locky_lukitus | ae2cf1bbd5d9c324dafa15fd781d5cf8913c615a669e135b73500cdada18f215

Analysis

max time kernel
143s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe
Size

615KB
MD5

fdbcc27417a705f78f340db3101bd95d
SHA1

ee0fad42e180ceecd0362874ea3b9ddca6c4a064
SHA256

ae2cf1bbd5d9c324dafa15fd781d5cf8913c615a669e135b73500cdada18f215
SHA512

60fe58fc206ec59f2a9c7d30d7e3f5d70f8a3b24c6877a1045a9fdc227a63ecef7d8f973f013852a7c3ee7b74db3a1bd2d4a55bb26aa159b8eb64e166de01bd5
SSDEEP

12288:hBRpTBaRPu8d9JHxA5mOI0wsgs9sf+lJ+j4b2c2MZ:hVTO9dxAw6/gsc+lJ+SZ

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus

Deletes itself 1 IoCs

pid	Process
2944	cmd.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\WallpaperStyle = "0"	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\TileWallpaper = "0"	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAF57461-7E15-11EF-BFBC-7694D31B45CA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000098db614fb8119295e47295796d17d2648c267fb2fa4ace3c2dc661bf67029715000000000e800000000200002000000077dc84ae68030b0e63dcbd4afd33451c799f6a1c2f528367e304668d6cd6fa052000000025ed4f7b99dbef19f25a8fa8428809ca26c1c0d8479b60bd67c23cd3d2a4a0d9400000000d73f0b022d5df130cf06aac2a679e225c3ab31fc8f821e62b067487b7f4ee8860710fae95840091e8bda585ab01a1266727866ec8cc1473efb00c582cd71c6f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05d6f8f2212db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000057b622c3c7b2c2dafeab615375f7456d4c08e658b549b8d285e1ef9703b888e1000000000e80000000020000200000001aa4919b18cf812364eb0db93ee9c8ae49e8673f3417f121e0b2b347c2a89117900000003146bf0134d4ce6e0fe71c51de0e31816c256b6bc9be17da88ce8a8a54ad61f5db492f38b89c80f6bee273c4b631714d8b215371d0f25b1686a12f3cf897b052378243d24ccf8b4295fdbbed8b48dd058e67b554ffc8b92e7e58d49082980eabcd0ebac0df8e6a3bf2b347bcf4436b79e467108a0a63b5374e3acc1caac40432fe617df0302dfbdf0680818958b6b6db40000000f63ef8d72c32f5b5ecdaedac26423ad6ff77b15b03daff455e5815d2fa02bbe67571a08850bce1171338f79a468f325f93b3f5e5607b10ddc46e303f1a0a7e2d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2532	iexplore.exe
448	DllHost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2532	iexplore.exe
2532	iexplore.exe
484	IEXPLORE.EXE
484	IEXPLORE.EXE

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2532	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2532	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2532	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2532	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	32
PID 2532 wrote to memory of 484	2532	iexplore.exe	33
PID 2532 wrote to memory of 484	2532	iexplore.exe	33
PID 2532 wrote to memory of 484	2532	iexplore.exe	33
PID 2532 wrote to memory of 484	2532	iexplore.exe	33
PID 2792 wrote to memory of 2944	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	35
PID 2792 wrote to memory of 2944	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	35
PID 2792 wrote to memory of 2944	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	35
PID 2792 wrote to memory of 2944	2792	fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe	35

C:\Users\Admin\AppData\Local\Temp\fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:484
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2944

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
592bbadb17d0723ae4e9da12f5adfade

SHA1
71cdc4867f362cb358e26187b838fe35895a081a

SHA256
83110bd790db5af052599906ce56161c4d1206685c11b7759e1d41318b730299

SHA512
ab6ae56a3793f90cbc32fa3f0dc1d4ed79a43089924cf25df66d6a2a95eb2042d9e730f04c83a3e16bb4d8da36b64fdc03ee2625c3f39b3dd83e98c94d04ef16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38c256af9f92e6436f22df5980ba9a5b

SHA1
8cd9c4d3521c3f8bb74fdae1719343126e657b8c

SHA256
85c48f40ad1e56fa3668a881e21ffbd73fc8fec39d66e0ddc6fc9dfba23d588c

SHA512
0aefc5a09505e22e6589b69bfa1f6f0527465d3cf58a96a5f994a383cdd9a5a1771e9797af2d514691f51fef466397b12cfed8ffd180e6a0e9fdcba181126ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd4a27af4cc27750fe419ba7a1e06d38

SHA1
1799af5188a3be398eb9860c37a1fd2c8bdedb38

SHA256
15e12ed5ce1d04cab28ae69ed5a799f272f3ef430cced03ba372aad317de0470

SHA512
876229eb1ad5b8a5062b51c7a1731221bbd8727e88490e47d76a4bfa662ae1b51cf8222d92af0926a9ebc4198d29d0a195a918e365bde55a8d6aa56030617666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abd83257e90ec1df7c25b35bca0bfc03

SHA1
f71c600cf6a83cade373e60903d11b873408a978

SHA256
89509bea32f5828c5059f1b11fbeda0b72c9cc804e2706132445cb664290a44e

SHA512
f3e228fe43ae028678b6b7eab3b126069fcd830f6ef034be83cb820d356a04c5999d9c1341f76605e68c2da7d703f3e0a5a929c1ef3ee7141c7e46ef86824243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7381295c0e4ce28def08952cd6264ef6

SHA1
4063c9540c6134d976b236e6b05c1b968bb91fdc

SHA256
a1539b930954a205b38fe95c905534e1490bb828fa444a5ea4b8a658118bcbfe

SHA512
ce6264894b882aa98b2f729361aa14e9589c584d86e8e21688d025255a4cfcd081da31d1f1b1f2671d18741ac5369f0da70c6ba0138dcf954ce6e751593e57f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93e1e684ded5293e5d43619472f1f1ac

SHA1
32fdff698cdbe254784955379bdda9507e033a6f

SHA256
ef502d8ce364f30812d1122c301f29ba62e12e41419f2acd31ed9cf8b172eefe

SHA512
3627afa173530f8df79cca7e6cafbcbce613b4dd309d518d53e266de99222e5a59f7323bfe02a96e4c48a96515d8a4014e0fb2e643c8222899e6012cbba22a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83b7aff38c454b12d69a4aca9dc215c0

SHA1
f9fcbcfcd39a94f4d8ee1bf46542fda1a30f031b

SHA256
9668aec8d6f218786eb5adcbce1f27907d1bf51e9821362a68baef7cff70265b

SHA512
f7b7533967d03241577ca099c388ea415fb1041686371469c10ef03b4f4df015e6d4f267c1c7b2f4ab3df647aacae45512517cb0a4e16a391d00d26d50b31323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad45123da99f1dd95dabbf341e74555b

SHA1
d017bdbcd26598899905e8dc40f65fba34a30fb3

SHA256
05c8536371580dcaee8c38787e9760195949aa103122f7cedba0cb041b3a4e66

SHA512
7698bdc87bc385bbbcc5a9d4007f698b9e0b77731cf20b2a9bd424643d2eff865e92675844d34e54354ebe99cd147b54700d2709132cc634d07541133b44a937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6ef418998548b144f104b7c856e9729

SHA1
5163745930eaa1b9894ce5dbf5993582e4a4326f

SHA256
808dda2400d9e049db9d57914c1b81a9aafd8266e96435da0acb8ab3ff9c5c4c

SHA512
0267349954d23d2e2a8515e3ceefccbd52f4eb9d4626ad19b0d36799034cdacc54ff585eccda45f80da5fc54cac95c58fcf857c882418488411d8251581e0013

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B2F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3BBF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp

Filesize
3.4MB

MD5
077fc9e81f2d3bab285e4a825f119d24

SHA1
54a233fd74f26462765fcdcd5fa3ad6165e72a69

SHA256
e9eaa5cc3fea2ae5ad8a10d3c9af6ebcbf5ee7ec7d6a1b3dde2437bb1abc9641

SHA512
8b53d51eb8edd4d785a98189e52543345b682070aaacdfb70fcf7a8f00b9a61f7e11edaddb10acb95baaa40ae4dd5262b0fccae753b37cacf5578148f080a8c0

Download Submit
C:\Users\Default\lukitus-19bd.htm

Filesize
8KB

MD5
0abc6620594f339c22635b67ff313354

SHA1
3f10c13b9ae9c3704fc880dfaa68d3ce028ff50c

SHA256
8f40fb62020f8caf454899eed801dbab9b143ec5b8a9f34bc37194d6c075909e

SHA512
465fb87b28fb2c69ebea346c6f977e31bdc016bd5d89fe39dc9a864b85d5dcd35864ab2f1cc058fdb0297b889a8e24dea487aca27739261ca204a87a2726fc06

Download Submit
memory/448-272-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/448-271-0x00000000001A0000-0x00000000001A2000-memory.dmp

Filesize
8KB

Download
memory/448-704-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2792-6-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-270-0x0000000002880000-0x0000000002882000-memory.dmp

Filesize
8KB

Download
memory/2792-265-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-8-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-273-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-7-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-4-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-3-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2792-2-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/2792-0-0x000000000049B000-0x000000000049C000-memory.dmp

Filesize
4KB

Download
memory/2792-1-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads