32e74e6d88bf308944129a4f63f84305cc398e47a14d34e70d52f620ebec0ea5

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 11:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aacced00d1af27e0ceeb370feb3f15e0N.exe
Size

104KB
MD5

aacced00d1af27e0ceeb370feb3f15e0
SHA1

d4799418d87b56e209d4aa9d56620e065bdb4f30
SHA256

32e74e6d88bf308944129a4f63f84305cc398e47a14d34e70d52f620ebec0ea5
SHA512

0817b61d26ea6b984f5df1e288f46036544b81d2837753118de35de728fce43b5cdcb43b5faa27401a13ab30f72ed7ac748fdda72bfe37ba028a6d97a8983a37
SSDEEP

3072:BwyyD0Wsw1b1sV2Mm1/qUse5Ux7cEGrhkngpDvchkqbAIQS:qyyQopu2/qy5Ux4brq2Ahn

Score

10^/10

discovery persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Khnapkjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	Khnapkjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	Lmmfnb32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	aacced00d1af27e0ceeb370feb3f15e0N.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kpgionie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	Kpgionie.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kageia32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	Kageia32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kgcnahoo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	Kgcnahoo.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lmmfnb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}"	aacced00d1af27e0ceeb370feb3f15e0N.exe

Executes dropped EXE 6 IoCs

pid	Process
2552	Kpgionie.exe
2676	Khnapkjg.exe
2592	Kageia32.exe
2872	Kgcnahoo.exe
2460	Lmmfnb32.exe
3020	Lbjofi32.exe

Loads dropped DLL 16 IoCs

pid	Process
3004	aacced00d1af27e0ceeb370feb3f15e0N.exe
3004	aacced00d1af27e0ceeb370feb3f15e0N.exe
2552	Kpgionie.exe
2552	Kpgionie.exe
2676	Khnapkjg.exe
2676	Khnapkjg.exe
2592	Kageia32.exe
2592	Kageia32.exe
2872	Kgcnahoo.exe
2872	Kgcnahoo.exe
2460	Lmmfnb32.exe
2460	Lmmfnb32.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Khnapkjg.exe	Kpgionie.exe
File created	C:\Windows\SysWOW64\Jlflfm32.dll	Khnapkjg.exe
File opened for modification	C:\Windows\SysWOW64\Kgcnahoo.exe	Kageia32.exe
File created	C:\Windows\SysWOW64\Kpgionie.exe	aacced00d1af27e0ceeb370feb3f15e0N.exe
File opened for modification	C:\Windows\SysWOW64\Khnapkjg.exe	Kpgionie.exe
File created	C:\Windows\SysWOW64\Kageia32.exe	Khnapkjg.exe
File opened for modification	C:\Windows\SysWOW64\Kageia32.exe	Khnapkjg.exe
File opened for modification	C:\Windows\SysWOW64\Lmmfnb32.exe	Kgcnahoo.exe
File created	C:\Windows\SysWOW64\Lbjofi32.exe	Lmmfnb32.exe
File created	C:\Windows\SysWOW64\Jbdhhp32.dll	aacced00d1af27e0ceeb370feb3f15e0N.exe
File created	C:\Windows\SysWOW64\Jkbcekmn.dll	Kpgionie.exe
File created	C:\Windows\SysWOW64\Kgcnahoo.exe	Kageia32.exe
File created	C:\Windows\SysWOW64\Lmmfnb32.exe	Kgcnahoo.exe
File created	C:\Windows\SysWOW64\Pigckoki.dll	Kgcnahoo.exe
File created	C:\Windows\SysWOW64\Ipafocdg.dll	Lmmfnb32.exe
File opened for modification	C:\Windows\SysWOW64\Kpgionie.exe	aacced00d1af27e0ceeb370feb3f15e0N.exe
File opened for modification	C:\Windows\SysWOW64\Lbjofi32.exe	Lmmfnb32.exe
File created	C:\Windows\SysWOW64\Pgodelnq.dll	Kageia32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2992	3020	WerFault.exe	35

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Khnapkjg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kageia32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kgcnahoo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lmmfnb32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lbjofi32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aacced00d1af27e0ceeb370feb3f15e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kpgionie.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}	aacced00d1af27e0ceeb370feb3f15e0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	Kpgionie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	Kpgionie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	Kgcnahoo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	Kageia32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pgodelnq.dll"	Kageia32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	Kageia32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	Lmmfnb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	aacced00d1af27e0ceeb370feb3f15e0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	aacced00d1af27e0ceeb370feb3f15e0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	Khnapkjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jlflfm32.dll"	Khnapkjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ipafocdg.dll"	Lmmfnb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	Lmmfnb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pigckoki.dll"	Kgcnahoo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment"	Khnapkjg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	Kgcnahoo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32	aacced00d1af27e0ceeb370feb3f15e0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	aacced00d1af27e0ceeb370feb3f15e0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jbdhhp32.dll"	aacced00d1af27e0ceeb370feb3f15e0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jkbcekmn.dll"	Kpgionie.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2552	3004	aacced00d1af27e0ceeb370feb3f15e0N.exe	30
PID 3004 wrote to memory of 2552	3004	aacced00d1af27e0ceeb370feb3f15e0N.exe	30
PID 3004 wrote to memory of 2552	3004	aacced00d1af27e0ceeb370feb3f15e0N.exe	30
PID 3004 wrote to memory of 2552	3004	aacced00d1af27e0ceeb370feb3f15e0N.exe	30
PID 2552 wrote to memory of 2676	2552	Kpgionie.exe	31
PID 2552 wrote to memory of 2676	2552	Kpgionie.exe	31
PID 2552 wrote to memory of 2676	2552	Kpgionie.exe	31
PID 2552 wrote to memory of 2676	2552	Kpgionie.exe	31
PID 2676 wrote to memory of 2592	2676	Khnapkjg.exe	32
PID 2676 wrote to memory of 2592	2676	Khnapkjg.exe	32
PID 2676 wrote to memory of 2592	2676	Khnapkjg.exe	32
PID 2676 wrote to memory of 2592	2676	Khnapkjg.exe	32
PID 2592 wrote to memory of 2872	2592	Kageia32.exe	33
PID 2592 wrote to memory of 2872	2592	Kageia32.exe	33
PID 2592 wrote to memory of 2872	2592	Kageia32.exe	33
PID 2592 wrote to memory of 2872	2592	Kageia32.exe	33
PID 2872 wrote to memory of 2460	2872	Kgcnahoo.exe	34
PID 2872 wrote to memory of 2460	2872	Kgcnahoo.exe	34
PID 2872 wrote to memory of 2460	2872	Kgcnahoo.exe	34
PID 2872 wrote to memory of 2460	2872	Kgcnahoo.exe	34
PID 2460 wrote to memory of 3020	2460	Lmmfnb32.exe	35
PID 2460 wrote to memory of 3020	2460	Lmmfnb32.exe	35
PID 2460 wrote to memory of 3020	2460	Lmmfnb32.exe	35
PID 2460 wrote to memory of 3020	2460	Lmmfnb32.exe	35
PID 3020 wrote to memory of 2992	3020	Lbjofi32.exe	36
PID 3020 wrote to memory of 2992	3020	Lbjofi32.exe	36
PID 3020 wrote to memory of 2992	3020	Lbjofi32.exe	36
PID 3020 wrote to memory of 2992	3020	Lbjofi32.exe	36

C:\Users\Admin\AppData\Local\Temp\aacced00d1af27e0ceeb370feb3f15e0N.exe
"C:\Users\Admin\AppData\Local\Temp\aacced00d1af27e0ceeb370feb3f15e0N.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\Kpgionie.exe
  C:\Windows\system32\Kpgionie.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\SysWOW64\Khnapkjg.exe
    C:\Windows\system32\Khnapkjg.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Windows\SysWOW64\Kageia32.exe
      C:\Windows\system32\Kageia32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Windows\SysWOW64\Kgcnahoo.exe
        
        C:\Windows\system32\Kgcnahoo.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2872
      - C:\Windows\SysWOW64\Lmmfnb32.exe
        
        C:\Windows\system32\Lmmfnb32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2460
        
        C:\Windows\SysWOW64\Lbjofi32.exe
        
        C:\Windows\system32\Lbjofi32.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 140
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Khnapkjg.exe

Filesize
104KB

MD5
3e809f92cebb737a232212706326c43a

SHA1
8bb3ac96589c78023cc4232d228d194119932e20

SHA256
4062daa7bb6eb2957706da892a5fb7b6904e681d48892771c952d9b79a4d56bf

SHA512
60ab10c4941b9a2636bfb3e4c71e386ee6361dd819311f1507755aad033ccf00bb48a13c348ffdf5831bc7aa6e22c5be5d6a6dfadd169746962226fa79b491ab

Download Submit
C:\Windows\SysWOW64\Kpgionie.exe

Filesize
104KB

MD5
2ffb8f9e5c82aea416e9b97898902d48

SHA1
60d5cc66e73ed1341ad08d42c2d42d5c4b982e2a

SHA256
787d1db8d4e5a750a1abcc790453a4beb5b6c548c8674f605ca31a1cc2bf9cab

SHA512
809701b11e0e32068dfde806840d8cb426733983f40163bf5377207592319585d2d4ce8a445522a9e03e8ab1fee67b9a6f02cf1c09c4ed789f0c169c20699770

Download Submit
C:\Windows\SysWOW64\Pigckoki.dll

Filesize
7KB

MD5
2971088f12cb0030686b4cbad6d3b689

SHA1
288176f632d0a31627cde9b0ddfe8b92d3a0de27

SHA256
8dc1eeddd4bdf7fb00b2d0a28c796ef36c894a0c9479ec4a2cb9652bc72174ee

SHA512
05ad87591b772131a8248379c6718a38bfa88f7464a2bcdd9b1d37e3ec6474ecb3a01a34f380c3840aa748088eba4e6c9ba405017baccc672e5f9a3c78a1a2b2

Download Submit
\Windows\SysWOW64\Kageia32.exe

Filesize
104KB

MD5
155047dc2fb44408061d9e7e1509cfda

SHA1
6399396e2355af88b012483d810f1b6f59219c42

SHA256
eed343de4a9b800402b830431a47c2c6ea0b1da2637aa42fc469c910c3669501

SHA512
5e3dce6f3e5539f79607bfb6c812bbcc262fa17da2d45545a596a3232dfd3a2729599d31d3cee4dcb1848e622d91a99e8f95f3832d6d1a9a825ed70dba3d74fd

Download Submit
\Windows\SysWOW64\Kgcnahoo.exe

Filesize
104KB

MD5
fabf1cbb00565410b179fac23a40e825

SHA1
969b0b4c89567125bbe881ec89f79ab551766b63

SHA256
ae00c511311d48590b43c47e0b298dcf9dff047f60728f47f61638b626106e6c

SHA512
38aa1d7573954f7e8ad4d0d10b670e5c805e82f621fc60ce2272453ded64b423861dfb7108d141d3ccad3af409f88cd65f6f1b49bb156c2301d285c9403b1131

Download Submit
\Windows\SysWOW64\Lbjofi32.exe

Filesize
104KB

MD5
f56233d7d2cd72624c9016812f88f0a5

SHA1
073711f069409f386b7833b218e7145339a1f34d

SHA256
774d29f95a3ddb2c786249ce323131d6efc88224b01389f5503fa1ef25e220a0

SHA512
de8d07f77b299ae6da36998a078b6a835614a4ee1437804ec370ac35480730139854adc596956c43a8a2c5edd39066584c13b6fa8043acc4c8d57728694c9e4a

Download Submit
\Windows\SysWOW64\Lmmfnb32.exe

Filesize
104KB

MD5
8088f6e579c07a190e2d7f34b68b074f

SHA1
a76e4eebd4021d05f36781f80ad825f26bf0f01a

SHA256
b5567c24499e8bb51842703eb5094b877c9b971526effebcd52676b737445f4f

SHA512
ba0d80668760c25a9ad9b80b318f3808c694651649f9d93314ae7a0bcbf43fa4dcc10b594a54e16181689f0bc83da28cfca44fa83f2fa9c234149cb3eafd9742

Download Submit
memory/2460-91-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2460-76-0x00000000002E0000-0x0000000000323000-memory.dmp

Filesize
268KB

Download
memory/2552-87-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2552-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2592-41-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2592-89-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2592-53-0x0000000000290000-0x00000000002D3000-memory.dmp

Filesize
268KB

Download
memory/2676-27-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2676-40-0x0000000000330000-0x0000000000373000-memory.dmp

Filesize
268KB

Download
memory/2676-88-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2872-63-0x0000000000250000-0x0000000000293000-memory.dmp

Filesize
268KB

Download
memory/2872-55-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2872-90-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3004-86-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3004-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3004-12-0x00000000002D0000-0x0000000000313000-memory.dmp

Filesize
268KB

Download
memory/3004-13-0x00000000002D0000-0x0000000000313000-memory.dmp

Filesize
268KB

Download
memory/3020-92-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads