banload | 4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Size

4.6MB
MD5

c0a5f0a0ea95ae5d6b1a3dc36151dfc2
SHA1

b57e795d9f3fe1e61d5f171cda6b411b6d67f21e
SHA256

4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa
SHA512

adc02b226ad781b27bff2bc04c4c6e1121b6bd322673eba22bbf7de76d47af6a0d2c8f2d485cee70337ee84d03a7be0678b0bdabc64f5c7204d0dcc6466a6ead
SSDEEP

98304:RF8QUitE4iLqaPWGnEvSdsc0B18YhT8qX/WqDb:RFQWEPnPBnEKd50P8YhT825b

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

Renames multiple (420) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "Microsoft Graph Application"	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocHandler32\ = "ole32.dll"	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\LocalServer32	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\LocalServer32\ = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\GRAPH.EXE\" /automation"	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID\ = "MSGraph.Application.8"	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\Implemented Categories	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}\	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocHandler32	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID\ = "MSGraph.Application"	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2620	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
Token: SeIncBasePriorityPrivilege	2620	4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe

C:\Users\Admin\AppData\Local\Temp\4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe
"C:\Users\Admin\AppData\Local\Temp\4c69fe8b2029203c70aac3215209f73a96e059fb567df7dd70e298c974c152aa.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

Filesize
4.7MB

MD5
e98e9a14b62f3d80f13d084454642a2d

SHA1
e6b0aa6aaea4f3c533d5ec044264f251db47bba9

SHA256
425167c05cf6210e0fbd18b3ebc6761b86dc00c1307ba1c8f0743c9a582b1c2a

SHA512
572ae75a11e5bbd3a6a021d0002c23dec92f1f6fc4d2f220795a8de193c61f71de218132e9b4b8deaccd46fb9a0dd58256939102cbeeeaf20010dc4fc666a8e0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
4.8MB

MD5
c7edda9b9cc607d17b5b14235f0c4548

SHA1
3b20e448c6907477b9981013797ea3bb531cd6bc

SHA256
62ea38f74a98fb7e2600d350a754fc1c84880505802fcaa3133d297bc31c1efb

SHA512
82d59ef6e2f9a369cc2f85a5885ddf780b59309f718f953af2c50e99e007ba3b244d49ff637fe32967377cc0e90a780bb134a3de0f9e69ffac8f83811ccefe0f

Download Submit
memory/2620-0-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2620-2-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download
memory/2620-8-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download
memory/2620-11-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2620-12-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2620-13-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download
memory/2620-40-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download
memory/2620-39-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download
memory/2620-95-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2620-107-0x00000000049C0000-0x0000000004BCC000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads