locky_lukitus | 3b165affc00609b754497f45e6ec40288a8ad50cd4c58ec30f806a0354824fb0

Analysis

max time kernel
133s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe
Size

615KB
MD5

e9ee6a2d73bb09393df9f62940a318d3
SHA1

2a31c821a51e90eddbb2f3d2d65259486bb2055f
SHA256

3b165affc00609b754497f45e6ec40288a8ad50cd4c58ec30f806a0354824fb0
SHA512

c2d94b631e6cfed6f482f72f6178568d8128c5e5088eb03e7381f79ce28680a4688d192143c2447afe53d7cfb12a0d11eff5ce595d9ad045cdc14a9f588179dd
SSDEEP

12288:fBRpTaQix0qCZhbxO5MfcdGms4jORsTXFhygaoRAIjMo/8H4fR:fVTaHxC1U5Td9jYshhn5RvwQ8Y5

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus

Deletes itself 1 IoCs

pid	Process
564	cmd.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\WallpaperStyle = "0"	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\TileWallpaper = "0"	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F409E21-75FE-11EF-87F4-7694D31B45CA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2648	iexplore.exe
2800	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2648	iexplore.exe
2648	iexplore.exe
1060	IEXPLORE.EXE
1060	IEXPLORE.EXE

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2648	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	32
PID 2112 wrote to memory of 2648	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	32
PID 2112 wrote to memory of 2648	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	32
PID 2112 wrote to memory of 2648	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	32
PID 2648 wrote to memory of 1060	2648	iexplore.exe	34
PID 2648 wrote to memory of 1060	2648	iexplore.exe	34
PID 2648 wrote to memory of 1060	2648	iexplore.exe	34
PID 2648 wrote to memory of 1060	2648	iexplore.exe	34
PID 2112 wrote to memory of 564	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	35
PID 2112 wrote to memory of 564	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	35
PID 2112 wrote to memory of 564	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	35
PID 2112 wrote to memory of 564	2112	e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe	35

C:\Users\Admin\AppData\Local\Temp\e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1060
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:564

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a0e55ce30354d2426e53b2e56636d66

SHA1
ef48875943f9f660681b74a916e252622264f49c

SHA256
a172e55c99048f2899eb6af6eeb3c99278b9c1bc7360c3670a02d192f1d572d0

SHA512
ea5967d37d5bb1215e739a6a07ae13e2c0f82c971eeba1a49b2dd1fbc34547a57c0c69295079ede913388128adf81a44d1499c251b5d4e5f8f0f915b35870c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e819ad523deba824d4315d04afe79fe

SHA1
39d4388cabf602aae34af0977c7c02fc6148d383

SHA256
96a215ec989da2ffc86ce30cb3e53f8159507c29619bee09249eb99f9a8e6b78

SHA512
7dfe590817c342e1f71b65c19e9e2931f2e7b06bb7f74f83617a9a34d5d0f4cac21b63ea3a3459dbc85c14fe4e9af947e42d6ca3793adc1170d77f38dd2ecd5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92f27fda2136518afa3cf94f35d918f4

SHA1
c8a0f9f9bd3ea99ba48be76421aafb801a633054

SHA256
76f85389e434b9a4f1d4cccbb92cdd07f62e383db2ad4aeb301cfb79b172d08c

SHA512
0762b50d6d71dfd1b574039cb6fe84c943252a0b563003bae892793b0d6e37d2cc0a18213a13ea482308896e9fc7503e267386e83a4665b8444da77dc61ddc01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
322cdd1c60f18d0d66fe373ef19b31e7

SHA1
06bd2411256fd2dfd0dd7059c166cdb821d88f44

SHA256
42bc6a049b53967e6ca0dfb39b0fb87f1be5384a690b55a93f917de94a20f4f9

SHA512
afd561c65ad6f8d1eba93749a19c8abedd194e7eb214878ecd011ba6e6469528d4a86afc6fa6247f0e13c9940cdb906ecdb0c30bd6b76ce06806044d54ff496e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4139c26c12ee1a7c3fb5f27075b4ad37

SHA1
c549b07f32e1d05ba4897eaf58486781d148ec82

SHA256
1a524bdfa537a61cdc47ab6439a441fbf13269cb091b55de1bac89ceec35c17e

SHA512
b3a9711ef7e79badfc9cade42a4e27692118310c2c3cccbd670eaff21baba7266cfc886a023dfb04eeab3b312e8fa2cd440f52b23251f0cf831302597f260dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a53194f581050e0025cd7ba50bbe4d4

SHA1
24bc21944ecda3d7c32252d3eb783538f552bd6a

SHA256
60e06d64e1f7e0226aac4da4828b85f363d8e6a77ca362a6d6f43f0b268d2d6d

SHA512
920f9e80c21bc5ffeebf6296513071bad4e6a098075bfadf433a2c78ec666543d24412903386083dc82544f9a1a868d129a8be2f1f22e4669b587fbab4c34dc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25d3729fe494e2b5262bd746829e82c2

SHA1
8109b19b30361942ad35d734b50d77ccaebd8143

SHA256
308a16e65977c2aaedf4ce466145ccc10051791e57a8e29be9e28c1675759019

SHA512
10fb8811b6f32578876f67537233f525ad7f22dc99ee058bfb63bc81f712d5c445c6ccf93c22bdb36569f6c020b2609400d346e0bfc25cec0055b5f426537f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d229e4c55d8873ede311940081082f16

SHA1
2050858d5606bdab7822cbbcb22840b2fd87e043

SHA256
aca8b238e4e6fd987cc07b3b1679320e321f70e8e648451a973fc7be0e15bdaa

SHA512
d7a23bf661e562880eebf8a8fac7e94629f3a6ff25096bf816b244f8f619611735d530a576fe4b94cf1e1abee313ef1726b7a936cab0414124e2e3ac9505d724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6f9eef119bfd44f75f12ef7e7913d09

SHA1
578264d172daea43f3864aabd25ab145cf209c99

SHA256
2737999e02819684c918aeccd7607e645a0b59174900b1063991d601df410040

SHA512
4d23a25083ad02489da9e02cc2e984d32346a32540e6d1f58ffcec1de6eeb0b6e4e4a0316ac6a636fc82d33130d98a309d3c6f3217d33b95fab8512a7725f7a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4e21d3e2ca1dcf97a59a274392b39aa

SHA1
dc9671b29d055e69c0377d3d043ffec02c24c6f3

SHA256
b170cd6728d9a72f083d577da62dd7048d948180297513a00566d7fd62aebc8a

SHA512
e00827fc99902c02f56be3aadc9d446c024a47b02f4d7277a317f96dcbc9a1dc9ccd951fd14f44f9a2934dfe941e35ca20c57e2908550d5a2805b3b6d52e4438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c428c67eb021e2b122f9c692e2f1302

SHA1
b8fda1da3a7e0190160882e647f8688e83bb09f6

SHA256
83e35a797f1643102a1651f5de7e483a6e64f0fa1064428b037f8d301bfbe123

SHA512
ae0245a59e218f9a5a37d1e70b0319acd48cb021e69971ed9b5e8186fee9028998933fa727fdfe081853607f936929f235003a517b5c8b90f32a5bd510b6d054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75287bef07ec82d9bf0464459be7f8ed

SHA1
67b4dddc0467ee14f99b26b4da16647fce9514ab

SHA256
9a9e5c748a35b23f181f624fe3c996d596ae7223ac00d557d591e3a3a93b2aec

SHA512
d62a5ba12250584fcbfe7d7e347f15c9b43d46a0393193fcccd904b583f5ea95b5589efc60a5e0d28a17da8bdf9dc84c85ea2502723cd1adcccaba28ed9fa9e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
001718e3e4dbb327b8c2399c265b2cd7

SHA1
85c28f50f17649f6f4a89871b7b53076f58ec169

SHA256
d482cfc6dda89f3e9d20c3b88cf8f2c46a437913c24fc28f66616ab3c287300b

SHA512
fa7eed1f01d26301acc1db785976b23773a77d3d5e721994d0209d7f6122d644e1c64dd0e81ead112b5392d4f90d023b4614b086817eb7814b68686866704092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab845E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar850E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp

Filesize
3.3MB

MD5
edd9e48f63666040eca67580531015d3

SHA1
9a6711ebd88ded3d8fa382bd92040f07e11daca2

SHA256
f756a1e2c40f840989bfbc6ca2670dfdd94f5ee22f8082273968a8c49efcf89c

SHA512
8624654811131f1cf27431cdfacf5889b0c96704be617dbc1031655d3e8fc166bf1114d8d4622786399c64fb9ab2b96e948fdba606a5fcb1c4bfe6fcd32a205e

Download Submit
C:\lukitus-edaf.htm

Filesize
8KB

MD5
9eee93b7181d8f93299d66aaf9b39d86

SHA1
4c69894b4a5342ffca560bc801d17c83b48ae332

SHA256
9363d5bdd49ccd2d5c4516d2dd2c66c23a7b2a7b09d16eb685a812b6272c9838

SHA512
f0caf41565f6723b88431efac48870015695c67df74fa6402c5187f1d08a56d5e45b4d36b2b3cf364bc6745251cd2c9ee5b91b2fccc070646a927654887cf80c

Download Submit
memory/2112-7-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-6-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-0-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2112-262-0x00000000026E0000-0x00000000026E2000-memory.dmp

Filesize
8KB

Download
memory/2112-257-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-266-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-8-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-2-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-1-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2112-4-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2112-3-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2800-264-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2800-263-0x00000000001A0000-0x00000000001A2000-memory.dmp

Filesize
8KB

Download
memory/2800-697-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads