modiloader | 5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602

Analysis

max time kernel
121s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602.doc
Size

51KB
MD5

1be2a4992097f506fd7ddb85625c2f1e
SHA1

f197c2aa2c4c1dd1059d04309b22359d46fec69b
SHA256

5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602
SHA512

02772db9177dbd1152740078b276b33d3ef79943d6057725da800b7f16af4cda8deb666a42013e8569a36ec4a57739056e496b14c9bb229e01c154c7ea19f5ea
SSDEEP

384:Gp0xfMDVBv2xv8R8dFMjNCC4iKncEOqO6tJiSsqdg1vA9tz1/tfxP0jGaHfZtyga:GkUDrMOgPyU+1o9tlt1ha//vOFl

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 54 IoCs

resource	yara_rule
behavioral2/memory/4004-48-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-72-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-70-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-71-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-73-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-86-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-77-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-85-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-84-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-83-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-76-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-82-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-75-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-80-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-74-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-79-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-78-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-104-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-103-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-123-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-121-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-120-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-119-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-118-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-117-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-116-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-91-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-114-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-113-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-111-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-109-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-108-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-107-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-106-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-105-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-102-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-101-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-122-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-96-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-94-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-93-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-115-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-90-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-112-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-110-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-88-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-87-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-100-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-99-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-98-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-97-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-81-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-92-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2
behavioral2/memory/4004-89-0x0000000002940000-0x0000000003940000-memory.dmp	modiloader_stage2

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4004	brightness.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	4004	WerFault.exe	88

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	brightness.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2632	WINWORD.EXE
2632	WINWORD.EXE

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE
2632	WINWORD.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 4004	2632	WINWORD.EXE	88
PID 2632 wrote to memory of 4004	2632	WINWORD.EXE	88
PID 2632 wrote to memory of 4004	2632	WINWORD.EXE	88

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Users\Admin\AppData\Local\Temp\brightness.exe
  C:\Users\Admin\AppData\Local\Temp\brightness.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 2092
    3⤵
    - Program crash
    PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4004 -ip 4004
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD6FD5.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\brightness.exe

Filesize
1.1MB

MD5
bf9b75adf866583299dbc8a5fad66cfc

SHA1
377f83f54d1226a181f265557804001cb9deee6a

SHA256
1bec44aa19ea8daa0b7151b312975f3f753e03f0bbce5ebeab8dfda5fb736a91

SHA512
384b92d7ecbd8c5242815cb8ec6bce0096412d2f558c61c4c91a5aff38d3da8cf297d40362b91c1f4620d02700954fbee71519e4735ee4bd17413ee491220fd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
12B

MD5
f6f801e5b0502f5e803ed826dd37ae44

SHA1
273e87aa518397186653443c0c3e81d574361708

SHA256
e7bcd23ba708556ee69f96050dc7e74f9dab95825bfab48bcea7fd8fac482fd1

SHA512
8fe0217b9c7f9331664dc4259c7924b9c7e5e145f0b795ec98d713e41a2e3d001014b3ac41071fe41447632ddbfbbefc8c7d6de8fa9faeca455a0a78575e5584

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
6e2cc8745bd190fa1f5c54fa2f1f0473

SHA1
a2e8d985bc487184066ca7e821c817e63340b297

SHA256
b1b173fa96015acf1f72596636c6fe846f98832bc7c6c15425c7a40c9aa457e6

SHA512
d7bf124e40d982723512bb3d06ed4a09411a2a621012efd8a2b83516e09f3e7e4f29e747f98d83ed9dda2025b6aec10fccfea1964c5d2b6092b42aeb0fa9e70c

Download Submit
memory/2632-15-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-19-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-4-0x00007FFE220F0000-0x00007FFE22100000-memory.dmp

Filesize
64KB

Download
memory/2632-3-0x00007FFE220F0000-0x00007FFE22100000-memory.dmp

Filesize
64KB

Download
memory/2632-2-0x00007FFE220F0000-0x00007FFE22100000-memory.dmp

Filesize
64KB

Download
memory/2632-6-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-7-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-10-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-13-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-12-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-14-0x00007FFE1FA60000-0x00007FFE1FA70000-memory.dmp

Filesize
64KB

Download
memory/2632-11-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-1-0x00007FFE6210D000-0x00007FFE6210E000-memory.dmp

Filesize
4KB

Download
memory/2632-9-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-8-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-5-0x00007FFE220F0000-0x00007FFE22100000-memory.dmp

Filesize
64KB

Download
memory/2632-21-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-22-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-20-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-18-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-17-0x00007FFE1FA60000-0x00007FFE1FA70000-memory.dmp

Filesize
64KB

Download
memory/2632-16-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-35-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-36-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-42-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-50-0x00007FFE6210D000-0x00007FFE6210E000-memory.dmp

Filesize
4KB

Download
memory/2632-51-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-63-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-67-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-68-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/2632-0-0x00007FFE220F0000-0x00007FFE22100000-memory.dmp

Filesize
64KB

Download
memory/4004-76-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-113-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-72-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-70-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-71-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-73-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-86-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-77-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-85-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-84-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-83-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-47-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-82-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-75-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-80-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-74-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-79-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-78-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-104-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-103-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-123-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-121-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-120-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-119-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-118-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-117-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-116-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-91-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-114-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-48-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-111-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-109-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-162-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download
memory/4004-108-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-107-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-106-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-105-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-102-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-101-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-122-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-96-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-94-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-93-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-115-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-90-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-112-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-110-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-88-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-87-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-100-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-99-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-98-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-97-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-95-0x0000000000400000-0x0000000000524000-memory.dmp

Filesize
1.1MB

Download
memory/4004-81-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-92-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-89-0x0000000002940000-0x0000000003940000-memory.dmp

Filesize
16.0MB

Download
memory/4004-46-0x00007FFE62070000-0x00007FFE62265000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads