0fdabfe9c16935308a1a81b43988597bfcb4b39a70bfbffb26ae197abff5977b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c521414bfdd0f8a58cd27419ece93390N.exe
Size

318KB
MD5

c521414bfdd0f8a58cd27419ece93390
SHA1

6adb6923a62a1b5a2ee705c6b8991b4b4db9c76a
SHA256

0fdabfe9c16935308a1a81b43988597bfcb4b39a70bfbffb26ae197abff5977b
SHA512

6314e227b6d1bd88359cf86a0569dbe9b2f1abb64497de2bf48fecf85d8b68bc70bdcada94224ee754939cd2d1a959ca6f80f8d8a2eb06e2b706c13378734e02
SSDEEP

6144:EO8OL/FRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:P8ORO4wFHoS04wFHoSrZx8

Score

10^/10

discovery persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	c521414bfdd0f8a58cd27419ece93390N.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kjhcag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kfaalh32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kfaalh32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kmkihbho.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kmkihbho.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Llpfjomf.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	c521414bfdd0f8a58cd27419ece93390N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kjhcag32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Koflgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Koflgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Llpfjomf.exe

Executes dropped EXE 6 IoCs

pid	Process
2692	Kjhcag32.exe
2968	Koflgf32.exe
2832	Kfaalh32.exe
2608	Kmkihbho.exe
2636	Llpfjomf.exe
1484	Lbjofi32.exe

Loads dropped DLL 16 IoCs

pid	Process
2948	c521414bfdd0f8a58cd27419ece93390N.exe
2948	c521414bfdd0f8a58cd27419ece93390N.exe
2692	Kjhcag32.exe
2692	Kjhcag32.exe
2968	Koflgf32.exe
2968	Koflgf32.exe
2832	Kfaalh32.exe
2832	Kfaalh32.exe
2608	Kmkihbho.exe
2608	Kmkihbho.exe
2636	Llpfjomf.exe
2636	Llpfjomf.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Kjhcag32.exe	c521414bfdd0f8a58cd27419ece93390N.exe
File created	C:\Windows\SysWOW64\Llpfjomf.exe	Kmkihbho.exe
File created	C:\Windows\SysWOW64\Koflgf32.exe	Kjhcag32.exe
File created	C:\Windows\SysWOW64\Pehbqi32.dll	Kjhcag32.exe
File opened for modification	C:\Windows\SysWOW64\Kmkihbho.exe	Kfaalh32.exe
File created	C:\Windows\SysWOW64\Phblkn32.dll	Koflgf32.exe
File created	C:\Windows\SysWOW64\Kmkihbho.exe	Kfaalh32.exe
File created	C:\Windows\SysWOW64\Bccjfi32.dll	Kmkihbho.exe
File opened for modification	C:\Windows\SysWOW64\Lbjofi32.exe	Llpfjomf.exe
File opened for modification	C:\Windows\SysWOW64\Kjhcag32.exe	c521414bfdd0f8a58cd27419ece93390N.exe
File created	C:\Windows\SysWOW64\Kfaalh32.exe	Koflgf32.exe
File opened for modification	C:\Windows\SysWOW64\Kfaalh32.exe	Koflgf32.exe
File opened for modification	C:\Windows\SysWOW64\Llpfjomf.exe	Kmkihbho.exe
File created	C:\Windows\SysWOW64\Lbjofi32.exe	Llpfjomf.exe
File created	C:\Windows\SysWOW64\Ipafocdg.dll	Llpfjomf.exe
File created	C:\Windows\SysWOW64\Gpcafifg.dll	c521414bfdd0f8a58cd27419ece93390N.exe
File opened for modification	C:\Windows\SysWOW64\Koflgf32.exe	Kjhcag32.exe
File created	C:\Windows\SysWOW64\Canhhi32.dll	Kfaalh32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	1484	WerFault.exe	35

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kjhcag32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Koflgf32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kfaalh32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kmkihbho.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Llpfjomf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lbjofi32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c521414bfdd0f8a58cd27419ece93390N.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Koflgf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kfaalh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kfaalh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	c521414bfdd0f8a58cd27419ece93390N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	c521414bfdd0f8a58cd27419ece93390N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kjhcag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kjhcag32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Koflgf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Llpfjomf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	c521414bfdd0f8a58cd27419ece93390N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	c521414bfdd0f8a58cd27419ece93390N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kmkihbho.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ipafocdg.dll"	Llpfjomf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Llpfjomf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gpcafifg.dll"	c521414bfdd0f8a58cd27419ece93390N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pehbqi32.dll"	Kjhcag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Phblkn32.dll"	Koflgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Canhhi32.dll"	Kfaalh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kmkihbho.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	c521414bfdd0f8a58cd27419ece93390N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bccjfi32.dll"	Kmkihbho.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2692	2948	c521414bfdd0f8a58cd27419ece93390N.exe	30
PID 2948 wrote to memory of 2692	2948	c521414bfdd0f8a58cd27419ece93390N.exe	30
PID 2948 wrote to memory of 2692	2948	c521414bfdd0f8a58cd27419ece93390N.exe	30
PID 2948 wrote to memory of 2692	2948	c521414bfdd0f8a58cd27419ece93390N.exe	30
PID 2692 wrote to memory of 2968	2692	Kjhcag32.exe	31
PID 2692 wrote to memory of 2968	2692	Kjhcag32.exe	31
PID 2692 wrote to memory of 2968	2692	Kjhcag32.exe	31
PID 2692 wrote to memory of 2968	2692	Kjhcag32.exe	31
PID 2968 wrote to memory of 2832	2968	Koflgf32.exe	32
PID 2968 wrote to memory of 2832	2968	Koflgf32.exe	32
PID 2968 wrote to memory of 2832	2968	Koflgf32.exe	32
PID 2968 wrote to memory of 2832	2968	Koflgf32.exe	32
PID 2832 wrote to memory of 2608	2832	Kfaalh32.exe	33
PID 2832 wrote to memory of 2608	2832	Kfaalh32.exe	33
PID 2832 wrote to memory of 2608	2832	Kfaalh32.exe	33
PID 2832 wrote to memory of 2608	2832	Kfaalh32.exe	33
PID 2608 wrote to memory of 2636	2608	Kmkihbho.exe	34
PID 2608 wrote to memory of 2636	2608	Kmkihbho.exe	34
PID 2608 wrote to memory of 2636	2608	Kmkihbho.exe	34
PID 2608 wrote to memory of 2636	2608	Kmkihbho.exe	34
PID 2636 wrote to memory of 1484	2636	Llpfjomf.exe	35
PID 2636 wrote to memory of 1484	2636	Llpfjomf.exe	35
PID 2636 wrote to memory of 1484	2636	Llpfjomf.exe	35
PID 2636 wrote to memory of 1484	2636	Llpfjomf.exe	35
PID 1484 wrote to memory of 2184	1484	Lbjofi32.exe	36
PID 1484 wrote to memory of 2184	1484	Lbjofi32.exe	36
PID 1484 wrote to memory of 2184	1484	Lbjofi32.exe	36
PID 1484 wrote to memory of 2184	1484	Lbjofi32.exe	36

C:\Users\Admin\AppData\Local\Temp\c521414bfdd0f8a58cd27419ece93390N.exe
"C:\Users\Admin\AppData\Local\Temp\c521414bfdd0f8a58cd27419ece93390N.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\Kjhcag32.exe
  C:\Windows\system32\Kjhcag32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Windows\SysWOW64\Koflgf32.exe
    C:\Windows\system32\Koflgf32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Windows\SysWOW64\Kfaalh32.exe
      C:\Windows\system32\Kfaalh32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Windows\SysWOW64\Kmkihbho.exe
        
        C:\Windows\system32\Kmkihbho.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - C:\Windows\SysWOW64\Llpfjomf.exe
        
        C:\Windows\system32\Llpfjomf.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        C:\Windows\SysWOW64\Lbjofi32.exe
        
        C:\Windows\system32\Lbjofi32.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 140
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Llpfjomf.exe

Filesize
318KB

MD5
d4af5dc4e9218bf7b89ecdb9b4d701fc

SHA1
1946f16b50a4725edcfd6a9bd5bbd8b57aaf1f26

SHA256
9ad33201a9d91ee463c1e1a2030d41b0b5be41efd785343ee3bb551bec70ec6e

SHA512
e2a8f14f222772d71f143389565f91065b84d2e7090214866b9003d5def77da195525243a1e8c0726133c9c224ce16c0803f3a3c315a352ed67b72e59f0ba412

Download Submit
\Windows\SysWOW64\Kfaalh32.exe

Filesize
318KB

MD5
19867468f98abc007ede0150aac2b457

SHA1
84ede4a5013ad4a996a888faf5dffed677c0dcb1

SHA256
687c7d6013611f7c06574922eec00fc42f98ae5921306d6b982907c0d928e3a9

SHA512
a1c458d671d32ee3867aa6255eab38b2c204d7e75235d6a24bf3ecbdded3d5cf0804d4e2b0a3719a426103c6d93cf6b9950f03bb67944dc73e935463ca990e00

Download Submit
\Windows\SysWOW64\Kjhcag32.exe

Filesize
318KB

MD5
4d660108341186740ac01ebfe2126ed1

SHA1
ac82eff20100e03a953882a595ac947929852582

SHA256
47654be9c90966bdd2a70aa62e25242526195c71657d7fc458f9f52ca39c873f

SHA512
895c5652688f34e89cf2a995e6931905276fe336ad5bd7e2f28977dbec40670ba6d453d1cbf518363073a46e262fbb27b6b658d36e147548237343d647c4d80b

Download Submit
\Windows\SysWOW64\Kmkihbho.exe

Filesize
318KB

MD5
7326ec7e7c0c718f2e137395fa86d251

SHA1
f7401f2fc6b3c8d522876cb759f7efbc655089f6

SHA256
e21ff4c56081c7641120b54b8e56b0b8c5bb60628d0cc655995372d8b1626bea

SHA512
fe03d9e3ed0be9bc3b49178a73218513a0357fa3b6f65396d7c94834cc97bbef8336f90c18ed4644ba4d9c1cab9be04d37c75d10fc48825eae16f290b317aa4f

Download Submit
\Windows\SysWOW64\Koflgf32.exe

Filesize
318KB

MD5
c9b444e41edfd9fcd7202c9de0943a0d

SHA1
fd1aba8464553b707b3959c0a5ce9940efcafc99

SHA256
c7a86ac929a6d08ac7c341208cb65ea4bc007746173235d422a31f99b4bf5f1e

SHA512
aaef893d5a33ebe9fe3f50d07b4a699614e7e7ebf01b8b22d8de43b1ff6a0ae622c80d3409b43a5f34a5b12af9e1e853cca8f28f35af3996ff0b8fc44dfca845

Download Submit
\Windows\SysWOW64\Lbjofi32.exe

Filesize
318KB

MD5
7e54f070468e3f08a7a8f07d1be097c1

SHA1
b5ce95968adaa2809ef77c78af9907df607700cf

SHA256
fa3288883dabdde634466e7b0306be7cdcb87a2420033d87b2ed4a4778dcdad4

SHA512
7353e11f151261533120fe7d206a45dd1cbfbda59c37be924f4a10349f24cd9ff0aac7675cfa3e9aa494b8de16972cfa2876e60ddbef95b2ab1d7536d473ec42

Download Submit
memory/2608-58-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2608-112-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2608-67-0x00000000002F0000-0x0000000000369000-memory.dmp

Filesize
484KB

Download
memory/2636-114-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2636-75-0x0000000000250000-0x00000000002C9000-memory.dmp

Filesize
484KB

Download
memory/2692-103-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2692-14-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2692-32-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/2832-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2832-107-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2948-13-0x00000000002E0000-0x0000000000359000-memory.dmp

Filesize
484KB

Download
memory/2948-12-0x00000000002E0000-0x0000000000359000-memory.dmp

Filesize
484KB

Download
memory/2948-101-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2948-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2968-105-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2968-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads