cycbot | 9d0eebe40aeedb7a33d6c93e1370a4b3a0d2c1ff7868b33f87672f4248f2d0c3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2024, 23:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
Size

168KB
MD5

e3b819b82243a8eb75673a9bb77a2aaa
SHA1

b62167d96bdb6437ec3fec596d95f5c7ce91b731
SHA256

9d0eebe40aeedb7a33d6c93e1370a4b3a0d2c1ff7868b33f87672f4248f2d0c3
SHA512

c4f2b5e467205406a0a4fb35f346152ea11972a2ade8f793b47a4e07600775fc6e80804b384d08354ee4cccd14c8cf41d0f639e241beab8ae96006b490592372
SSDEEP

3072:3w0kxfJr+HMTthTtsOkmeD0wVoCin2c2mRO0edWnecPEH/dpQji+:ExV+sT6keD7obLFne+4H/8jN

Score

10^/10

cycbot backdoor discovery persistence rat upx

Malware Config

Signatures

Cycbot
Cycbot is a backdoor and trojan written in C++..
backdoor rat cycbot
Cycbot family
cycbot

Detects Cycbot payload 5 IoCs

Cycbot is a backdoor and trojan written in C++.

resource	yara_rule
behavioral2/memory/3116-13-0x0000000000400000-0x000000000048D000-memory.dmp	family_cycbot
behavioral2/memory/3116-14-0x0000000000400000-0x0000000000490000-memory.dmp	family_cycbot
behavioral2/memory/3116-79-0x0000000000400000-0x0000000000490000-memory.dmp	family_cycbot
behavioral2/memory/4120-83-0x0000000000400000-0x0000000000490000-memory.dmp	family_cycbot
behavioral2/memory/3116-188-0x0000000000400000-0x0000000000490000-memory.dmp	family_cycbot

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe,C:\\Users\\Admin\\AppData\\Roaming\\8D398\\FCE24.exe"	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3116-2-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/3116-13-0x0000000000400000-0x000000000048D000-memory.dmp	upx
behavioral2/memory/3116-14-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/3116-79-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/4120-81-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/4120-83-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/3116-188-0x0000000000400000-0x0000000000490000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4728	4164	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 4164	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	83
PID 3116 wrote to memory of 4164	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	83
PID 3116 wrote to memory of 4164	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	83
PID 3116 wrote to memory of 4120	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	88
PID 3116 wrote to memory of 4120	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	88
PID 3116 wrote to memory of 4120	3116	e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe startC:\Program Files (x86)\LP\24B8\C25.exe%C:\Program Files (x86)\LP\24B8
  2⤵
  PID:4164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 496
    3⤵
    - Program crash
    PID:4728
- C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe startC:\Program Files (x86)\98B52\lvvm.exe%C:\Program Files (x86)\98B52
  2⤵
  PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4164 -ip 4164
1⤵
PID:1400

Network

DNS

browsermmorpg.com

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

browsermmorpg.com

IN A

Response

browsermmorpg.com

IN A

172.66.40.218

browsermmorpg.com

IN A

172.66.43.38
GET

http://browsermmorpg.com/images/cpc.png?pr=gJ4WK%2FSUh6THhRMw9YLJqMSTUivqg4akxZNbK%2B%2FbxWq1SfkIYVBe

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

172.66.40.218:80

Request

GET /images/cpc.png?pr=gJ4WK%2FSUh6THhRMw9YLJqMSTUivqg4akxZNbK%2B%2FbxWq1SfkIYVBe HTTP/1.0
Connection: close
Host: browsermmorpg.com
Accept: */*
User-Agent: chrome/9.0

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 12 Dec 2024 12:46:24 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Cache-Control: max-age=3600
Expires: Thu, 12 Dec 2024 13:46:24 GMT
Location: https://browsermmorpg.com/images/cpc.png?pr=gJ4WK%2FSUh6THhRMw9YLJqMSTUivqg4akxZNbK%2B%2FbxWq1SfkIYVBe
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5KFjcuj%2BntrLdxOWBp476gawHF%2BVOPmt8XMbifHWcV%2BdgNIWxVRJONoSLTXOX5qihG43vWRcQolFoNmODjI3hqcUFdn1cL6nHHpDfG%2BScDtVaHXcK28uPWcHQDibO%2ByZywjbw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8f0dd12cdadee911-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=48184&min_rtt=48184&rtt_var=24092&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=175&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

218.40.66.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.40.66.172.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

seeworldonlines.com

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

seeworldonlines.com

IN A

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

ourthreedomains.com

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

ourthreedomains.com

IN A

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

ourthreedomains.com

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

ourthreedomains.com

IN A

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

www.google.com

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.164
GET

http://www.google.com/

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

172.217.20.164:80

Request

GET / HTTP/1.0
Connection: close
Host: www.google.com
Accept: */*

Response

HTTP/1.0 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNy267oGIjAYNkI0TSKzOJ2Mnzur_2yQZkHwpbXRS4VSmoor9eptwJoGEeKa1ICJcTJV7BTwTXMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsI3bbrugYQ18_TZxIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-DPMAhpkXOIOqR5eC6yYcTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Thu, 12 Dec 2024 12:47:25 GMT
Server: gws
Content-Length: 396
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-W5OqggEYp4n2V3A-uL5Vny89LhmuTond7U0JBil5DQYeOrSxhbQQ; expires=Tue, 10-Jun-2025 12:47:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

172.217.20.164:80

Request

GET / HTTP/1.1
Connection: close
Pragma: no-cache
Host: www.google.com

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGN2267oGIjA_hye-4vuoRskm208EPNWWYWoUvAitWBa_9b-DZr0hCjQJ-Qi7h0e8z0ap75GqgAIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI3bbrugYQue-EigMSBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-nFUtmlAV5pWpIx9eVJo3wA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Thu, 12 Dec 2024 12:47:25 GMT
Server: gws
Content-Length: 396
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-V0nBWYQfA9ZGHCy88XtmtZPUW1HLEqMFWRQCHxmglClYryUr7uETU; expires=Tue, 10-Jun-2025 12:47:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Connection: close
DNS

164.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.20.217.172.in-addr.arpa

IN PTR

Response

164.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f41e100net

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f164�H

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f4�H
GET

http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGN2267oGIjA_hye-4vuoRskm208EPNWWYWoUvAitWBa_9b-DZr0hCjQJ-Qi7h0e8z0ap75GqgAIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGN2267oGIjA_hye-4vuoRskm208EPNWWYWoUvAitWBa_9b-DZr0hCjQJ-Qi7h0e8z0ap75GqgAIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Connection: close
Pragma: no-cache
Host: www.google.com

Response

HTTP/1.1 429 Too Many Requests

Date: Thu, 12 Dec 2024 12:47:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3075
X-XSS-Protection: 0
Connection: close
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

104.193.132.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.193.132.51.in-addr.arpa

IN PTR

Response

172.66.40.218:80

http://browsermmorpg.com/images/cpc.png?pr=gJ4WK%2FSUh6THhRMw9YLJqMSTUivqg4akxZNbK%2B%2FbxWq1SfkIYVBe

http

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

405 B
1.3kB
5
5

HTTP Request

GET http://browsermmorpg.com/images/cpc.png?pr=gJ4WK%2FSUh6THhRMw9YLJqMSTUivqg4akxZNbK%2B%2FbxWq1SfkIYVBe

HTTP Response

301
127.0.0.1:62667
172.217.20.164:80

http://www.google.com/

http

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

302 B
1.5kB
5
5

HTTP Request

GET http://www.google.com/

HTTP Response

302
127.0.0.1:62667

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
172.217.20.164:80

http://www.google.com/

http

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

307 B
1.5kB
5
5

HTTP Request

GET http://www.google.com/

HTTP Response

302
127.0.0.1:62667

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGN2267oGIjA_hye-4vuoRskm208EPNWWYWoUvAitWBa_9b-DZr0hCjQJ-Qi7h0e8z0ap75GqgAIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

526 B
3.7kB
6
7

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGN2267oGIjA_hye-4vuoRskm208EPNWWYWoUvAitWBa_9b-DZr0hCjQJ-Qi7h0e8z0ap75GqgAIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
127.0.0.1:62667
127.0.0.1:62667

8.8.8.8:53

browsermmorpg.com

dns

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

63 B
95 B
1
1

DNS Request

browsermmorpg.com

DNS Response

172.66.40.218

172.66.43.38
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

218.40.66.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

218.40.66.172.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
224.0.0.251:5353

168 B
3
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

seeworldonlines.com

dns

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

65 B
138 B
1
1

DNS Request

seeworldonlines.com
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

ourthreedomains.com

dns

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

65 B
138 B
1
1

DNS Request

ourthreedomains.com
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

ourthreedomains.com

dns

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

65 B
138 B
1
1

DNS Request

ourthreedomains.com
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

www.google.com

dns

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.20.164
8.8.8.8:53

164.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

164.20.217.172.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

104.193.132.51.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

104.193.132.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\8D398\8B52.D39

Filesize
600B

MD5
ecc62f7367b506b10a0aaac8d4ba45be

SHA1
fef90d1a3632b7061eb1ddf9bab5fb811553c771

SHA256
2f6e3dc5ca4412f9fb9f7500d59dadd290c7fc616f9b10a967cd3c72f05b02d1

SHA512
cf74ec81a44ec8b13f91fdf891472a8098ec3348529e3752745d880ce8609b898c60c4e16356266399199982c485de01d5d50ee23adfdec6e6d8adc6a3030d85

Download Submit
C:\Users\Admin\AppData\Roaming\8D398\8B52.D39

Filesize
1KB

MD5
645a11d3f5eb5d54f50371ec3d6f8bad

SHA1
9790bb5e16e5eeb11751182dabb45af1c613e2f5

SHA256
4b253437f0c52319aebacfcb7e3502138872c41ca8a325f696f410c7ffcb5a46

SHA512
9989e3743687bd5e71704038c155fa8214f30eecbe85ecd97e41951befda66c62974d9494d11413b0b3458144775c52c857a4129a0cabafc577fb0a7c80806fa

Download Submit
C:\Users\Admin\AppData\Roaming\8D398\8B52.D39

Filesize
996B

MD5
c5d1997f02faea1b1956934622f74520

SHA1
13b7e4a4a3db439d71f8e83eab608d229f588fb2

SHA256
122fd44ea43de7d81bab4dce86c0914bb661269a7ef9a18a3f56cff33dfbde2d

SHA512
b140cd9d723180e1b20f2d4b8f8fcc1d8259843ba37a55ea6ecff076f457caaf1717dcf2213ebc3a10c1bfe8943171187ffaeacef62cc2b50ea9e521f8715a11

Download Submit
memory/3116-1-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3116-2-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/3116-13-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3116-14-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/3116-79-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/3116-188-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4120-81-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4120-83-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4164-12-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.