bfc58960b6c764029b12d6d0516b9bd0cd2edb0dc501027d45c15fb0b26ca4b0

Analysis

max time kernel
144s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
Size

303KB
MD5

0bf7a6a73da60f6dd8b196fe5d071c5a
SHA1

28c8ce307ba0319341bf308d83fe1d4510c751f0
SHA256

bfc58960b6c764029b12d6d0516b9bd0cd2edb0dc501027d45c15fb0b26ca4b0
SHA512

143b9ea918e59c3ed9d3e2f2a35e8786796c6d0be3d48ec97b6fcfca004c212af8b577ec3491f66a50b42c484ff17b97b16f22632159ebe572a391849e908c8c
SSDEEP

6144:WY94N2RXeBkvrB44Jz584na9rwCh7X7Eva0STD6d9Yj6ZzR:99O/BkvN4Oz58qa9rwC1L+ap6dmE

Score

7^/10

adware discovery persistence stealer upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2668	rinst.exe
2960	mini-xp.exe

Loads dropped DLL 5 IoCs

pid	Process
2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mini-xp = "C:\\WINDOWS\\mini-xp.exe"	mini-xp.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	mini-xp.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000164db-10.dat	upx
behavioral1/memory/2180-12-0x0000000002E30000-0x0000000002E68000-memory.dmp	upx

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\WINDOWS\mini-xp.exe	rinst.exe
File created	C:\WINDOWS\mini-xphk.dll	rinst.exe
File created	C:\WINDOWS\mini-xpwb.dll	rinst.exe
File created	C:\WINDOWS\inst.dat	rinst.exe
File created	C:\WINDOWS\rinst.exe	rinst.exe
File opened for modification	C:\WINDOWS\pk.bin	mini-xp.exe
File created	C:\WINDOWS\pk.bin	rinst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rinst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mini-xp.exe

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\WINDOWS\\mini-xpwb.dll"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\WINDOWS\\"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\WINDOWS\\MINI-X~2.DLL"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	mini-xp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	mini-xp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	mini-xp.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2960	mini-xp.exe
2960	mini-xp.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2960	mini-xp.exe
2960	mini-xp.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe
2960	mini-xp.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2668	2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2668	2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2668	2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2668	2180	0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2960	2668	rinst.exe	31
PID 2668 wrote to memory of 2960	2668	rinst.exe	31
PID 2668 wrote to memory of 2960	2668	rinst.exe	31
PID 2668 wrote to memory of 2960	2668	rinst.exe	31

C:\Users\Admin\AppData\Local\Temp\0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0bf7a6a73da60f6dd8b196fe5d071c5a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\WINDOWS\mini-xp.exe
    C:\WINDOWS\mini-xp.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Mini-XP.exe

Filesize
384KB

MD5
7fc435abfe477cf2e95b7783b857dd22

SHA1
629c50298d3b349a1f0fc4bae998174bcacee9a8

SHA256
7412201535bf5c9298357bc93d4e756ef969739a2883d11562dec97ae9321832

SHA512
a5547e0f5d355471d3ece84808c17af9c4f2a5002e3dafe6cdcf46590b0a755f8b649c1a2da6b0f48d4ca7cfa0f8d174739856ef2492c269a4312b15f2e4eb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
ed8a895943d55b78708fd1311d2ce1ac

SHA1
807bdf7311b2bc05ff4f5f861aadca3775dab4a4

SHA256
ff9cae27b0a2b58e7535a65cf11edfda5be44468522b10b60b61c439ab843d7c

SHA512
2fca1d0f60a8a62e4fd4135bdb10e0067a8858bf2a12657747804d30fd40630f308b38cb6f8ae4d41e3f30b1ced9cc19061360f5148386584174bacbc9215ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mini-xphk.dll

Filesize
8KB

MD5
3248f57092ad5f4ade612bb4a4808360

SHA1
f497a1eb129155a61b90c12213c7ccd938abd818

SHA256
c9699e9e77f2629096ce14a6771e02b14ab1a62cd5046b1d7ef98e04595674e6

SHA512
fcda43f7c6eaf4d20ae2aecdce36160dc9d1519c4beb49d6533c1d8aeb1e13991a38d5c1ebc6e87d230e383ed2297b5458e753bebc4bd5fb5e22c16baf5fdbdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mini-xpwb.dll

Filesize
40KB

MD5
ea5af1b2bd08702c74b5055adb8e7d33

SHA1
d72c2417c3e79434d8f337a660a1283b491458e8

SHA256
9d7f7391b255ce4a2916d5b6513bc7b572105123bc29f7710e57c1efe8ecfbc6

SHA512
3be6a369ff861109b971bd2d7ba26729d7d5004f4f0226a8d516ed8074b494059903ac80282cb3541866846ac393d9873afd10f5ed855d496c99f808a861672d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
3KB

MD5
06f61d4e6b31ab5eb8f8170ac70dfe84

SHA1
ffb2cbf2c8c698343afd5813765bf838b0f8661d

SHA256
b4334ca2cce3762362e94994876ed5b1302eaaceef72af37f568c212c3a7f3af

SHA512
1dd7fb9601a700e383c2937ddac099feffde6d4d9ee7da1c32e8052db247aac81441e579cb19c70ded20008ea43dbf7cd92ce3b640cf9658e7d1020a068c1b89

Download Submit
C:\WINDOWS\mini-xphk.dll

Filesize
8KB

MD5
c93434c190b7e1c5b7f8c5c3e95427b4

SHA1
723d837180c0e9f572f13098008a80647b504eda

SHA256
dc381580da21d22e498862192429f5fff0b1c95fd0e687b259d00c2df5b5a62d

SHA512
d8525ba5bebf3700af85712d1f1ebc44d05ba7d62292dab183f9ee300278bfbce207cc21dfdd11f96babf08d348cd47ef66c416b9e0c5881311be01e52e63f8b

Download Submit
C:\WINDOWS\mini-xpwb.dll

Filesize
40KB

MD5
5d6103059981886ee29698ef77006398

SHA1
02679e8da4f9c86481d4ae1280b31c73d4682eef

SHA256
a2bc198ac23bc884dfdfb5d07824f673557d28493f23d7f86cfba498406a7cfa

SHA512
56027d02135d1fa1a711507dd8f2985c45f1c71669a388d2363b9dcb88a85aef8fed9bdf8db56db2923fc62c14d0a0832dda73b7c793ad25268e4fb6d0c8f9c0

Download Submit
C:\WINDOWS\pk.bin

Filesize
3KB

MD5
e745f74a17f40c9f0b3afca1bcfbee4f

SHA1
041c7eadd738fdd3bcfdef8109ba357e17802f51

SHA256
10f4055e007a25642dbe01928f5e20791ff6fea39b1c75c77d2d6d01b3e563b2

SHA512
455b43042352ffc37678070dd1234575d28abb377c342847a110443816e47d007d8b15007c3a035cb23ebe5df33d752acc2572a26e811ce8fb25597507753b3d

Download Submit
C:\Windows\mini-xp.exe

Filesize
384KB

MD5
ada1988031b565e0d529a546ac600aca

SHA1
31ea4a318da7193de8a2b11c9c19ea43eb68b18c

SHA256
ddeb3dc9271d6d1c1481a10f12b9cb373edd48b165a40bf762f377804dbddcec

SHA512
eb386eff5f7c3cf8e789c1c5f09f50a0740a02d865b0be772a2d8ed19ef9aba3c8a783da2165fc366f2d9bbba2135371420a470fa2eae0f65568aac9136e2343

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Mini-XP.exe

Filesize
83KB

MD5
216bd757227066de90559e7c31c5f7b1

SHA1
47a810969a7e1cc7af70c4689bc0823594ecd71b

SHA256
36fd0e3dc5e9f38e7e6d5220e389c7af6d36fc73c30e4fc756042bc27af6bb88

SHA512
382b5ab440496171651063bba643843b578fc5cdc72694360a9fcfc7b0de94e520dd25cc169b5ebc9dd6437525e70e222d6e22252e024f4429dd5629e8f43439

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
16KB

MD5
25ca20c1d62da229dc135015cef460e4

SHA1
e351fcaee513197a89054d432e6747b3ad372baf

SHA256
e07774d73ad137ea9d9eeab564d7844baf523cb26459ac2eae5e631403fcec81

SHA512
45aa4f3cd9d91ae1ee9968c72dbcd5ab7d448225928af8283d5e04a64867cb5f940b228de6c753fd27124d3ea3e827c46695bcccc7dc9653efe9670844d7c117

Download Submit
memory/2180-12-0x0000000002E30000-0x0000000002E68000-memory.dmp

Filesize
224KB

Download
memory/2180-34-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2180-35-0x0000000002E30000-0x0000000002E68000-memory.dmp

Filesize
224KB

Download
memory/2180-58-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2180-59-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/2180-60-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2180-61-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download
memory/2960-62-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads