mydoom | 17fadd38842cfbece374f2e8cbddb54ad0fd02e03d8b991038bf176e7cfa565e

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Size

28KB
MD5

66fdc83e89d0fa55294e2c19b851fa74
SHA1

6625574bb8f90c03c03ff46c78821ba02011c617
SHA256

17fadd38842cfbece374f2e8cbddb54ad0fd02e03d8b991038bf176e7cfa565e
SHA512

715bda6862564a973c9f2c89261d58c1cf36079a3327ec7e0013e646e2b714e96904a0fb0a57c26ed467fb31b4287d49545149d963eda6f5db0c3fcd46c70c7d
SSDEEP

384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNBJ7:Dv8IRRdsxq1DjJcqfK9

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 10 IoCs

resource	yara_rule
behavioral1/memory/3020-16-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-35-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-40-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-59-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-63-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-68-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-70-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-75-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-278-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom
behavioral1/memory/3020-357-0x0000000000500000-0x0000000000510000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 1 IoCs

pid	Process
3040	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3020-4-0x0000000000220000-0x0000000000228000-memory.dmp	upx
behavioral1/files/0x0009000000016cfe-9.dat	upx
behavioral1/memory/3040-10-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-16-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-18-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-29-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-35-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-40-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-41-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-51.dat	upx
behavioral1/memory/3020-59-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-60-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-63-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-64-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-68-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-69-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-71-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-75-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-76-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3040-81-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-278-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-279-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3020-357-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3040-358-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\java.exe	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
File created	C:\Windows\services.exe	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
File opened for modification	C:\Windows\java.exe	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3040	3020	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe	30
PID 3020 wrote to memory of 3040	3020	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe	30
PID 3020 wrote to memory of 3040	3020	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe	30
PID 3020 wrote to memory of 3040	3020	JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe	30

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_66fdc83e89d0fa55294e2c19b851fa74.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e47685376a33b584a3842809c889fa8b

SHA1
9d03da392287989851e80d3945d3eea313e2f5f9

SHA256
add521bb8a1a08669ef3e2c75499118ab30030a3041891c46c9b65388016b014

SHA512
585caab0970782c38e0b3958e5423ae700872a01193bcc2aff26a192accab35b841964827e4824052eddcf834f951326d8cd97040b4ada7ed6e9abfc6ddff0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00476fb82f7b6f8f29971300541fa494

SHA1
e595a5cb0dd5efe6883ddec24f11332b1637fa7a

SHA256
27a4b14185d6d35fdeacf8d373c3c40cdd25708461f560f4da57ddf012833215

SHA512
73108d9adb1e120a7c822defce4f26c056892ae455fbf14bf9fe692cbcb44b165614c594ec0322bf72f9247c517746ed98ef7e0e478717d632fc23caf4e4aa19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce0a9c5a4e02d44d8f4b5364bd37a13f

SHA1
b31006b92c4e94077f5324fb1c190145b1d77369

SHA256
c5ec8f97931df6db00f389e0d6f66b37a5c774a820a567a823d78606632d1f78

SHA512
d89da796e67c0da7fb0e422effda4dad14f7c2d8bfc78253a1dc6c0e82173c10331e4687f0661b1aff47ad0fa58e978e5aaf60bd3dc2bf348d3857479fbceec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\search[2].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab98CF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar993F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9169.tmp

Filesize
28KB

MD5
ad1af8d11531c8cf93224549edf48c81

SHA1
1250ade8b2a4c14ba480588c24eb198d8d59fe76

SHA256
ebae9461ef1d1c7b96c5adedd1f3dfacc6fb9a5ff168ef5a3b1150c11a92ef02

SHA512
128ad8d5ca4df8da7ced3e8a44f9ce50c1480bd9cedceac1b761a8c05cbbe234eb1851edcaf10725560b4f58c12f3254a49fe92d144bbb490c09d6fa679d51c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
3a110a28246fb49ef618e1bbcb6a5707

SHA1
05e410cd8250024dd30c24e0e91b66c7f8a59fd9

SHA256
c791dcabbbb6e2f85d490f5f82fbcc933dba5f37922ff3b58d7c969caa19d0e2

SHA512
743f1d57c7356a9f8ed33d053affab6f116f025293aff44d04b6b8bf69fb308586462189808a94d41d025652d35a28ba311fe8c7bd84eca58b2461eba6626add

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
02ef10421df3399a9cdc40cb95da1e34

SHA1
e788f882cb73757faa993079c9938ee713b899c4

SHA256
d37d808afb80cfd0edd3fb937d05134d52f4e3fc358a9de335e1e7a9f9cc19e5

SHA512
0014b65b88129d5042a96bf87f12861e4f0912e41926b97354691ec31cf3356e119d4ca234fc4b1b10c9c2e7dcd0fca3a3153371aaf69c1ac5fb993326040435

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/3020-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-357-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-40-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-35-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-278-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-4-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/3020-59-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-63-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-68-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-75-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3040-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-71-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-69-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-76-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-81-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-64-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-41-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-29-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-279-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-10-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3040-358-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads