7a11f106c159e995601f6acf7cb5bf9a78f9e766a97eb63502cb9666febc7a6e

Analysis

max time kernel
146s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/10/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s.jar
Size

23.4MB
MD5

f476422a60511cd61f6754728580ce34
SHA1

370946c72b96148d33fb436a527becc9ab291b03
SHA256

7a11f106c159e995601f6acf7cb5bf9a78f9e766a97eb63502cb9666febc7a6e
SHA512

8fae7bc1a0a568b0dd4a30c21be8d8d9da1fcdc6dcc3fd5ee1c5dab940ecf2539b9fadc2e5a597d0177c19a6cad27e7619ed7174f54e0d390e5fb419b7d49d48
SSDEEP

393216:Uj2fnuMWx2Y+fTS66Na4CUid5EYa9fL8kE/Yiuyw6iPhRD/IBRsme1eZrWl+9p:CquP2Y/fDCdfElCV/tw6i5qBioKUP

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jre-8-startup-manager.jar	javaw.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jre-8-startup-manager.jar	javaw.exe

Loads dropped DLL 3 IoCs

pid	Process
4180	java.exe
2012	javaw.exe
2012	javaw.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
196	icacls.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4180	java.exe
4180	java.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 196	4180	java.exe	74
PID 4180 wrote to memory of 196	4180	java.exe	74
PID 4180 wrote to memory of 2012	4180	java.exe	76
PID 4180 wrote to memory of 2012	4180	java.exe	76
PID 2012 wrote to memory of 1836	2012	javaw.exe	77
PID 2012 wrote to memory of 1836	2012	javaw.exe	77
PID 2012 wrote to memory of 3472	2012	javaw.exe	79
PID 2012 wrote to memory of 3472	2012	javaw.exe	79
PID 2012 wrote to memory of 3576	2012	javaw.exe	81
PID 2012 wrote to memory of 3576	2012	javaw.exe	81
PID 2012 wrote to memory of 4408	2012	javaw.exe	83
PID 2012 wrote to memory of 4408	2012	javaw.exe	83
PID 2012 wrote to memory of 2828	2012	javaw.exe	85
PID 2012 wrote to memory of 2828	2012	javaw.exe	85
PID 2012 wrote to memory of 1480	2012	javaw.exe	87
PID 2012 wrote to memory of 1480	2012	javaw.exe	87
PID 2012 wrote to memory of 2756	2012	javaw.exe	89
PID 2012 wrote to memory of 2756	2012	javaw.exe	89
PID 2012 wrote to memory of 1312	2012	javaw.exe	91
PID 2012 wrote to memory of 1312	2012	javaw.exe	91
PID 2012 wrote to memory of 4172	2012	javaw.exe	93
PID 2012 wrote to memory of 4172	2012	javaw.exe	93
PID 2012 wrote to memory of 2520	2012	javaw.exe	95
PID 2012 wrote to memory of 2520	2012	javaw.exe	95
PID 2012 wrote to memory of 3036	2012	javaw.exe	97
PID 2012 wrote to memory of 3036	2012	javaw.exe	97
PID 2012 wrote to memory of 2712	2012	javaw.exe	99
PID 2012 wrote to memory of 2712	2012	javaw.exe	99
PID 2012 wrote to memory of 4272	2012	javaw.exe	101
PID 2012 wrote to memory of 4272	2012	javaw.exe	101
PID 2012 wrote to memory of 3516	2012	javaw.exe	103
PID 2012 wrote to memory of 3516	2012	javaw.exe	103
PID 2012 wrote to memory of 4756	2012	javaw.exe	105
PID 2012 wrote to memory of 4756	2012	javaw.exe	105
PID 2012 wrote to memory of 812	2012	javaw.exe	107
PID 2012 wrote to memory of 812	2012	javaw.exe	107
PID 2012 wrote to memory of 1880	2012	javaw.exe	109
PID 2012 wrote to memory of 1880	2012	javaw.exe	109
PID 2012 wrote to memory of 3044	2012	javaw.exe	111
PID 2012 wrote to memory of 3044	2012	javaw.exe	111
PID 2012 wrote to memory of 4256	2012	javaw.exe	113
PID 2012 wrote to memory of 4256	2012	javaw.exe	113
PID 2012 wrote to memory of 648	2012	javaw.exe	115
PID 2012 wrote to memory of 648	2012	javaw.exe	115
PID 2012 wrote to memory of 3864	2012	javaw.exe	117
PID 2012 wrote to memory of 3864	2012	javaw.exe	117
PID 2012 wrote to memory of 1688	2012	javaw.exe	119
PID 2012 wrote to memory of 1688	2012	javaw.exe	119

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\s.jar
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:196
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw" -jar "C:\Users\Admin\AppData\Local\Temp\s.jar" DELAY:3
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:1836
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3472
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3576
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:4408
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:2828
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:1480
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:2756
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:1312
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:4172
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:2520
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3036
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:2712
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:4272
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3516
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:4756
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:812
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:1880
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3044
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:4256
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:648
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:3864
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
139d4cd55c2ee45f1513369a65e52eec

SHA1
c6fae8c9a35711d7a63b3b0e2c0724f01dab4a88

SHA256
ab47b9706edab7023cd871764a61cc085c1c13f486dc19e56965386904bca409

SHA512
6514ef9dfa0bd028d1c14c5b47e513d533061dd2ac62e754b00924b5215a12b41bb07e30200630ad89aab4238197dc0b3475584738df18f781a2b89faf9c379b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-160447019-1232603106-4168707212-1000\83aa4cc77f591dfc2374580bbd95f6ba_f9d1bf68-a4a3-4e40-8567-86018b80b4b2

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
\Users\Admin\AppData\Local\Temp\JNativeHook-385777659FA84E94A3812EB9A8AFAD27AE3CEED4.x86_64.dll

Filesize
80KB

MD5
e9a449971b9efb0a2e12b9cfdd95c076

SHA1
385777659fa84e94a3812eb9a8afad27ae3ceed4

SHA256
b8c331c9f915960201da9af9c9dc8309e95e7d533741e71f4a5d13ca007d3e18

SHA512
bbcaf66b316cb60c63bb190099bee36a0059f13fa35fdf3a9a3e7e9a5304abe57acd71d644cde554427825249b460d58f0aba79f599f0c6fa40d23ea21aa941d

Download Submit
\Users\Admin\AppData\Local\Temp\jna-63116079\jna1187982600044441300.dll

Filesize
248KB

MD5
4de85f9679c3a75f6d7d3e56094aa106

SHA1
052f62fb2ebec89fbe412db480865910eab693ad

SHA256
3d1b2427b45ff5178bbb4db395758bedd3a1e91121ebb3e3640b5c4e20eb22cc

SHA512
e8357eabd548ffeba42715d891b9e1ed22b7bf720f48b1888407b9ebe7a796719c60a38f4fb8bb1cf32d3c9bed210a07cc227424ef991d356ec3acef9e6223ab

Download Submit
memory/2012-90-0x0000026D818F0000-0x0000026D81900000-memory.dmp

Filesize
64KB

Download
memory/2012-126-0x0000026D818F0000-0x0000026D81900000-memory.dmp

Filesize
64KB

Download
memory/2012-147-0x0000026D819D0000-0x0000026D819E0000-memory.dmp

Filesize
64KB

Download
memory/2012-146-0x0000026D819C0000-0x0000026D819D0000-memory.dmp

Filesize
64KB

Download
memory/2012-145-0x0000026D819B0000-0x0000026D819C0000-memory.dmp

Filesize
64KB

Download
memory/2012-142-0x0000026D81980000-0x0000026D81990000-memory.dmp

Filesize
64KB

Download
memory/2012-55-0x0000026D81890000-0x0000026D818A0000-memory.dmp

Filesize
64KB

Download
memory/2012-54-0x0000026D81880000-0x0000026D81890000-memory.dmp

Filesize
64KB

Download
memory/2012-143-0x0000026D81990000-0x0000026D819A0000-memory.dmp

Filesize
64KB

Download
memory/2012-141-0x0000026D81970000-0x0000026D81980000-memory.dmp

Filesize
64KB

Download
memory/2012-140-0x0000026D81960000-0x0000026D81970000-memory.dmp

Filesize
64KB

Download
memory/2012-139-0x0000026D81950000-0x0000026D81960000-memory.dmp

Filesize
64KB

Download
memory/2012-60-0x0000026D818B0000-0x0000026D818C0000-memory.dmp

Filesize
64KB

Download
memory/2012-59-0x0000026D818A0000-0x0000026D818B0000-memory.dmp

Filesize
64KB

Download
memory/2012-138-0x0000026D81940000-0x0000026D81950000-memory.dmp

Filesize
64KB

Download
memory/2012-66-0x0000026D818D0000-0x0000026D818E0000-memory.dmp

Filesize
64KB

Download
memory/2012-65-0x0000026D818C0000-0x0000026D818D0000-memory.dmp

Filesize
64KB

Download
memory/2012-96-0x0000026D818A0000-0x0000026D818B0000-memory.dmp

Filesize
64KB

Download
memory/2012-137-0x0000026D81930000-0x0000026D81940000-memory.dmp

Filesize
64KB

Download
memory/2012-135-0x0000026D81920000-0x0000026D81930000-memory.dmp

Filesize
64KB

Download
memory/2012-132-0x0000026D819D0000-0x0000026D819E0000-memory.dmp

Filesize
64KB

Download
memory/2012-131-0x0000026D81900000-0x0000026D81910000-memory.dmp

Filesize
64KB

Download
memory/2012-130-0x0000026DFFD00000-0x0000026DFFD01000-memory.dmp

Filesize
4KB

Download
memory/2012-123-0x0000026D818E0000-0x0000026D818F0000-memory.dmp

Filesize
64KB

Download
memory/2012-124-0x0000026D819A0000-0x0000026D819B0000-memory.dmp

Filesize
64KB

Download
memory/2012-125-0x0000026D819B0000-0x0000026D819C0000-memory.dmp

Filesize
64KB

Download
memory/2012-88-0x0000026D81880000-0x0000026D81890000-memory.dmp

Filesize
64KB

Download
memory/2012-82-0x0000026D818E0000-0x0000026D818F0000-memory.dmp

Filesize
64KB

Download
memory/2012-81-0x0000026D81610000-0x0000026D81880000-memory.dmp

Filesize
2.4MB

Download
memory/2012-44-0x0000026DFFD00000-0x0000026DFFD01000-memory.dmp

Filesize
4KB

Download
memory/2012-35-0x0000026D81610000-0x0000026D81880000-memory.dmp

Filesize
2.4MB

Download
memory/2012-89-0x0000026D81890000-0x0000026D818A0000-memory.dmp

Filesize
64KB

Download
memory/2012-127-0x0000026D81910000-0x0000026D81920000-memory.dmp

Filesize
64KB

Download
memory/2012-95-0x0000026D81910000-0x0000026D81920000-memory.dmp

Filesize
64KB

Download
memory/2012-128-0x0000026D819C0000-0x0000026D819D0000-memory.dmp

Filesize
64KB

Download
memory/2012-98-0x0000026D81920000-0x0000026D81930000-memory.dmp

Filesize
64KB

Download
memory/2012-94-0x0000026D81900000-0x0000026D81910000-memory.dmp

Filesize
64KB

Download
memory/2012-100-0x0000026D81930000-0x0000026D81940000-memory.dmp

Filesize
64KB

Download
memory/2012-99-0x0000026D818B0000-0x0000026D818C0000-memory.dmp

Filesize
64KB

Download
memory/2012-102-0x0000026D818C0000-0x0000026D818D0000-memory.dmp

Filesize
64KB

Download
memory/2012-104-0x0000026D81940000-0x0000026D81950000-memory.dmp

Filesize
64KB

Download
memory/2012-103-0x0000026D818D0000-0x0000026D818E0000-memory.dmp

Filesize
64KB

Download
memory/2012-106-0x0000026D81950000-0x0000026D81960000-memory.dmp

Filesize
64KB

Download
memory/2012-113-0x0000026D81960000-0x0000026D81970000-memory.dmp

Filesize
64KB

Download
memory/2012-117-0x0000026D81970000-0x0000026D81980000-memory.dmp

Filesize
64KB

Download
memory/2012-119-0x0000026D81990000-0x0000026D819A0000-memory.dmp

Filesize
64KB

Download
memory/2012-118-0x0000026D81980000-0x0000026D81990000-memory.dmp

Filesize
64KB

Download
memory/4180-58-0x000001AC6EE30000-0x000001AC6F0A0000-memory.dmp

Filesize
2.4MB

Download
memory/4180-2-0x000001AC6EE30000-0x000001AC6F0A0000-memory.dmp

Filesize
2.4MB

Download
memory/4180-73-0x000001AC6F0B0000-0x000001AC6F0C0000-memory.dmp

Filesize
64KB

Download
memory/4180-74-0x000001AC6F0C0000-0x000001AC6F0D0000-memory.dmp

Filesize
64KB

Download
memory/4180-75-0x000001AC6F0D0000-0x000001AC6F0E0000-memory.dmp

Filesize
64KB

Download
memory/4180-76-0x000001AC6F0E0000-0x000001AC6F0F0000-memory.dmp

Filesize
64KB

Download
memory/4180-77-0x000001AC6F0F0000-0x000001AC6F100000-memory.dmp

Filesize
64KB

Download
memory/4180-78-0x000001AC6EE30000-0x000001AC6F0A0000-memory.dmp

Filesize
2.4MB

Download
memory/4180-64-0x000001AC6F0B0000-0x000001AC6F0C0000-memory.dmp

Filesize
64KB

Download
memory/4180-72-0x000001AC6F0A0000-0x000001AC6F0B0000-memory.dmp

Filesize
64KB

Download
memory/4180-61-0x000001AC6F0A0000-0x000001AC6F0B0000-memory.dmp

Filesize
64KB

Download
memory/4180-70-0x000001AC6D660000-0x000001AC6D661000-memory.dmp

Filesize
4KB

Download
memory/4180-67-0x000001AC6F0C0000-0x000001AC6F0D0000-memory.dmp

Filesize
64KB

Download
memory/4180-32-0x000001AC6F0F0000-0x000001AC6F100000-memory.dmp

Filesize
64KB

Download
memory/4180-30-0x000001AC6F0E0000-0x000001AC6F0F0000-memory.dmp

Filesize
64KB

Download
memory/4180-28-0x000001AC6F0D0000-0x000001AC6F0E0000-memory.dmp

Filesize
64KB

Download
memory/4180-27-0x000001AC6F0C0000-0x000001AC6F0D0000-memory.dmp

Filesize
64KB

Download
memory/4180-24-0x000001AC6F0B0000-0x000001AC6F0C0000-memory.dmp

Filesize
64KB

Download
memory/4180-22-0x000001AC6F0A0000-0x000001AC6F0B0000-memory.dmp

Filesize
64KB

Download
memory/4180-12-0x000001AC6D660000-0x000001AC6D661000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads