mydoom | f47a63a7ebd619165358567db1d0849c80b9894831d4f394fb02560c6302cd7e

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Size

28KB
MD5

46e02ad952472cdb69341350dfd66910
SHA1

4d4e5f4fdc361a78fa1720fc28455dbb04c832bf
SHA256

f47a63a7ebd619165358567db1d0849c80b9894831d4f394fb02560c6302cd7e
SHA512

12f34d23dc5385ce647f6a6957f08b61847ca59d1ee0b4d1319e1144a23bb54f6ded3b341905c867bd9af1d9ca87cb0a059f898729ecc8b097801f99ca29644e
SSDEEP

384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNKCWn:Dv8IRRdsxq1DjJcqfPb

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 8 IoCs

resource	yara_rule
behavioral1/memory/2184-16-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-35-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-56-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-60-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-65-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-72-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-96-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/2184-273-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 1 IoCs

pid	Process
1972	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-2-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2184-4-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0008000000016d04-10.dat	upx
behavioral1/memory/2184-8-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-16-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-18-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-29-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-35-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-41-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-51.dat	upx
behavioral1/memory/2184-56-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-57-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-60-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-61-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-65-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-66-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-68-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-72-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-73-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1972-78-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-96-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-97-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2184-273-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1972-274-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
File opened for modification	C:\Windows\java.exe	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
File created	C:\Windows\java.exe	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1972	2184	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe	30
PID 2184 wrote to memory of 1972	2184	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe	30
PID 2184 wrote to memory of 1972	2184	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe	30
PID 2184 wrote to memory of 1972	2184	JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe	30

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46e02ad952472cdb69341350dfd66910.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a037de5c96874828d21c686a00e1adc

SHA1
d4762d150293b1d7ecb8ad2b270ccb7e69429a30

SHA256
a452f748345fd8f2fc445d90572e12252b24dd1e743c25212fba2f4581bdd79d

SHA512
e6cd2c7f7ff046cccece1cd065e1406a80e379a4089d6b75ae8c9303ee7786f4a53e503451db01ac855bb46e5d2bc3f1224d2d6dac54ec570fc50ac7d2b8ee6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
578c4adeda8b28f74c3b58b092e37d75

SHA1
554f43faa99c2d9120a24b55adae0f0092dcfbaa

SHA256
88e14505fde238b5be4724609065fe885a6ca405c28da656a92e0659d7fae7ae

SHA512
fd91a6de15bea16c9cfb1e76689acc9a26cd5bcb00ccfc3617266428b1cf09e5cd99184a5e78e3412462de86deb8e63818b6b8143f39c33ef1a6be92b54ec168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\search[1].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E6A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9EEA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9253.tmp

Filesize
28KB

MD5
9211f40dd1a2f51acaeac7fdf2367a27

SHA1
416a1009809f43f3a8130183577a62c52e8ecb06

SHA256
ec85d6c3c1374b19840fa28de1f6eee683306dc54894daee0afea678638fdf46

SHA512
339fe26a2459f8aebd454bcaaec91ab8399105ceaf146fffe9123be39ff55c8c8b76d56d13b5ef8f58f602c4094580b5e9bc04633ce5949cdd5f063599cbe871

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
29f01c70c968e4844b2dad35afc5396a

SHA1
35d32221e518e3ba95d15b7cd66692f004e3aa6b

SHA256
31d1830d7b8a75d421303b29e3e5db450d05d0169d8872641a8dc02681638eee

SHA512
bdd3e480f2789b0e371dfb898e7fac15da5915d7c17b003b780b8d65d7c93edadcdc9796f07468f05019b825ea9b3c62dcc56504ec364d17e97ee25c3d9f355e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
16a191813b3c5eb1e56b8a48e4933fc4

SHA1
d20a44e8081155338a544303a626e201c1ec3770

SHA256
d7bef492515870ddc4041b8ddfac06f81bb70cc543edf2cf81e4a59055d601a6

SHA512
15d592438a776bd8e4b9d6f7dfc3852df30192d38f80013719692731f1e35ad0acf7eb31b1d3f4ac8a417cc8248562d7ae6f2a07a333159aa5a8b4ab70a31f7f

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1972-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-57-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-41-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-29-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-78-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-97-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-66-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-274-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1972-73-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2184-60-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-72-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-96-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-65-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-2-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-56-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-35-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2184-273-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2184-4-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads