53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Size

2.3MB
MD5

4e41edbb07a20f4dd929c464c93a5400
SHA1

6e2d9221b6b72e078f7db98f4f9f21cdca0780a5
SHA256

53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1b
SHA512

fd0720799dac75f56416f152c75b95e1092ba16edf6f4b498e1e831cafef0da6c2b05c00164126cd4db221d876244cf3e36cd61818dad1183c48c53c558bb280
SSDEEP

49152:Gjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:GrkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Score

7^/10

discovery persistence

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000016599-11.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
3040	ctfmen.exe
2472	smnss.exe

Loads dropped DLL 9 IoCs

pid	Process
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
3040	ctfmen.exe
3040	ctfmen.exe
2472	smnss.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	smnss.exe

Maps connected drives based on registry 3 TTPs 6 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	smnss.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	smnss.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1	smnss.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\smnss.exe	smnss.exe
File opened for modification	C:\Windows\SysWOW64\ctfmen.exe	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File opened for modification	C:\Windows\SysWOW64\shervans.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File created	C:\Windows\SysWOW64\smnss.exe	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File opened for modification	C:\Windows\SysWOW64\grcopy.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File created	C:\Windows\SysWOW64\satornas.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File opened for modification	C:\Windows\SysWOW64\satornas.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File created	C:\Windows\SysWOW64\zipfi.dll	smnss.exe
File created	C:\Windows\SysWOW64\zipfiaq.dll	smnss.exe
File created	C:\Windows\SysWOW64\ctfmen.exe	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File created	C:\Windows\SysWOW64\shervans.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
File created	C:\Windows\SysWOW64\grcopy.dll	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
2472	smnss.exe
2472	smnss.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	smnss.exe
File opened for modification	C:\Program Files\ConfirmUnprotect.html	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	smnss.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	2472	WerFault.exe	31

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ctfmen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	smnss.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	smnss.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2472	smnss.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
2472	smnss.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 3040	2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe	30
PID 2884 wrote to memory of 3040	2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe	30
PID 2884 wrote to memory of 3040	2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe	30
PID 2884 wrote to memory of 3040	2884	53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe	30
PID 3040 wrote to memory of 2472	3040	ctfmen.exe	31
PID 3040 wrote to memory of 2472	3040	ctfmen.exe	31
PID 3040 wrote to memory of 2472	3040	ctfmen.exe	31
PID 3040 wrote to memory of 2472	3040	ctfmen.exe	31
PID 2472 wrote to memory of 2612	2472	smnss.exe	32
PID 2472 wrote to memory of 2612	2472	smnss.exe	32
PID 2472 wrote to memory of 2612	2472	smnss.exe	32
PID 2472 wrote to memory of 2612	2472	smnss.exe	32

C:\Users\Admin\AppData\Local\Temp\53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe
"C:\Users\Admin\AppData\Local\Temp\53e3fbb16fd2f27921f27bf66bfcec3211f15bf8a246c1c4fd0776c79faf9a1bN.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\ctfmen.exe
  ctfmen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Windows\SysWOW64\smnss.exe
    C:\Windows\system32\smnss.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Maps connected drives based on registry
    - Drops file in System32 directory
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 904
      4⤵
      Loads dropped DLL
      Program crash
      PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\satornas.dll

Filesize
183B

MD5
b5855810ba47683da7bcae4bbc92ca82

SHA1
8d7c47d01d7a0206da9e9ac5fd4aa483bf184bdc

SHA256
7edb390ddbbc1b395a3e964aa98a3a64aa730dc6875215b1c32bc0e16922f841

SHA512
68c226d3a99ee840795f094d0b9894ea7485816fa1562a56214320eb48abf6e1745c39464492f2773ba7669a65fa1a1aa52c7ddcfa867e78081bc0d55ff58015

Download Submit
\Windows\SysWOW64\ctfmen.exe

Filesize
4KB

MD5
4753aa431681ce91bd937ea14b58aaef

SHA1
034736463145b78017bf5f77c047970131efe818

SHA256
3f1c1c30c8e9a12b52fc5160766ff89a6524a2e99d4409075895c2244e4e0e2c

SHA512
415ae3aac5ed60d995afd328fc3f09a31b36ef1c966a4ad6b5016094d3f8762646f8f7b76fcf74aeaeb25a264647e352e50ada741384552d92e6be8062f9c0e5

Download Submit
\Windows\SysWOW64\shervans.dll

Filesize
8KB

MD5
2903b773fdabccba1c0a8e4f3f524fa9

SHA1
80a1a7a746af591cd41a3f96055867c1908531b3

SHA256
d367ce61d6571f762db6699a8ed71cb1b8dd249230ea331b9b629342274a7533

SHA512
fb4b851d311c58229c6ebc39c8a75c5d8b73b6f2946d09b77ab08402ce869274df07b7f2d219e1fefab6d95f2ac1b1c41c9fa86af28cae0202324d8064cfa692

Download Submit
\Windows\SysWOW64\smnss.exe

Filesize
2.3MB

MD5
3c0dcbfbcc4bcab76a08f8d75fc45642

SHA1
670d085c97d7d5b2fad9f9caba3fdb6e93d4e59e

SHA256
a1b8abfa73d5d6ec0924e34da1d0c75bfc1735d1250747cc9398de2964a690b8

SHA512
5816fc35baa90202c2517d4e525f31a9a08af8dd135bd3a6e52e75bf67cb06d099d46aa39fcb10dfe079f1aa44d005b6af6e28d3d7ac9818dd92b97569a51dca

Download Submit
memory/2472-45-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2472-37-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2472-52-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2472-46-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2472-47-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2472-48-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2472-36-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2472-43-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2884-33-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2884-20-0x0000000000170000-0x0000000000179000-memory.dmp

Filesize
36KB

Download
memory/2884-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2884-0-0x0000000000400000-0x0000000000DCE000-memory.dmp

Filesize
9.8MB

Download
memory/2884-35-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2884-13-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2884-27-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3040-28-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads