d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Size

436KB
MD5

a4bdcefd97821332f39852f00b54a742
SHA1

81018ef6ef0a11412b029524d865ae36ab6d3b91
SHA256

d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2
SHA512

243e49ce01c56ee1a9eeb6824712044eb81f88a3dc199b408edb32b99534d5b45f29687586ac0ae2bec1acea9d0ac1fe2188d29227638f386e527cf49456fe73
SSDEEP

6144:BpPDCOkXvBftF2WKcxQIop4T6jjtmUIM9n8xrF50uZPpvEoFuK/w:fCVZftAZcxtT62bbDvEU

Score

10^/10

discovery evasion persistence

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 8 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\taskmngr.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\Task Manager = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe"	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA79CFA9-CBDF-42EF-F2F1-E0E3EF3D9BD5}	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA79CFA9-CBDF-42EF-F2F1-E0E3EF3D9BD5}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe"	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{DA79CFA9-CBDF-42EF-F2F1-E0E3EF3D9BD5}	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Active Setup\Installed Components\{DA79CFA9-CBDF-42EF-F2F1-E0E3EF3D9BD5}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe"	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Task Manager = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe"	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\Task Manager = "C:\\Users\\Admin\\AppData\\Local\\Temp\\taskmngr.exe"	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 280 set thread context of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
1348	reg.exe
2620	reg.exe
1196	reg.exe
2712	reg.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: 1	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeCreateTokenPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeTcbPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeSecurityPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeBackupPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeRestorePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeShutdownPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeDebugPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeAuditPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeUndockPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeImpersonatePrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: 31	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: 32	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: 33	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: 34	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
Token: 35	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 41 IoCs

description	pid	Process	procid_target
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 280 wrote to memory of 2756	280	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2720	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	31
PID 2756 wrote to memory of 2720	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	31
PID 2756 wrote to memory of 2720	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	31
PID 2756 wrote to memory of 2720	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	31
PID 2756 wrote to memory of 2704	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	32
PID 2756 wrote to memory of 2704	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	32
PID 2756 wrote to memory of 2704	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	32
PID 2756 wrote to memory of 2704	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	32
PID 2756 wrote to memory of 2700	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	34
PID 2756 wrote to memory of 2700	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	34
PID 2756 wrote to memory of 2700	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	34
PID 2756 wrote to memory of 2700	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	34
PID 2756 wrote to memory of 2356	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	35
PID 2756 wrote to memory of 2356	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	35
PID 2756 wrote to memory of 2356	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	35
PID 2756 wrote to memory of 2356	2756	a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe	35
PID 2720 wrote to memory of 1348	2720	cmd.exe	39
PID 2720 wrote to memory of 1348	2720	cmd.exe	39
PID 2720 wrote to memory of 1348	2720	cmd.exe	39
PID 2720 wrote to memory of 1348	2720	cmd.exe	39
PID 2356 wrote to memory of 2712	2356	cmd.exe	40
PID 2356 wrote to memory of 2712	2356	cmd.exe	40
PID 2356 wrote to memory of 2712	2356	cmd.exe	40
PID 2356 wrote to memory of 2712	2356	cmd.exe	40
PID 2704 wrote to memory of 1196	2704	cmd.exe	41
PID 2704 wrote to memory of 1196	2704	cmd.exe	41
PID 2704 wrote to memory of 1196	2704	cmd.exe	41
PID 2704 wrote to memory of 1196	2704	cmd.exe	41
PID 2700 wrote to memory of 2620	2700	cmd.exe	42
PID 2700 wrote to memory of 2620	2700	cmd.exe	42
PID 2700 wrote to memory of 2620	2700	cmd.exe	42
PID 2700 wrote to memory of 2620	2700	cmd.exe	42

C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:280
- C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe
  2⤵
  - Adds policy Run key to start application
  - Boot or Logon Autostart Execution: Active Setup
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:1348
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\a4bdcefd97821332f39852f00b54a742_JaffaCakes118.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:1196
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:2620
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\taskmngr.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\taskmngr.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\taskmngr.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\taskmngr.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\data.dat

Filesize
34B

MD5
38c8ea22acd25e9b39e907df0d8de5ce

SHA1
04e47592bb949245e3490ecd8179fd76a26e10a8

SHA256
5d9f74d57e494097be9fbeb57958ce76987359d5f8c9dc65fac10c34fa38fdc9

SHA512
1c84ff0fc45734dc370d39af6b4aa83b42ed05ee3e91fe515d6543e7f1be546ebd1c4af85e7de398fa6f8a0cb0f94a27b9d120d407ad7213360e524810eda0d9

Download Submit
memory/2756-2-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-4-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-11-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-12-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-13-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-17-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-18-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-21-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-22-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-29-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2756-30-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads