cef4173afc01d70c99818a3a6099a1ebe939ee5b39a3c92b149a659b300e23b4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe
Size

65KB
MD5

3110063a4d08b9c8f873fc641dd9fd8d
SHA1

b75ed6a779b8ff34bc00030c886ec01e4081f27c
SHA256

cef4173afc01d70c99818a3a6099a1ebe939ee5b39a3c92b149a659b300e23b4
SHA512

d060e4859c96046e92cbd472d8572d788d222a4b9934f4cc052f658aa936aef4607abff4903014b088df785be1759dbabe172cfb8bf0aade509298865da0eebc
SSDEEP

1536:o4rlcp+YIfbhkuGP5bM6gqC7KnBwvtpcyDxFtwk:o4YI1kuGPcx7sBCoyDzik

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2260	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
2112	Regsvr32.exe
2452	Regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478}	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A}	Regsvr32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\zolker005.dll	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ztoolb005.dll	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\CLSID = "{B75F75B8-93F3-429D-FF34-660B206D897A}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar	Regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}	Regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\VersionIndependentProgID\ = "ZToolbar.StockBar"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Programmable	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib\Version = "1.0"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ = "ZToolbar"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ = "IParamWr"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\Control	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\ztoolb005.dll, 105"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.activator.1\CLSID	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib\Version = "1.0"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ = "IStockBar"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\TypeLib	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\VersionIndependentProgID\ = "ZToolbar.ParamWr"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\InprocServer32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\0\win32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\InprocServer32\ = "C:\\Windows\\SysWOW64\\ztoolb005.dll"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.ParamWr.1\CLSID	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.activator.1\CLSID\ = "{FFF5092F-7172-4018-827B-FA5868FB0478}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}\InprocServer32\ = "C:\\Windows\\SysWOW64\\ztoolb005.dll"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}\ProgID\ = "ZToolbar.activator.1"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}\VersionIndependentProgID	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}\VersionIndependentProgID\ = "ZToolbar.activator"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\FLAGS\ = "0"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.activator.1\ = "ZToolbar Activator Class"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.ParamWr.1\ = "CParamWr Class"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\ProxyStubClsid32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib\Version = "1.0"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\TypeLib\Version = "1.0"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.StockBar\CLSID	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.activator	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ToolboxBitmap32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus\1	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32\ThreadingModel = "Apartment"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\FLAGS	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ = "ITBActivator"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.StockBar.1\CLSID\ = "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.StockBar\CurVer	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\ProgID	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.ParamWr.1	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID\ = "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\MiscStatus	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer\ = "ZToolbar.ParamWr.1"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\HELPDIR\ = "C:\\Windows\\SysWOW64"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib\ = "{84C94803-B5EC-4491-B2BE-7B113E013B77}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32\ = "C:\\Windows\\SysWOW64\\zolker005.dll"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.StockBar.1\CLSID	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.activator\ = "ZToolbar Activator Class"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\ = "CParamWr Class"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}\1.0\0	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZToolbar.StockBar\CurVer\ = "ZToolbar.StockBar.1"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}\TypeLib	Regsvr32.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2112	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	30
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2452	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	31
PID 1016 wrote to memory of 2260	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	32
PID 1016 wrote to memory of 2260	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	32
PID 1016 wrote to memory of 2260	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	32
PID 1016 wrote to memory of 2260	1016	3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32.exe /s zolker005.dll
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2112
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32.exe /s ztoolb005.dll
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2452
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\phhr.bat" "C:\Users\Admin\AppData\Local\Temp\3110063a4d08b9c8f873fc641dd9fd8d_JaffaCakes118.exe""
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\phhr.bat

Filesize
42B

MD5
206dacf9dfb4c6fddb790d7efcc79747

SHA1
402e3fa2aa89ce44481535c91a27a8f95714d908

SHA256
8c5318e9b16a29ffdb75adfcbd36d9dc9866f9e52d4b8212ad515f477b568bcf

SHA512
e6e55368dfd733f8a99a05d8a7bc8c9415fc7a5e6983aa2f43bcbe6cd2713ba58d3b11e2159a61eea0a860301c3a26c6853854f4a474711a328aa0cc273caeb0

Download Submit
C:\Windows\SysWOW64\zolker005.dll

Filesize
83KB

MD5
f57ba4f0951e916a506a4591350a3dc5

SHA1
0567396ac10caee9796ecf6d48f70935fc53b992

SHA256
b0c8573906b1a3e33c9015fc26c5558de4472509b12bfdd5f2673e21b89de781

SHA512
993b4abbdaf30854415a236778de8265d4afd22bd2b155b81e450c2de614de018cb68437845f4ed691eb6a57e04e4e730c8c1283d992bed69d493e298f00fad8

Download Submit
C:\Windows\SysWOW64\ztoolb005.dll

Filesize
53KB

MD5
dfe627ffc6143779e9a95ddd50f950a4

SHA1
b6506ec737be683f1218ea1989d8f2718bb0bec7

SHA256
8280a3f2ca7d59029efc9170f44bb1716b43f395d0a7baa9901f638b378c9baf

SHA512
362ec9ad46376e4ac6e430812ba7cff426747e35b26c9dd03838c5f6334f45f5300574cd773c6f5d196aa2ebbfd9adec9308203918d9e7797301d0f93d9c6702

Download Submit
memory/1016-14-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads