3cb0b4bb1c14c7a10398abccd291cc5b5dcd86fdd7aeecfcbb86b7f4161bc00d

Analysis

max time kernel
143s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 20:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9fe829d097acca3423fcc6df6666b52d_JaffaCakes118.doc
Size

239KB
MD5

9fe829d097acca3423fcc6df6666b52d
SHA1

2ac7468b30aea7d962e98b466940912577e352c6
SHA256

3cb0b4bb1c14c7a10398abccd291cc5b5dcd86fdd7aeecfcbb86b7f4161bc00d
SHA512

fd4e75fb85548191e4a00e6395aed2af054359a26f66173134b30fc4cc70eb5e4e03cf1e1ddac28743462fac5aa954961ae7d2864184033591b2a1d38fdde2ca
SSDEEP

1536:aterU1wDv/6MaETOgnHJcIKBC5bvzsLHrTPfyOK/dRYipyhv7gz1VYyAOm:a/wDvWETOgnHJcIKBs7qAdSJc5VKOm

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1132	WINWORD.EXE
1132	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	4928	EXCEL.EXE
Token: SeAuditPrivilege	1836	EXCEL.EXE
Token: SeAuditPrivilege	2032	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
1132	WINWORD.EXE
1132	WINWORD.EXE
1132	WINWORD.EXE
1132	WINWORD.EXE
1132	WINWORD.EXE
1132	WINWORD.EXE
1132	WINWORD.EXE
4928	EXCEL.EXE
4928	EXCEL.EXE
4928	EXCEL.EXE
4928	EXCEL.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
4448	WINWORD.EXE
1836	EXCEL.EXE
1836	EXCEL.EXE
1836	EXCEL.EXE
1836	EXCEL.EXE
2032	EXCEL.EXE
2032	EXCEL.EXE
2032	EXCEL.EXE
2032	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9fe829d097acca3423fcc6df6666b52d_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4928

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
f5620c92cbdc293c3ae3aae31aef598b

SHA1
1f2b47a9ddcf2e644eb45eba39cdbf02ab292bda

SHA256
a31cb1fb5b8ae640c14a44be54ba89c30034b42c9638b264583e38924e787f12

SHA512
6009ec07f3853df80436f80e3d81a5d95d0d2ff2d501d46b6854438bfa16447e6a787f6610556b957e0e950087109145b6f94de08232d4a085035427e8db7c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
3eb202419d5c56aaf7f28ffd306fb1ed

SHA1
bd8491f74fc8ce2ab3549d481fb3b3f367908519

SHA256
efdbd1bed5476560bab0dbeb6866a6aa96d5e6fad35d3082fb2d4b6e3d1ae346

SHA512
9a13673d997e6026170a6fbf1be262a4dc8c948775c62a5c12ac42d04d2cba92d4850ebcbedf211c96c9fb7511e3dc52381d22479d40972c2945dd44c07cc847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
fa76749bedf302e82f206da280579605

SHA1
7df913782336a0380055ce699ee06317c6f4ea81

SHA256
abed4ffde8ecb015bb5d7ad42db33ee81566111f728d2898499acb1610de121c

SHA512
ef9ec834030ba8e0baa52527df61e0b036df1b9bbca07aa142dade86c665bfc6c64c1a2be2ac662bc82ac712882417f60b5ced91c75cbe45afeebe59902e31d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5D055267-DAF6-4EBC-B0FC-2AC9E8780E63

Filesize
170KB

MD5
5a35aa78630714012e8c620d31c0cdf6

SHA1
80870e7dd6ca93ecd0bf693d90aa1ab00340b4f7

SHA256
066676b897e76eb1c44912a508908f041518a985d77eb8988d419f6ac20b545f

SHA512
92d5b8d9b1f155794f03b37fea02723b6995c73432944408b2032e4b3cc832873f4f8509c89f40e421e5d8939a33dbe09cab57e984f9e9f40950b0da61346032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
320KB

MD5
1860cdd48aea9511bbd598c3d6e80ec2

SHA1
4d80fb389297d1b42330fc9cc043890b7de843ef

SHA256
c72ac8cb5ac91290357dd9c931f52757bd17d6792cc0b6cda581e4f97d72f035

SHA512
64718fa5631271dd34463b67d7c95c87ffa80f914f61d2dfd2b33262ad9e7aaa8e3ba5ec6b53e39c8eea8a8baa0b0364dfa0954d1192ab483e07dc1f8a5485e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
332KB

MD5
42a5cdb04beaebba9dd98180c00b4ec3

SHA1
591781c3fd5645ed5f1c76160a2a44afacd98517

SHA256
53c122d27c4b7ed32b046a8073b25d61b6728aaae8a734f028c5fb4d395ba1a9

SHA512
fa5cb573e660b0a88dd8e1b54640501c2777a51925e180c4357da24628d1ec65b958eb441ad8474c9c8df1f276d7ccb8a29259791289727cc533143b92d174c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
11KB

MD5
de67f2a33378dc965fecf10a437588dc

SHA1
7eb3b58d574b2e5a23708899d4a81a0c199541d8

SHA256
ebb75e7ceb56001bd8852d22c83290bab45ecb031cf8d4ba63f619df66fc3e7f

SHA512
24c75d784d3ae0e1c2a11de3c96d8456daba9afd3d216ce30dad24abf3920e4014c2e9697ec87260207dd33fc44056bf33f65d482ba940560864e3cf487d4200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
085ebd119f5fc6b8f63720fac1166ff5

SHA1
af066018aadec31b8e70a124a158736aca897306

SHA256
b8411fe8ec499074fca9047f6983d920279e84ddf3b02b2dd5c08cf07ec44687

SHA512
adb0522830db26123347cb485c43b156f5c888510e52091ba0fafc22b650ad29630c027746c920321905c28259dce7ff63dded93a79efddd5567c68312117875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
8KB

MD5
1dd15481b350cb5c312d7013ccaed467

SHA1
4c9b73f7eeaa16f80d334f2a91442d4473ae0563

SHA256
baa97a4ac12850c3c9742a1cbe7d9764c5d755f7c3677a031a34ad19b382dadf

SHA512
1a7316817a976e9c8f637169df8327b1990884f0c241355281045c178620854d0caabb792718311ae9f9427648e6fd231725817fa8c150554cffa676cf33dc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
d57651888927adb58508d4ead8ea9200

SHA1
5974b0540d783f49f1aa8de35f51e6c244d7bfb8

SHA256
4abdfd6713b22b224ed5e2cd549dc238459536a5df5c5bd0d451accb40791146

SHA512
7b94a3c219fcdb5f59887c9703b459787a1b0469e2fb4947a16584be3ccbada48bda1ae317646e1c2393070b7040328c18d5700369e43517b42550370882ba0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
54c67a5bf1ba45e7fbc71bb1c8de242a

SHA1
f4ef800feea4c3d1fb555cae1dae995c6e1654fc

SHA256
a1d519c417c4fca26320b2f96fbf5f4fc0087f6404e1cc41370996bb0d473e2d

SHA512
864d57ca43a7fd0c421391db4c09a6f7eb0efe5515c4a352a7cd36e60e92cb4b0d9d14f363dde5c742a37660faf13595713cc989833cd6d2da8d52e0d8a10a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
ed3ac9e13d60a55c3e3ad037efba4efc

SHA1
44c0c32e11ba7099e8a19d5fe9ae5c5852c9fcb8

SHA256
6aad992086af5a3594be6b4e8afebf939595ffb222eb67e199f3ba3f473aa648

SHA512
616a662a8abf318376a0b26c1aed174a4fd0fbcb87d67db2180d087dd3d17400396a8d5dd655aad9af66a4934f409bab98066e11dbbe3c1bbe71c4966b8674b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDFD84.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
d9525b6ad608e8b05e3fbe8f54f32d58

SHA1
ac793f8f1d1bd58233ede24d58ef84797393ecc3

SHA256
025bab86e554d618732dfe8f9ae754c56b3c3589bba77842b700408eaf6aedae

SHA512
d00f47289822343316fdf5c28c2b868ef83a5e6ee3ead2bd83a0d97c7e286254a276ce1ddb92ed9928b3585b1582abd2b847c45c46a2877d9198f7c2cc9f293d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
820820cfc5b7bd5145d68539149ac16c

SHA1
7a73d88008e2edf07a516b03325e1231a7b83d7e

SHA256
01f63ced64dc87c43cbc6287a33af64514c670bf4cc4c42131bd050e43be69c9

SHA512
71cd3ad47fcc2dc9bbaf65eaa39e31a94a33e30b6751f887aaf941e438aa19e664282c5d017fb50fcf622375d45524e4c1b56fcc5ffb08ab1e238d9a0e8603c0

Download Submit
memory/1132-12-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-9-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-19-0x00007FF9A6E10000-0x00007FF9A6E20000-memory.dmp

Filesize
64KB

Download
memory/1132-16-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-229-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-18-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-17-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-14-0x00007FF9A6E10000-0x00007FF9A6E20000-memory.dmp

Filesize
64KB

Download
memory/1132-15-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-10-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-11-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-1-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/1132-13-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-2-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/1132-4-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/1132-0-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/1132-5-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/1132-1221-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-6-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-31-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-7-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-8-0x00007FF9E8E90000-0x00007FF9E9085000-memory.dmp

Filesize
2.0MB

Download
memory/1132-3-0x00007FF9E8F2D000-0x00007FF9E8F2E000-memory.dmp

Filesize
4KB

Download
memory/4928-1214-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/4928-1213-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/4928-1212-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download
memory/4928-1211-0x00007FF9A8F10000-0x00007FF9A8F20000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads