banload | 2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Size

2.3MB
MD5

b4796495b577a73ee48273bb207d23b0
SHA1

df5bcaf21843977a211aa805e369025d0f01faaf
SHA256

2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9
SHA512

3fac0de7c6450be2b8a2cd7654b5884717d98878ea1639902146a8ac4e323985efd652fef67fa54f6f58cd8314f234c562cf5336789400691189dd81d8e43fc9
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3xt:RF8QUitE4iLqaPWGnEvr

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

Renames multiple (224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\AppID = "{03837503-098b-11d8-9414-505054503030}"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\TypeLib\ = "{03837500-098B-11D8-9414-505054503030}"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID\ = "PLA.LegacyTraceSessionCollection.1"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\Version\ = "1.0"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID\ = "PLA.LegacyTraceSessionCollection"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ThreadingModel = "both"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ = "%SystemRoot%\\SysWow64\\pla.dll"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\LocalServer32	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\Version	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\TypeLib	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "LegacyTraceSessionCollection"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\LocalServer32\ = "%SystemRoot%\\SysWow64\\plasrv.exe"	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2308	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
Token: SeIncBasePriorityPrivilege	2308	2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe

C:\Users\Admin\AppData\Local\Temp\2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe
"C:\Users\Admin\AppData\Local\Temp\2124b6cca004397d893eff47393bb82351152f5a3a7bfb5212fdadcc07d987c9.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
2.4MB

MD5
2241277c79c4637c77f8fba5d7ac18fc

SHA1
c1d0019bdf01a55c8a98dc7281dda70c012f0746

SHA256
303503c1b1195f7ce3d3eafda983c9abbda893c952656fe28a96be14d2b65f23

SHA512
6f29f36dfbec12100023218fe080d3629332d29e8471baa34bdc9c0a51d363c8eba291b9886808edd1fa7c9b4a7ca14fc008ad24bc55d2be593338d0eb9f9a11

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
2.4MB

MD5
12930536c95a1cf3843fc0309dd54654

SHA1
1a47a7a4d55eb04e00b55d692e4596b7e43df310

SHA256
82b997d438ec4674f59968070f220d231227e025c9786c0ddcd96e5b3deec1ec

SHA512
02741d0956ce2d5f0b343c4dc6163987f92a48006473e96a0464d003959a0532729479e7efe155ccc152a920c6ac6e4eb9b44015cb206328a3c848cb3a706283

Download Submit
memory/2308-0-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2308-1-0x0000000003060000-0x000000000326C000-memory.dmp

Filesize
2.0MB

Download
memory/2308-8-0x0000000003060000-0x000000000326C000-memory.dmp

Filesize
2.0MB

Download
memory/2308-11-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2308-13-0x0000000003060000-0x000000000326C000-memory.dmp

Filesize
2.0MB

Download
memory/2308-12-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2308-27-0x0000000003060000-0x000000000326C000-memory.dmp

Filesize
2.0MB

Download
memory/2308-51-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2308-61-0x0000000003060000-0x000000000326C000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads