gozi | ae98342ed899c8ec2d468cf675508e46039af9db21ecf52c82341d5a4deaf436

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4.dll
Size

937KB
MD5

b8bb6c8467092ef368e68446e68415ec
SHA1

9d0588bd231af048ba576216a158ad261a41d242
SHA256

900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4
SHA512

d5b7289a3c99b00830553a6b81afc252d760b7e1bdf9c54a44795a2b2bf9a86f5d1c04f6e9a4323991c06e45173f8854b09c9b1eec02c43d5e9454e6b044b9ce
SSDEEP

24576:HQfpzjXPgfM8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgQJV4OaIRj150CpNiLi

Score

10^/10

gozi 4500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4500

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi
Gozi family
gozi

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ielowutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 58 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151214"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404182f26e54db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d00000000020000000000106600000001000020000000c31f1e4ff9660940725f11f248b394f22717b270fe5a56a40e7f5701da2fea70000000000e8000000002000020000000d0c1758f3112decb78b103957b956e60dd5f643ece66c3ad670ae17bd2b032d52000000035d3cd1a8efd8ad4e7c0cd0f97cc071f4671404ddab3c5ad636f82d4e18011ac40000000d74a791782e5c0883c7b94bc009b26b65dd4bcf9522c61f1473c3bd07a0bf30bbda88d57b3a284bf4790db01d3638bf0ca775bb621342e8b476cc33d128111fe	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3C7ECD92-C062-11EF-BEF1-520873AEBE93} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0de71ff6e54db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d00000000020000000000106600000001000020000000d3d5e833ab363ca7a4f7ba598dd7c9aa9042125e93737ab40584d4de484b07a6000000000e8000000002000020000000049069e45951334b5617021ef3d2a185aa13cdeb6703ef986089672ded3e21fb20000000119ad725b42d8f960c888357a1399b2ce8a0a399867231e8d43c58369041502f400000009a45734fb1adee233f74db03072b01a061f416c7730db026bfcae0c38cdac35460730c29c070b80acc2b53cab71812f6b653e164e447b760051367c6d201f1b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3945191991"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c3a2eb6e54db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d0000000002000000000010660000000100002000000088d77b4ec141cdf772013e7cbf4dfa12589ef1a1c61151cbd08226a2ec6b0e0f000000000e800000000200002000000037833a6ea381f30ecce57fb1548e52778150edbf316c3fa45475b2a39c5f182020000000aac6fd74d090ff4eff9d9b2768b1fc255128594812527d561e4cd479ba871f6840000000dae8a8afdc2db9ecf7d2872170e7678d015745b20b50792378602d5c6b592ca63b08b081a75749a6cd0dd104857ad30002cb5d0fdf39d2986cda87fe7aa91332	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0089eeb6e54db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3945191991"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31151214"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{16AF00A0-C062-11EF-BEF1-520873AEBE93} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2F98B604-C062-11EF-BEF1-520873AEBE93} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c88e6291f50dd448b150439a5f2f5a3d00000000020000000000106600000001000020000000c54ed8e1672c6cb01d2b4082323a0536e097c65c61b243ed561232ceba878171000000000e8000000002000020000000f0d93adf5deedc1b3d01060b6bd7fd6be20fb2a363dbc8c1e3714463463038b1200000006e4cfdd562c2860d609df1db17c9c7388d9b252abd877633eebafeb02cd0c8cc400000005045683e03eb25a3882202e5979de6a33eb2f9122d44f7269fab0e650b7d47fc2a2a199d519489dba5d65ba345f7fcdf10bd4b9373f2c42b25d2e0aabc2f1066	iexplore.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1480	iexplore.exe
2920	iexplore.exe
3868	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1480	iexplore.exe
1480	iexplore.exe
4072	IEXPLORE.EXE
4072	IEXPLORE.EXE
2920	iexplore.exe
2920	iexplore.exe
4036	IEXPLORE.EXE
4036	IEXPLORE.EXE
3868	iexplore.exe
3868	iexplore.exe
4352	IEXPLORE.EXE
4352	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 4488	2680	rundll32.exe	82
PID 2680 wrote to memory of 4488	2680	rundll32.exe	82
PID 2680 wrote to memory of 4488	2680	rundll32.exe	82
PID 4488 wrote to memory of 5024	4488	rundll32.exe	83
PID 4488 wrote to memory of 5024	4488	rundll32.exe	83
PID 4488 wrote to memory of 5024	4488	rundll32.exe	83
PID 4488 wrote to memory of 972	4488	rundll32.exe	85
PID 4488 wrote to memory of 972	4488	rundll32.exe	85
PID 4488 wrote to memory of 972	4488	rundll32.exe	85
PID 1480 wrote to memory of 4072	1480	iexplore.exe	99
PID 1480 wrote to memory of 4072	1480	iexplore.exe	99
PID 1480 wrote to memory of 4072	1480	iexplore.exe	99
PID 2920 wrote to memory of 4036	2920	iexplore.exe	101
PID 2920 wrote to memory of 4036	2920	iexplore.exe	101
PID 2920 wrote to memory of 4036	2920	iexplore.exe	101
PID 3868 wrote to memory of 4352	3868	iexplore.exe	103
PID 3868 wrote to memory of 4352	3868	iexplore.exe	103
PID 3868 wrote to memory of 4352	3868	iexplore.exe	103

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cd Island
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5024
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cd Matter m
    3⤵
    - System Location Discovery: System Language Discovery
    PID:972

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:516

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1480 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4072

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4036

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3868 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DF083C7B9A590B1955.TMP

Filesize
16KB

MD5
20a777b4404876227c92202956f6f0cd

SHA1
851a4c0f563999425af76ad962010b846dbe0c9d

SHA256
e2b0accb7b5700b246778eb4c31ff8b38c36392219fb8b02c970bb23836c76ce

SHA512
ba4a165388a735db1541910ad5f4aae3111f52fd2d8027bb25cd99e20c17dac47bd36d0322f6a34bdc27c9f63e79ff7957b2417ac1e797c7e2aab421e343a6f4

Download Submit
memory/4488-0-0x0000000075618000-0x000000007561C000-memory.dmp

Filesize
16KB

Download
memory/4488-1-0x0000000075530000-0x0000000075634000-memory.dmp

Filesize
1.0MB

Download
memory/4488-2-0x0000000075530000-0x0000000075634000-memory.dmp

Filesize
1.0MB

Download
memory/4488-3-0x0000000075618000-0x000000007561C000-memory.dmp

Filesize
16KB

Download
memory/4488-4-0x0000000075530000-0x0000000075634000-memory.dmp

Filesize
1.0MB

Download
memory/4488-5-0x0000000075530000-0x0000000075634000-memory.dmp

Filesize
1.0MB

Download
memory/4488-6-0x0000000000820000-0x000000000082D000-memory.dmp

Filesize
52KB

Download
memory/4488-9-0x0000000075530000-0x0000000075634000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads