locky | c1095f01b2e5542745d1414e12974271627f68a67bae730a34fc03b18596cf68

Analysis

max time kernel
138s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
Size

219KB
MD5

f6bc565aa5c1bd4191e4a43ec11b5b83
SHA1

c9b92fc8eac84e2e9919585289402eda34a8afef
SHA256

c1095f01b2e5542745d1414e12974271627f68a67bae730a34fc03b18596cf68
SHA512

9ac37464d666e834b790633d7876e8af0e830951b0a399986df5e8c64c042d581ac2c28fdb7014f21730931e5bb01edd703042994b1546b06f8c02f706150fb8
SSDEEP

6144:Iy9v17kwzgGpl0BrTa0LO00bNcnJTfs4nca:597kNBrTjLH0NcV4a

Score

10^/10

locky defense_evasion discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky

Deletes itself 1 IoCs

pid	Process
2976	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\-INSTRUCTION.bmp"	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2672 set thread context of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\WallpaperStyle = "0"	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\Desktop\TileWallpaper = "0"	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE73DC51-7B76-11EF-A17D-4A174794FC88} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
320	iexplore.exe
2196	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
320	iexplore.exe
320	iexplore.exe
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2672 wrote to memory of 2732	2672	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	30
PID 2732 wrote to memory of 320	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	33
PID 2732 wrote to memory of 320	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	33
PID 2732 wrote to memory of 320	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	33
PID 2732 wrote to memory of 320	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	33
PID 320 wrote to memory of 1332	320	iexplore.exe	34
PID 320 wrote to memory of 1332	320	iexplore.exe	34
PID 320 wrote to memory of 1332	320	iexplore.exe	34
PID 320 wrote to memory of 1332	320	iexplore.exe	34
PID 2732 wrote to memory of 2976	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	36
PID 2732 wrote to memory of 2976	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	36
PID 2732 wrote to memory of 2976	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	36
PID 2732 wrote to memory of 2976	2732	f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\-INSTRUCTION.html
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1332
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\f6bc565aa5c1bd4191e4a43ec11b5b83_JaffaCakes118.exe"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:2976

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\_4-INSTRUCTION.html

Filesize
9KB

MD5
b115c4a4c9d55937b18d8d5eeca5f424

SHA1
596f53a1a04394c0239358bba2e122f36c12a184

SHA256
9b384e30a91a50a6b0b50947ebca76b702063bf0e66794893b8626fc04f7c526

SHA512
2eaaf174e0b8dd4705de5f03ba011bf4214aad5e3be625e83b7d8e04f354e4461fb4397f74a4e92778595eda0aab103b6e5294c91d52d6752ec50465c67daf96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78464084041d8fafc2ad248eab21f6c1

SHA1
4e5109eca5b69e0293b7baf7f09344a7b7dad0cc

SHA256
3aedb65f0df94871f2b511d04d50eadb2d77f8c7040b3edaab060ea7b211b332

SHA512
5b101b4385e16bb5e3b597caa5856fcd8d6726bff4c08644ddbbe15aae782c6c30d33ae82254bf6ae3c028127b89d9feb2077f38e15f85600449fbe3e0b6a484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af95dcd4dfe0cf1e9aad83860344ad66

SHA1
18f0c8994c0e0fdedc394232136d97d402630068

SHA256
febee086d20133bdd310a91ba6377229e240e158b2e2cc8d003b22459b37fecc

SHA512
68981317ea7498dd87ee162cd7d254ac8b2274b3d3e1da557206915e9e5380f57469a3a1a37a753dbd0778ca9fc3ef8db1a694b46723f9272d7a108ef4a04e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc5e63caa080b34411301bd61e5718c3

SHA1
bdc47baa5aef59e393412eee3c18d6eeb7f8a149

SHA256
a99ee62d64031ac7ecf37f504c13e284831800b0ee33aa7d3134e5a1790f547e

SHA512
979ade671d6cc103b31901b87a5bc64ba7f911f2550b9cf8429296aed5dac1dfffe478d28174e1455ac211a816e6f76b7796d9651b5a239b585d331be49daf21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
262e16ef00671366f249c79302c577d2

SHA1
8fbc88977dc727aabed2d0a512b765a7306e618c

SHA256
63d9fb0d0906bbe39e95df30916e7d5889d3d162fb3d6d8442a19e0ec5257b0f

SHA512
051c010cd6c3af1994e5c533124fda000885096d3bad4ff5f573c6d191a1167a8accea64e73d28a4a0886c200f0a70544f3bf25d238e32e549f60797054d46d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d74b7737cd14a8bccc9e0bf0d1e7c8

SHA1
bfbccdee8c665dda3d4c9693ecc54726162b0905

SHA256
13ab4e9582e7911ac3e02baeba35eb9b22282ddfcdd05d0d24844562c93c04f2

SHA512
365a3ed274c7ac048c7d6dc59d6e611205b2e72b66607eb4b15e02b579c2a69a24e818baa70ec9166c401bdebca48f9174c1530cab3f969ab7a384621b46cb4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87ea6d2c47cf417bbc0826008ffa22e

SHA1
19e06817df56354e6c751f5849da9a00b2d4698f

SHA256
b24cbc69232cdff2f77cc090e78a07bf37eb3ff4231847b7cf5ec82219632fe2

SHA512
b5dc3fb5462961abb3fea6fc72cbd903a2232c249c25d6bea12788c05311b4015222002a071706bbbcdb0ea205ebd6f691da76f01d7d23f1aac6445f9da0d2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
770bf7c519d03fe44907322102ccb698

SHA1
aa1e5a195405b92215f0132f7fbd0701d3f50968

SHA256
98e781bbbe41f63259b46e18a50e060875cda95e65134910254d1b75f32b4958

SHA512
05727a74ae585eb48879a6623329d1026c279fac0ef2bef1c488062ff6fadc98aaad40e796b6e9cf34afcc0106207026e4fac26a23634480f05d896bee86d92e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0656c03cfdd42d03a0f96fb889811558

SHA1
51b2b8fa94e7da802341e6a3486199346dc3154e

SHA256
fdcf6b31c4435e79ec94272f8a024b67985de6f2460b485f0adfd2723c7ab5ad

SHA512
ab583e2d04d85c1387be4e210d0cc77adf66cd645fc501912326eb18a8b4e9bd1b8bcb5d0268568c2c53badaeff36b092776d6cd74a98cc742c7bf858a2a19e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
747a9a6b6063655da65eb6a449cf7f48

SHA1
39339ef29f0e9fb8484057a047754a7f0efa0476

SHA256
5ae7a4e7d304a0c128437f79f998b0f3b9a28462793b0cfc9cc23e88f055975c

SHA512
8d4e6a5b97fe312b834ead898c3adc9d6771b57b569f172219671a68a959f928b8b8323c41a541399b90856094739678d68f95d66853e44343147c23c17e2059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ABA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B1C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\-INSTRUCTION.bmp

Filesize
3.4MB

MD5
257c4bd512e68c4f67889b79efd0ba5c

SHA1
2bbda507c35c287809562fcc1687f63e1741afed

SHA256
713236a17b871dbfdf08efb3f443c3b288b433e21bfe36f78bbf759abe606e79

SHA512
60f2e650dbc24c4fbae04323710302599179f701a447992bc9c3973ef59d8cd62005659da4bf5f64ad4a046d05226e0d2a9ba386a8e5bf770be3bfc6c820ff2d

Download Submit
\Users\Admin\AppData\Local\Temp\nse17A7.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
memory/2196-364-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/2672-10-0x0000000000300000-0x000000000031D000-memory.dmp

Filesize
116KB

Download
memory/2672-14-0x0000000000300000-0x000000000031D000-memory.dmp

Filesize
116KB

Download
memory/2732-16-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download
memory/2732-366-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-363-0x0000000002F60000-0x0000000002F62000-memory.dmp

Filesize
8KB

Download
memory/2732-358-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-24-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-22-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-23-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-20-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-19-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download
memory/2732-17-0x0000000000290000-0x00000000002B7000-memory.dmp

Filesize
156KB

Download
memory/2732-18-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2732-15-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download
memory/2732-12-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads