warzonerat | 2ae20ed4c587cc4014673f04ef7e93b06ad2004aa5600448f7ebc5e84fa482e1

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
Size

13.6MB
MD5

734ba749faa3bded8bf6c7568251b828
SHA1

2cbb734fc3f6a6c858bddc3e40d41eb1f80888b2
SHA256

2ae20ed4c587cc4014673f04ef7e93b06ad2004aa5600448f7ebc5e84fa482e1
SHA512

9095306a61fddebb6eea30e6a1e20f42b97185ba6d47c8c8a7fa2c453f86ba2db7d78403018358e5301ff3b53ed849d4928219a9c34b9601288f2245237c4e8b
SSDEEP

196608:qtw4OJkEPIH+d8eSzwE4EhpZtw4OJkEPIH+d8eSzwE4EhpHFKzYN:qtw4OSUZd8eSbztw4OSUZd8eSb

Score

10^/10

warzonerat discovery infostealer persistence rat

Malware Config

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT payload 15 IoCs

rat

resource	yara_rule
behavioral1/memory/2204-16-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/2204-17-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/2204-13-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/2204-10-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/2700-41-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/2700-40-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/2700-38-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/2700-39-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/files/0x0009000000015f4d-49.dat	warzonerat
behavioral1/memory/2700-68-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/1540-82-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/1540-81-0x0000000000400000-0x000000000081C000-memory.dmp	warzonerat
behavioral1/memory/1928-100-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/1928-177-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat
behavioral1/memory/1928-176-0x0000000000400000-0x00000000004E3000-memory.dmp	warzonerat

Executes dropped EXE 5 IoCs

pid	Process
2636	._cache_2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
2996	Synaptics.exe
1540	Synaptics.exe
1928	Synaptics.exe
1092	._cache_Synaptics.exe

Loads dropped DLL 6 IoCs

pid	Process
2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
1928	Synaptics.exe
1928	Synaptics.exe
1928	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2968 set thread context of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2204 set thread context of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2996 set thread context of 1540	2996	Synaptics.exe	34
PID 1540 set thread context of 1928	1540	Synaptics.exe	35

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1156	EXCEL.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1156	EXCEL.EXE

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2968 wrote to memory of 2204	2968	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	30
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2204 wrote to memory of 2700	2204	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	31
PID 2700 wrote to memory of 2636	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	32
PID 2700 wrote to memory of 2636	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	32
PID 2700 wrote to memory of 2636	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	32
PID 2700 wrote to memory of 2636	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	32
PID 2700 wrote to memory of 2996	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	33
PID 2700 wrote to memory of 2996	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	33
PID 2700 wrote to memory of 2996	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	33
PID 2700 wrote to memory of 2996	2700	2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe	33
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 2996 wrote to memory of 1540	2996	Synaptics.exe	34
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1540 wrote to memory of 1928	1540	Synaptics.exe	35
PID 1928 wrote to memory of 1092	1928	Synaptics.exe	36
PID 1928 wrote to memory of 1092	1928	Synaptics.exe	36
PID 1928 wrote to memory of 1092	1928	Synaptics.exe	36
PID 1928 wrote to memory of 1092	1928	Synaptics.exe	36

C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe"
    3⤵
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\._cache_2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2636
  - - C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1540
      - C:\ProgramData\Synaptics\Synaptics.exe
        
        "C:\ProgramData\Synaptics\Synaptics.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1092

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
13.6MB

MD5
734ba749faa3bded8bf6c7568251b828

SHA1
2cbb734fc3f6a6c858bddc3e40d41eb1f80888b2

SHA256
2ae20ed4c587cc4014673f04ef7e93b06ad2004aa5600448f7ebc5e84fa482e1

SHA512
9095306a61fddebb6eea30e6a1e20f42b97185ba6d47c8c8a7fa2c453f86ba2db7d78403018358e5301ff3b53ed849d4928219a9c34b9601288f2245237c4e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_2024-08-20_734ba749faa3bded8bf6c7568251b828_magniber.exe

Filesize
132KB

MD5
ea15890b9eca7ebe540e1ebcdbd0ce5a

SHA1
4536ad88bcac07f6cba0c8cc300a0b333c0a6c45

SHA256
9b8556cccc608749131c32f145cdb6dcfaa5b0ec5304b597bab65a6cb5cb65f8

SHA512
8d1545991d8413ff57effce63208b81d2a2afea6126e62d7c71eca02d227d4417d141b008b42d30ea3fa7b999eed0b8de5734e4ab6d939623d6497fd56742f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\8e7qqjpr.xlsm

Filesize
20KB

MD5
d8b5303fbee2f85348fbd8c4224a94b0

SHA1
ed6a3c8857b20b1760fa2eb833487a9684dbe83b

SHA256
313a89f26a8cdf30453e722c07e757ef2065f7400d01cd1162bf98b81d2130eb

SHA512
428418d8bc9fe9ae3bc754f2615f58f6619d311ef1c1f5753e9e0092a75745a5447bd3af16842a10d3dabc6bb82213b6d6181ff80a0610e1f3e21f6c7dd80516

Download Submit
C:\Users\Admin\AppData\Local\Temp\8e7qqjpr.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\8e7qqjpr.xlsm

Filesize
23KB

MD5
a4cd462dbf7e32d23cf1ebf7ce502fe6

SHA1
2436271be9f86401927925b71218ea1f9732ecdf

SHA256
ad79022686097397a9a7043a95f5169620c63b1096f42319f4b0e1dbd105f2a3

SHA512
189e8a5e84d3cde9debfedaf0ed694910c69940261f1e7abaf0b3b99927001f4ff9fb22cdee471cfebc3b7984ce7c90a37627c8d8716f830ce7f7c985dd277fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\8e7qqjpr.xlsm

Filesize
23KB

MD5
6c41ea6496d94206687e8b5138e099ac

SHA1
51d455f66c1f0ed829b52cd3cd6e7971c4f815ad

SHA256
8893d23286486681c6dbbef68d2980d1e05020bb4bf8bb7b44322968f6203dbc

SHA512
aad448e43e7f33b6b11b6cd860747f034eda1a1cf47368eb434f3ce35c1e2d52e7f9c6df25176ac944e15a97815ee6abab016ee0fb08f61ffdecfba791eb7035

Download Submit
memory/1156-113-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1540-82-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/1540-81-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/1540-78-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1928-177-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1928-100-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1928-97-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1928-176-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2204-16-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-21-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2204-20-0x0000000005E80000-0x0000000005F92000-memory.dmp

Filesize
1.1MB

Download
memory/2204-10-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-7-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-42-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2204-9-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2204-13-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-18-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2204-17-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2204-5-0x0000000000400000-0x000000000081C000-memory.dmp

Filesize
4.1MB

Download
memory/2700-36-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2700-34-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-24-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-39-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-28-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-30-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-68-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-22-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-32-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-26-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-41-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-38-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2700-40-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/2968-0-0x000000007455E000-0x000000007455F000-memory.dmp

Filesize
4KB

Download
memory/2968-19-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-4-0x0000000000420000-0x0000000000428000-memory.dmp

Filesize
32KB

Download
memory/2968-3-0x0000000005BE0000-0x000000000602A000-memory.dmp

Filesize
4.3MB

Download
memory/2968-2-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-1-0x0000000000B40000-0x00000000018E2000-memory.dmp

Filesize
13.6MB

Download
memory/2996-69-0x00000000009F0000-0x0000000001792000-memory.dmp

Filesize
13.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads