c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Size

2.3MB
MD5

860d2b1f4865b86d437f13937f16f4af
SHA1

6e7e78af7fbf01187d1b919ae113ef921224a658
SHA256

c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a
SHA512

103b56f6502b8ea28f5c76f1275bded10a47b0fff88f5fca4e4dccb6a913ef171219090bfd0bdb0c28cba2bb67bf1d1d149dacd48ac1498c53acf1229e76582c
SSDEEP

49152:ujvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:urkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Score

7^/10

discovery persistence

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000234d9-11.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
1260	ctfmen.exe
4892	smnss.exe

Loads dropped DLL 2 IoCs

pid	Process
3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
4892	smnss.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	smnss.exe

Maps connected drives based on registry 3 TTPs 6 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	smnss.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1	smnss.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	smnss.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\smnss.exe	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File created	C:\Windows\SysWOW64\satornas.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File created	C:\Windows\SysWOW64\zipfi.dll	smnss.exe
File created	C:\Windows\SysWOW64\grcopy.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File opened for modification	C:\Windows\SysWOW64\shervans.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File created	C:\Windows\SysWOW64\shervans.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File opened for modification	C:\Windows\SysWOW64\grcopy.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File opened for modification	C:\Windows\SysWOW64\satornas.dll	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File created	C:\Windows\SysWOW64\zipfiaq.dll	smnss.exe
File created	C:\Windows\SysWOW64\smnss.exe	smnss.exe
File created	C:\Windows\SysWOW64\ctfmen.exe	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
File opened for modification	C:\Windows\SysWOW64\ctfmen.exe	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
4892	smnss.exe
4892	smnss.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\SLERROR.XML	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\README.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	smnss.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt	smnss.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4384	4892	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ctfmen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	smnss.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	smnss.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4892	smnss.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
4892	smnss.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 1260	3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe	82
PID 3868 wrote to memory of 1260	3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe	82
PID 3868 wrote to memory of 1260	3868	c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe	82
PID 1260 wrote to memory of 4892	1260	ctfmen.exe	83
PID 1260 wrote to memory of 4892	1260	ctfmen.exe	83
PID 1260 wrote to memory of 4892	1260	ctfmen.exe	83

C:\Users\Admin\AppData\Local\Temp\c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe
"C:\Users\Admin\AppData\Local\Temp\c006ee0ff215b24609b2e5494944e21b67fdf61bead8e7129396fa6b3eaadd6a.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Windows\SysWOW64\ctfmen.exe
  ctfmen.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\smnss.exe
    C:\Windows\system32\smnss.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Maps connected drives based on registry
    - Drops file in System32 directory
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 1732
      4⤵
      Program crash
      PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4892 -ip 4892
1⤵
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ctfmen.exe

Filesize
4KB

MD5
7a0e1f897ec6445474ca94b29b1a9da5

SHA1
e6c235fd6e1e3128042cbb61339b8a301f2b7555

SHA256
fae27c3c85faf552a1bdd6db2a9ccb88db8abd8130692e0fc315675763631773

SHA512
bb61cdda0de6ee6a6f109a920801422a45ed6793de1424327a7cd17a2bc9b88d32eb8901d1e8ed3d34af87a06a17c53094d4828b6b2df29e9c4800f570ac3075

Download Submit
C:\Windows\SysWOW64\grcopy.dll

Filesize
2.3MB

MD5
9894ca02c4f090906585a02c62393e25

SHA1
be1891c942a3227d64a348b8ce2af3b8ad500938

SHA256
669f3ace01c6b946851ce8ad1241f02f6f0db467182a5f79b4ba7655813f09aa

SHA512
76b4cccbdfe43ef1ba9ebf960d77ceca2f74548be0c7e8a4192c55db71a97ba1b5832284b9f3a439495060e5622197c2d0e89e26d3f718b90e5bfce1833b6f80

Download Submit
C:\Windows\SysWOW64\satornas.dll

Filesize
183B

MD5
c9e2cd38ef09dd8fc78e693871c46c37

SHA1
6b0838ab5e91e84f001ee38b1a2490dc8f8d6b91

SHA256
781ddd3d864d14d57365214ddcd31655b1a5221f3fd158ca61d274ae93b20aef

SHA512
7cbd0ece40279c4f7840ebe685ecdb28aa6032a540fc40cbf476c16120006a28b6037523fcbc3618cb975cb2e4abdc22ce6000e2fdccfdc046283e5740e67b11

Download Submit
C:\Windows\SysWOW64\shervans.dll

Filesize
8KB

MD5
5a8c5755d87e48b41d155b6c3537a3f1

SHA1
1729c191e339d02d3c73134f52dc6820713666e3

SHA256
a84959161f114e6a72acfa7271e0a9f4c8e1d734a0efe837b3e541610ad3e5ff

SHA512
8cd7bf60284a0f616098364967b3c55279fa3f0b32b324d865a6a9ae4fbe82466238edb9d7286520a8aec6bdba227b154d17a0e439336a90680b408f19d16aff

Download Submit
memory/1260-22-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1260-31-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3868-29-0x000000007FA70000-0x000000007FE41000-memory.dmp

Filesize
3.8MB

Download
memory/3868-25-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3868-14-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3868-1-0x000000007FA70000-0x000000007FE41000-memory.dmp

Filesize
3.8MB

Download
memory/3868-0-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/3868-24-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/4892-40-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/4892-33-0x000000007FA70000-0x000000007FE41000-memory.dmp

Filesize
3.8MB

Download
memory/4892-32-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/4892-41-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/4892-42-0x000000007FA70000-0x000000007FE41000-memory.dmp

Filesize
3.8MB

Download
memory/4892-44-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/4892-43-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/4892-45-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads