dc14091dd283ea5503280f9378c2abd570f658b08b97a901586b9d1f268f493d

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
Size

1.1MB
MD5

00a070f995feeb6cef385e2795d3d267
SHA1

392beb989ceaeaf87f163c50348689f9c3f228cb
SHA256

dc14091dd283ea5503280f9378c2abd570f658b08b97a901586b9d1f268f493d
SHA512

474f440a935509f1cc88990c5711f992b4473c217558d3352ef61da42210d0857d27265a08fc2ab290fbeecc9e9db89950148dc7d66978768e06fe3de7432627
SSDEEP

24576:hAkWrPamBGBL2Vp/Z9x6VFoas4+0U8hdHgyVo+F4CbdKy6vcr:hkZGBL27kwap+0U8hJE+FXd7lr

Score

7^/10

discovery persistence

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6FCD03.lnk	W43D57A.EXE
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6FCD03.lnk	W43D57A.EXE

Executes dropped EXE 2 IoCs

pid	Process
2680	W43D57A.EXE
4196	NT-52616889.EXE

Loads dropped DLL 13 IoCs

pid	Process
3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\6EDEC5 = "C:\\Windows\\SysWOW64\\7533b0\\W43D57A.EXE"	NT-52616889.EXE

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\7533b0\NT-52616889.EXE	W43D57A.EXE
File created	C:\Windows\SysWOW64\7533b0\krnln.fnr	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\W43D57A.EXE	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\HtmlView.fne	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\W43D57A.TXT	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\7533b0\9ab02db2.txt	W43D57A.EXE
File created	C:\Windows\SysWOW64\7533b0\dp1.fne	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\7533b0\dp1.fne	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\eAPI.fne	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\internet.fne	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\7533b0\9ab02db2.txt	W43D57A.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	W43D57A.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NT-52616889.EXE

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 38 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000003e59054c100054656d7000003a0009000400efbe02597a633e59054c2e0000008fe10100000001000000000000000000000000000000420b6600540065006d007000000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 560031000000000002597a6312004170704461746100400009000400efbe02597a633e59054c2e0000007be10100000001000000000000000000000000000000f77654004100700070004400610074006100000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 780031000000000002597a631100557365727300640009000400efbe874f77483e59054c2e000000c70500000000010000000000000000003a0000000000ffc4620055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000000259a36510004c6f63616c003c0009000400efbe02597a633e59054c2e0000008ee10100000001000000000000000000000000000000150fdf004c006f00630061006c00000014000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000000259736f100041646d696e003c0009000400efbe02597a633e59054c2e00000070e101000000010000000000000000000000000000006bd15a00410064006d0069006e00000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3528	explorer.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
2680	W43D57A.EXE
3528	explorer.exe
3528	explorer.exe
4196	NT-52616889.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE
4196	NT-52616889.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1668	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	81
PID 3052 wrote to memory of 1668	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	81
PID 3052 wrote to memory of 1668	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	81
PID 3052 wrote to memory of 2680	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	83
PID 3052 wrote to memory of 2680	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	83
PID 3052 wrote to memory of 2680	3052	00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe	83
PID 2680 wrote to memory of 4196	2680	W43D57A.EXE	95
PID 2680 wrote to memory of 4196	2680	W43D57A.EXE	95
PID 2680 wrote to memory of 4196	2680	W43D57A.EXE	95

C:\Users\Admin\AppData\Local\Temp\00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00a070f995feeb6cef385e2795d3d267_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1668
- C:\Windows\SysWOW64\7533b0\W43D57A.EXE
  C:\Windows\system32\\7533b0\W43D57A.EXE
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\7533b0\NT-52616889.EXE
    C:\Windows\SysWOW64\7533b0\NT-52616889.EXE 4|-|SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6EDEC5|-|C:\Windows\SysWOW64\7533b0\W43D57A.EXE|-|0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4196

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

Filesize
124KB

MD5
c6c43f32ffc97272fddeb3dd480657b1

SHA1
311d8c071c8aa9fc1443803e552301bbf06e990e

SHA256
8832bdbc8231842a6d79c972cc9a6d8327ef674a4a2310fa43c731dea3383c17

SHA512
e00d1a818a33fde84ad04253e00115cc885cddfcb773c1a96820f9b8b27daa6f28ec3bd9f2e31912f8e2e6fa61d4b437edc796a9498605aeff90ebbff1fb699e

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
54e586fb1643679e7d6ce885ad679a78

SHA1
899a490553e6460d63c8ba41999873652943ce8a

SHA256
60034f94c565dc91fa569019685efbfcf475ebf967d0bbab02b8177dfab0619c

SHA512
a129b24855429ce804467103846832ab3b126fb190ec6ccf473cd6db7455689abef6799c42a874a2531af74b29d74c2882ca4b11ca748be3adef91d147d51727

Download Submit
C:\Windows\SysWOW64\7533b0\HtmlView.fne

Filesize
212KB

MD5
4c9e8f81bf741a61915d0d4fc49d595e

SHA1
d033008b3a0e5d3fc8876e0423ee5509ecb3897c

SHA256
951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129

SHA512
cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7

Download Submit
C:\Windows\SysWOW64\7533b0\W43D57A.EXE

Filesize
47KB

MD5
0271e117f0345ba46ffea502d03c86d2

SHA1
2350ad29d9462f99e867ee8022c4cbb3c8b8b4de

SHA256
21d719955b0893032aa7ffde54d8abd3c219181c6a9a29871c0a7eb536306346

SHA512
5fa36016d8cc1d8853b9e455345e873f32b3b263f019566a3ce35b65a69c8f8020942cd85c563f5ca647f18224ac4e3fc3f94eeb2bdfebefe435a57981158c6e

Download Submit
C:\Windows\SysWOW64\7533b0\eAPI.fne

Filesize
328KB

MD5
7bcb58659e959d65514c45cd01bfc8e4

SHA1
c2f41529a536c746ac0cf92c026dea65798f3ee7

SHA256
f37248aa68d84818fba2b1ea160d7eec4d3f426eeca4d215c8db8d8389d18388

SHA512
0b33bbcb059de95e74e9e115fb09ca73846720041113c9cab10e5dec40024136241d66a92181527e36db714c4c96ee532b7df00ae2c10798d8bea947f6762217

Download Submit
memory/2680-27-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2680-45-0x00000000026B0000-0x00000000026D1000-memory.dmp

Filesize
132KB

Download
memory/2680-31-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2680-68-0x00000000026B0000-0x00000000026D1000-memory.dmp

Filesize
132KB

Download
memory/2680-35-0x0000000002220000-0x0000000002258000-memory.dmp

Filesize
224KB

Download
memory/2680-67-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2680-40-0x00000000023D0000-0x0000000002431000-memory.dmp

Filesize
388KB

Download
memory/2680-66-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3052-47-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3052-48-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/3052-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3052-4-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/3052-21-0x0000000002490000-0x00000000024B1000-memory.dmp

Filesize
132KB

Download
memory/4196-62-0x00000000020F0000-0x0000000002128000-memory.dmp

Filesize
224KB

Download
memory/4196-64-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4196-65-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads