mydoom | 96da703b37824b95fcb27d76207aaa1ce0b4f284cec9e46c6428c85abd51eca1

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
Size

48KB
MD5

be9ceb2dac61c202526045be51ac037b
SHA1

5126c0368dc9f3b9bc0eae496639f18144496b0b
SHA256

96da703b37824b95fcb27d76207aaa1ce0b4f284cec9e46c6428c85abd51eca1
SHA512

803cea81c50fe0e310b4d9c22a97c2227571e320dc1147677a199cf2d37112d6adf1922d7a3b1472d96bda894b4d515d83bc00d763ed7289181ec321962f4687
SSDEEP

768:jv8IRRdsxq1DjJcqOVBLUvTd2wmDkuBgs5vY2HJvqRTkoCmq1UrHI3Gr:DxRTsxq1DjCBBLUrGaeva1CmRrHI3i

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 9 IoCs

resource	yara_rule
behavioral1/memory/2016-17-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-42-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-44-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-65-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-70-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-72-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-77-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-82-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom
behavioral1/memory/2016-247-0x0000000000500000-0x0000000000515000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom

Executes dropped EXE 1 IoCs

pid	Process
2388	services.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2016-0-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2016-4-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx
behavioral1/files/0x000900000001600d-10.dat	upx
behavioral1/memory/2388-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-8-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx
behavioral1/memory/2016-17-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-20-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-33-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-42-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-43-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-44-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-54-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-55.dat	upx
behavioral1/memory/2016-65-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-66-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-70-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-71-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-72-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-73-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-77-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-78-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-82-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-83-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2388-85-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2016-247-0x0000000000500000-0x0000000000515000-memory.dmp	upx
behavioral1/memory/2388-248-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
File created	C:\Windows\java.exe	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2388	2016	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2388	2016	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2388	2016	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2388	2016	be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be9ceb2dac61c202526045be51ac037b_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
907832f0ee50a06a1f0043c66a21558e

SHA1
0f3683c6bc1c5682b3a39be7cf15030dfe5e92b1

SHA256
93b5ea03b71cb3ae2b5273d9384f82ad09611a7f3ec33e7a14feaa2464810f79

SHA512
a8bab02b508b4d7e0d10e9b323be8cccae6fd5ecd5ed2ef754544ba9de63adcbd9e132fbc6c2c305e0ac8a7aa6d2f4731df266f201362df498c936cd5267a3b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83a417ea75928eb9d44f55917806acfa

SHA1
5ef6439a33fd51debb06403dafebf47a4c72091d

SHA256
8222fab6761fe3d0efabb371c125c4cb3b231986cea6497ad01a6a5acf0b9a6a

SHA512
78d63fc03135e2e4acec637eb648b5891976704117d05e7cf69dca2af267c65184b14cc1ad636d54a106cc1acc8cee867ba2f8d7f52830c3b2931ec7c6736e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\search[1].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF4C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gfarw.log

Filesize
1KB

MD5
3de1a754f5433f0f14d65c8b2018adec

SHA1
13772b88f9688bd984bf3b19fa53bf0417916e64

SHA256
d14b4ab1899463a9cd6e19d9ed40cf301a19be7a763216abade36f19eb8951d2

SHA512
3c3726377d588f2f826ae652a05e8f866a9be6fa4a4d387758488635fa934889cb55837cc9abbfc7d2437993bb8ce934f9e5fa66eace5c2c7b5b9750fcad1dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCFBC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpD00D.tmp

Filesize
48KB

MD5
f48c1def27860c72f170cedac5504ac8

SHA1
ad978e821c57a5e0bcae00faa2fb97d4d0dd3ae7

SHA256
04790bc8ef87d0f7f03dec92a0a8efc5d0885efca6603bf60db2ef0ef06399e6

SHA512
4a08e39953cb4c1e12393cf09e77e1c7cdc1bdd0d0358386c3080b7d87820fc22eec386d817f806fd4262b4c2c2b66234fe671a2687154eab0e37d5d47f5646d

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
45547d663b7df074f67a4329017a01de

SHA1
c0a893d9bade822087fbf5235fe10055adf12255

SHA256
5dc90951c6bc6450ca8fef98fdff8e2fa01d4287f605869caf4b494c10755008

SHA512
d0513b79d8b1dd104ae05e927f0b9ea594f801317f5e7e6c8249017ca8adbbc946cd825306149781bfddc30b4300c77ffe5d5d23dca5b23020a61eae03b5bd50

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
12c58ff7ebd78543a9b84f9f8c1527b8

SHA1
c0c5ead646413de4600bb3b9333b0dac337df36a

SHA256
a37e253923a0eb5d3f6c1a9e8fbd2d936a30cdc2eaf21cf12df84e4d4809bca0

SHA512
1014f3ae6eb9ccb085ca2eca5d7208d321aeb694e8a4e23359cbb304fddbabfa03feb6f29890dd0f9422ad6b90c3615176646a6068c5b9ee519c72f98334825d

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2016-17-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-0-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-18-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2016-42-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-72-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-44-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-8-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2016-82-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-247-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-4-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2016-65-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-77-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2016-70-0x0000000000500000-0x0000000000515000-memory.dmp

Filesize
84KB

Download
memory/2388-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-71-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-73-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-66-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-78-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-54-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-83-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-85-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-43-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-33-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-20-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-248-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads