-46-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-40-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-45-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-50-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-44-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-39-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download
memory/2472-43-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2472-41-0x0000000000640000-0x00000000006AD000-memory.dmp

Filesize
436KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads