cybergate | 46aae58ba4d18517718451c60bacb06d71737e870c3a31060bf2d6f50768280c

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe
Size

1.2MB
MD5

b2d4f054ca9133f406af46addffbc00e
SHA1

a8968855cbf19c20be1ee9f7c03c43bdffa55b53
SHA256

46aae58ba4d18517718451c60bacb06d71737e870c3a31060bf2d6f50768280c
SHA512

0fcbfeef9a141b4ae179aa31ee60c0533681226aaf0edddbd2f76caf6aab6682cce1969cff0243fb1ace4b0a37d7a0f0a916ec7ff4c5694018092d90503d1b6b
SSDEEP

24576:HhqMYdprgqE8sleQy2bkqjZcFMV3blGj8eyIbfbTAp2CsEI8h:HhqDpJE3QOnjZyX8eBDTMLsah

Score

10^/10

cybergate itzh4cked discovery persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

itzh4cked

itzh4cked.no-ip.biz:6661

Mutex

CY4GD3PW1Q0B43

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
test this bitch.exe
install_dir
Windows
install_file
chrome.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
what459sit512
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-23-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral1/memory/2324-19-0x0000000010410000-0x0000000010475000-memory.dmp	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindosU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WindosU.exe"	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2108 set thread context of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	2944	vbc.exe
Token: SeRestorePrivilege	2944	vbc.exe
Token: SeDebugPrivilege	2944	vbc.exe
Token: SeDebugPrivilege	2944	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2324	2108	b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe	30
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31
PID 2324 wrote to memory of 1652	2324	vbc.exe	31

C:\Users\Admin\AppData\Local\Temp\b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b2d4f054ca9133f406af46addffbc00e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1652
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2944
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin2.txt

Filesize
224KB

MD5
ba8b606e502b9e0e79bec6287f52d930

SHA1
1cd485004800d89498506baae10ffd335aeb00ab

SHA256
c2f8f48a1d493442303f6c6a5a9afe52dc7830975ca1452a0acde58d9f024570

SHA512
13a648e1da2b85d66529af837df90c5cbb697f1a809c07443a9689b6f74a29fe8d2ae042a3c3a540fb7ec1f38f6752b5e3270d335eed70a67b77eb1f5ad1d62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
8f4f70b06c422f6cd97922ce06a2b2b9

SHA1
489f63af2f3b9c208b316dacfa0a2e9f8f82a7dd

SHA256
730fa91d4c3769bd19ff5997b2b58fb6df5b549f70b1a73b1589e75224cd25e6

SHA512
45193a5bfa883ed037634addca0982164097cbd8810cfbcb41e37c85a8ce07039539ae542f9fadef2214135315725a0efc2b7f3241d159ec116f0573094bcee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
c55cf1aec52529c837ff94f94be1b9d2

SHA1
4486d318d0abebadea286c7a769f9140b4342eac

SHA256
6d2361e1c45d6a8fbe14721a7e9b0089b07532e42b74d6888eddb75c93ff98fb

SHA512
e1ec8dc70b8aa660ec6aea27dc1d48e0d28b1b933751d7d9c86418fa97f760caf2e89302958d0e660a5c4ede80c04ee7dc81281f2768eb264a8db8c9954f909d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
883c9d12b80e689ff3e01f4cc1687e5f

SHA1
2ffca5d1fa8e89610f02cfe11bbe214485abf5b9

SHA256
cfda9af4e8409f913c3d265d20ad1e4f67b1b65e6b0b451682db0ef5cfa3432a

SHA512
67de1cc8eda4079e43d0ab06e3e68e15aa6c511372f1e9127256886a306d24e51fba30e6e597c3bd3c5c2315b331f73583e829d3d498ebe0e3c50db2755d9a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
2d82b86bdeb30177bece9cf0db3d258e

SHA1
ca9da9148d626fec5724d6da353e73927c5dcdfe

SHA256
c0703bce4a45b6cfeb6351c99671d8958094df50d7950ed39713dcb595a488fd

SHA512
9ff8d19f2106ce98b4b377e8f8330632aea3ce7a63c064f2c0a7f2a5fee5ef332523ab3f237967a0742d823b6643fe26111bd29538f3bd81a39e0adfdd8089f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
4cd91252cc12842a05ea09668a10b3ab

SHA1
a929214d1e1a2a78bf34ab52087945aa70fb564f

SHA256
f98a14a42b5840cf17c304b9baf5b0c980cfb1393698764303499a861c5748ce

SHA512
cf54f0030974b462ccbfd3b724dc1f0bf2ab84b741c882a2cd9be140cf5dbaf7f1521742014717a3714756a910edb693141cfec29c7ed2e8a9ca179e62828931

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
0113a1eba293841d61461773d9969fd4

SHA1
7419b0ad990bb63c49d0f7624bd1afe0379da102

SHA256
437b52e36fed243f9bdea95594abdad81a64d0e98bafe9cf35220e4d525f0e59

SHA512
41d432987be623c19fce5e3520539d2c10b255135f17894c74ee6f8b54009b59c315c7319fbe0d1370e7a235c1f155327f2f98f071196a18c769121e5ed8b62e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
f1cdde69d3881168f15c145c4c13034b

SHA1
522edcb9c4065e636e6fc24bb55abab8cfd77f7d

SHA256
b7f1817525eb2ef20a6c9840e9a910655385584cadff0705e5db26700f10627f

SHA512
31df521c964eb6f6c25279f85908a4a3bd0782853cac34f2b4687673d81f3479d1b5ed9f493d30bf4ecd34a780f4f8cbe28648b674a74d273ef02d76c2ff987f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
0702678a3c6be57a890bce6bd1982560

SHA1
cb7742da8051dcba2456d35c3821aea598dc54ee

SHA256
fa8b0dc96a4f26f7b20025f463b9b1559171df84b1d213d2bffbf5f7141de1c2

SHA512
c6846aeb7f52d348fd62e2c28d20440f992dec6239e5e1c0fd3659ecc14dba67c6aab0f79fa17c7853aa3bb481d43c511921d378ff89612f908ee7dc6d9a58c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
6dbe59359ff5c498654c64d1510cfa52

SHA1
f4ea5b6cedb75bc488d8953acc266fbb6a2884e2

SHA256
503c37e7db2f8d4492489fc680c6774ecc2820b4c144cca015db15e8e69885c9

SHA512
f18e13006488699d6b886d677e6b370a496040da408fcd347875592fc2e338ebfd0fe22de51a4b2840b878fbd57325d3b8702629a6551382bb4f120c6a95cc40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
fde4a074e2e25e2cbd1456cb9471089a

SHA1
2272f69121f682d451793ab888e2802134d55884

SHA256
3516eee6156f4d4d6f0f69ab26a2867ff5824a7c360df90bd7db80b059b7d675

SHA512
88c041c1297addad85c1d1b4c1cd8df3ec70960dc068f17f87a8b7ddd52a14d52de9e5e80ef47478fc4ffd611cfe08cb2cd39e18a0b97869ada79ff800361748

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
80aa87b3386be6662cb92ed5536a17c9

SHA1
8cd05f12f5b575e77bd48be5efc68bf7444c4553

SHA256
a212a369fefb8f2790bb20cf370ccaa24eb0f7cb18e559a8255b4bdcb611a45e

SHA512
dd49638bba7c5ccb11d6e535038e40c93840b04391e9131a355e2f19c491103f1dd338fc42a54e62aa66ef3a75edb4c28e22bb39ddac6776dbb5fd5c75bb5095

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
30060a95948f3d6bd66adb6822252442

SHA1
310c411d6ab7f6670b6c8479e4fc8f3e8e6c58a3

SHA256
3c526e4acf4354e0058fc2e61081c0483a46374cd81bd4643d7534bc034bf671

SHA512
2dddfe2eacc61df1ee88b2cfb1dbd7debc551a5f93df4247fe60c80eddc0b9928993694d834048497f4bd1fdef988d164188c06a04ef93e8f06b305d04c9a264

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
0991e190f214ba8d3fb36682a27a8d3f

SHA1
fbfaf802e484110548a4572704d931d76eee90cb

SHA256
cc314f6a73edf6635cdfb20bf23616e75b135c09677682e75cf00d065536024c

SHA512
5a6a4854765e15dc82ed7d904625dea0e57da6ddf016539a388f40886d5d3f42178b945d1eb2f0ca9d27d541f90b8665af1e07a90342e07f267c84228fbc51e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
4aa80c3f2f5735dfdd4fc29213ff1673

SHA1
118c5941ec41229fb2b6f26a10a41761a64c2f73

SHA256
5622c5c0a74a4f3bf06b40e230a73b0067d2e5f43766908fec6200f34199abb3

SHA512
2b6b1a653e30e3c50bb6a66ee116faef5a30a743f8b560a5246ae8f3a0eb3af9ab795ed72171618f79430a5e2eb78983020140772e1d8fd4f627745feed4cc86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
eb3195a8016725d121edbfc484ce6350

SHA1
d9a54383f4992168f1886ba38b3dc9a94c5a50ca

SHA256
e20913ca4045fa7c70890c597464e7a06a5dab49803df72365aaa5ff258b47d6

SHA512
c23f30f65c6790db45f6ba7b6b29147836c5977e349b8b2c1aaa0d5ae3279d169d3ae10cbbb951907e7fc2265f444eef1bfd55257e7a8949a410e1b7a73963b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
331aacc0d490b76bb790a4564c26e09b

SHA1
21613fe686e4b72e0ecd470335bd80c8e8c6deef

SHA256
b317d151f682525cf2cf8b92dc6fa02407fea90f3b78072b01662fda85b61512

SHA512
e5b29e3b0cdee60f5eb15ff96b9545db2b89bc53f94114948c3a053f7ceb75fc0b4593edfbbdfb0bbc460f25280ad1d4c286998b3aaa89ba0b4c9a0c2cf4381c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
7aed3c703f00750e121d8726f2a12448

SHA1
0cbb7ad38faf48bf4e24ba43558eb39de6a0d602

SHA256
d2ba1fc1ecd6721c8be5ec1eb7d86007fef946d88115cec7961e88926635f9a3

SHA512
71aa7602064c70dbbe61ea17b7eb832ad7b8eee5cbbdef58883a94d4ecb7b81397e4a02878be70136ac7d050522fb2e07a185bf614d44d3e7f7f1084338fe607

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
956625e5fb53a329a88b71fcdc191fe9

SHA1
e3915f20d772607f4f2fd19b3003724c9d41373a

SHA256
cdd531635b3738511acde9148c13117830e973c759173ca3ffce83d61b2a3167

SHA512
6de597aa97179d3bc6ef3b59a3b811423b9875e626792eae20b3a846452b87452776109baaa74dd0128f2215d14b32db6c8c15a44da3787070d971c0cd72690c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
932be328f1d15038e3bede89ed65cd0f

SHA1
c4c7c3313546b11d0ec449268fb56134b8a5a834

SHA256
70263350c1f0a90f1dda9baf36d0879e307640bbe62a114eb8608c15cc3a136e

SHA512
68a929258a4b3ba512ced4659ccaafe8222ffcdcb0a951a47b53550486ff2350f11bc243a31f3fd684ba55067ec2002b3d3d21e42e390bae4e0dd81c061fa08c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
a40bee3219bd5f1ac7d56a84fad3bd1d

SHA1
03015e6c4d33ff6045308f21d33567520aa4386c

SHA256
0afd32858f0c97f7b7727104a8453422ba13f10259196973998c2c83dec62a75

SHA512
78851dc0637db1d6db4a97600412450a769dc4263c6bad13f92bc0d352fdcf6f08feb23b85597847dd4a68b2726fbd03406ea514c880da4ef7a0b913448805db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
c54a695613c10a8c2794a8be2a2bafab

SHA1
01b65b84f48ac43a90d89ec408e848c1a1a706e6

SHA256
a55eb21b3c2848a0674a67b7920f48e8b3d681411caaed6120737297a805f554

SHA512
800e0a8de9ba1b901bbed8f5c111704a3226b0cd69ee1eea81fff35ec632893dec197f63b668f5ada889786cdcffd471aece4136eec64fbcbb671de525d26388

Download Submit
memory/2108-0-0x0000000074AC1000-0x0000000074AC2000-memory.dmp

Filesize
4KB

Download
memory/2108-17-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2108-2-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2108-1-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download
memory/2324-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-12-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-106-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-3-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-19-0x0000000010410000-0x0000000010475000-memory.dmp

Filesize
404KB

Download
memory/2324-23-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/2324-13-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2324-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-322-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-15-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-6-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2324-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2944-37-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2944-30-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2944-24-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2944-39-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads