02296e59c7bded7be34de94bd2ccef41b9577b613287058b0e28a90f699e9484

Analysis

max time kernel
115s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbd910cdaa469028b4c87b3095591f85_JaffaCakes118.doc
Size

205KB
MD5

dbd910cdaa469028b4c87b3095591f85
SHA1

5cee489471a7d9e8df93cf07ab4398b8d064cb50
SHA256

02296e59c7bded7be34de94bd2ccef41b9577b613287058b0e28a90f699e9484
SHA512

c623bc31dc303e528ad800ce6941a4d6e0ce597a351c5fe1bbec746421020252bc21b2ffafa7d37ee67bfc0d12d0fc92c82c04c0de24f62f987544774e14e472
SSDEEP

1536:1terT8wKLcCmXwGe1G0piHrTPMy+5J8b1mcYhNWHF9wf0cFOOBRvfTal:1RwycXwGe1GMaammcYOl9wNF7BRvbg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3108	WINWORD.EXE
3108	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeAuditPrivilege	636	EXCEL.EXE
Token: SeAuditPrivilege	1840	EXCEL.EXE
Token: SeAuditPrivilege	4276	EXCEL.EXE

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
3108	WINWORD.EXE
3108	WINWORD.EXE
3108	WINWORD.EXE
3108	WINWORD.EXE
3108	WINWORD.EXE
3108	WINWORD.EXE
3108	WINWORD.EXE
636	EXCEL.EXE
636	EXCEL.EXE
636	EXCEL.EXE
636	EXCEL.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1944	WINWORD.EXE
1840	EXCEL.EXE
1840	EXCEL.EXE
1840	EXCEL.EXE
1840	EXCEL.EXE
4276	EXCEL.EXE
4276	EXCEL.EXE
4276	EXCEL.EXE
4276	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dbd910cdaa469028b4c87b3095591f85_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3108

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:636

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
ac79dcda0dea35dfae3adfbca78dcf88

SHA1
d7839169b79555ba3c28bb63cef06b672e936395

SHA256
09ba21b3d5253b3513003d7f6d2f5459518885638bfc7f59403446f52865eb1b

SHA512
d0e0fe020cac33744d7730e5717fb9583dc838582532344b75098f1b50c86c02a11cbe604dea467db7081ca35eb0646acbcbdc300b9707df12060ff098f2d2a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
2a7292a597beea6221b3d02c5305cd2c

SHA1
1cccbb80c471bd77ccfab83120a4e09784e05d19

SHA256
f0e5812400121b1c1229f86cf48f726e634e6ed4fa7db34c709f32e9f105e1a7

SHA512
0c3dc695c50e44fdd0c8feb87296911918fdc722ce8b5eddcec237007c2ab8e55fc056a2518a496cf90b75db3d22491da8e089ed78712f1bbcd9065516608bf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
cacdb10b894d7bcba2f037376aeb18f2

SHA1
8e6636dddb45ae7f7d97290b982beb405c854d02

SHA256
0f2858eaec6e56f3763d0aee4cd4bb7be464716315055b7702a19c8174204b3a

SHA512
54681443da3b4572a901f6f3ac314fa732d1dcff6060ad4f3a5c755959919318ea1a3895730f5424510f2e36ebd72f0e9d037107ab9ddee54d322300036c7492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
7982276410f46a9880bd1c339322cbaa

SHA1
a8803501a244d22ff70c31fbb46b84fb5b4a91fc

SHA256
cdb4a1a38515234017bd4ad239f9ce954b9dc1d1e8f134d51c26246e6c91575d

SHA512
46d8e91b8b9f59e9c9d46672b963c84b0b291ade320298f8880134e4ba553bec90c22d80d5491d23446eca594b0101ce0e076ea88600a2859a604a29fdb8255a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

Filesize
512KB

MD5
05e3bdad0babde486bb46bc15b7e597e

SHA1
b31918fa60649a34685abca0c13260999bcdac38

SHA256
4745990229012ea70da5c1f1c5df9a77f37da54acb6e53b276dfb012f774f1f5

SHA512
eb8d16770350177eb0515579ed7be481897bd8cb53a3c291ab5001fb2b50f85157dcfc1ca5d41ed0cb2a9742758b26a431ca045cb98ebc93afe287839894415b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1739988B-61DB-4998-BCDF-F34ECF3757DC

Filesize
170KB

MD5
87272461530851bf1921aafe447e2e97

SHA1
f4380d93d5d0d897bc1b8ed632093427a6d255c5

SHA256
acd6f195b2c4ba9c102bc59b7294bd94772314efe700ffebb53d07f15a59afba

SHA512
df69ea26838c44109b502a8ece3a4692b4cfd26ca07bbc761cd83cf784213867e1cd6859fd6097e83094c6d6555caf57d0f02dd5de174d167a8c8230b9131825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
322KB

MD5
aaab46ac900b23961504757d0718d4e8

SHA1
ddbb93f370d3a260b16b2afe555d3fa70ae6f4c5

SHA256
97dc24790886a58d2cad724888edbfc0fec87d22fd6b06c3d3b9129e38760245

SHA512
023a0acd1361b8976ca71f3bd6934ef42ef4d93b815b0824192dab6c2b643eb5e80c37920e7351794099b0a734b2befea53ad5bac7000b8615330d78a5e122a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

Filesize
331KB

MD5
2d72c7fd107986dff9d09acdd4f8255f

SHA1
f60da83ed901faee7352589e46ae5a361a33af2a

SHA256
2bacf273a6b20fab94aec2c3c2fa483a24e62b36070121cd0dfd40ccfdf5be8a

SHA512
063c9a0b595480d50d3c5581d9cd4b15242c32f1ca9d24c72673835a577a8187a398ab214cea86a6c04a8e425fa81591be0369be80c9a1c66128a7672c039f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
10KB

MD5
392f43f8efe8757991d4d2bf079a84f5

SHA1
18d30a1ff03abfdee8caf7a95328fc579b61d7ab

SHA256
03bd03626903057ee10585b4e3ed2dee6b80d87e01f2093ba0f5c885533d40ca

SHA512
30eb623d3afc62a47f22f530da16c16903fa38d3c53a1d667d8ab42d40b2635a17bcb064349aa26a15d43d30403e1526cd1413332c259215f32b2f9dd0f56dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
085ebd119f5fc6b8f63720fac1166ff5

SHA1
af066018aadec31b8e70a124a158736aca897306

SHA256
b8411fe8ec499074fca9047f6983d920279e84ddf3b02b2dd5c08cf07ec44687

SHA512
adb0522830db26123347cb485c43b156f5c888510e52091ba0fafc22b650ad29630c027746c920321905c28259dce7ff63dded93a79efddd5567c68312117875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
33eea2792b9fa42f418d9d609f692007

SHA1
48c3916a14ef2d9609ec4d2887a337b973cf8753

SHA256
8f7807c324626abc2d3504638958c148e2e3f3e212261f078940cf4c5f0c4fbb

SHA512
b2dbfcdf2599c38c966c5ebce714a5cd50e2f8b411555acf9f02b31b9c29b8ab53a9afa9d32bab87a06e08f8b2c7818d600773f659a058c8af81c50be7f09b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
90f5844e13550cd611ebaa5e90a17623

SHA1
ce46c9aa97bf6fa11ce0248f83e3338b28323192

SHA256
6b911785b3c827e12be5c1021fdc35752e5cacdd8f0cb54b8dc6ec4f716d05b9

SHA512
644da291d965e8aae69f2d6c10a8931f8e8959f6df1281723f1dac2fbe1090f88a5bf43e0d65b24ec399f9e7ce10abba1439d5940d710d5df10d15fed895ae75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
30751e7aa77a166dab3183648f832e05

SHA1
f124bc11c541c08a1bb0f2c8f3945c7e54529246

SHA256
13a93e09d04f61835b31b0816d5927f86f96e888f08f0525bdf21fede0543a38

SHA512
c1ab11002eeb99895b694c835ac83add90ac096d6aa29c5316ce400fb4810e36d5f0c7028765828daebb78955fac2e1b813c1b8919be542b82568b473adc7356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
fac6b2f86444679cf7ff92a4c0f5dc13

SHA1
b0f385091ea62c16448143bf773d1f57b54b108a

SHA256
bbb10243905bef3ce071d657bbe454f884cde9a29c59d7f49b96f25398209af1

SHA512
36c3ee83684dcff29de0f34f9a036dd80e3ef1a71d6d5c25cd653221f4a8152dac5966ef3273468752970afe88a5df0184b5600cecd62ba28ab72e056ce3d505

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDF039.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

Filesize
148KB

MD5
74334ad906c44b8523bb8d388706658b

SHA1
9bbdcdbb1a0a6c2b6a6651a1ea447a5d67e4d6e3

SHA256
713e71299562154e9e777f2ea7c427e16bf641333ca55e1697f84f62beaf7bcd

SHA512
48a22c784a9146d9e20c75e8d2a3392c6f326e36e9085e13ba45a1876a09adcfad8c3d445c614fe7aa82affbbabb6412aef0166260fad3624bad0ae4f5991b71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
d175cfa43dd78bf935ddadee2c130769

SHA1
5655f3b0f744c572d75650ee8a75e106e5d984f6

SHA256
29762f37db2e0d859337e4f44eba019d8f3d17ff57a505734acb7a678c7d7fd5

SHA512
4326429ee6816d8d57d5839b379bed3676784f425ca46a4261002742ae3139b0730372644ecf12d285f182c3449ecc8a7ba14ccb45d4d336571baf8c653e6719

Download Submit
memory/636-1467-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/636-1465-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/636-1466-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/636-1468-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/3108-18-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-17-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-21-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-22-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-40-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-16-0x00007FF98ED60000-0x00007FF98ED70000-memory.dmp

Filesize
64KB

Download
memory/3108-15-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-14-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-13-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-12-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-472-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-19-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-3-0x00007FF9D13CD000-0x00007FF9D13CE000-memory.dmp

Filesize
4KB

Download
memory/3108-20-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-1469-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-1476-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-11-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-10-0x00007FF98ED60000-0x00007FF98ED70000-memory.dmp

Filesize
64KB

Download
memory/3108-5-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-9-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-8-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-6-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/3108-7-0x00007FF9D1330000-0x00007FF9D1525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-0-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/3108-1-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/3108-4-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download
memory/3108-2-0x00007FF9913B0000-0x00007FF9913C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads