modiloader | 7977ee7a05a814e726e1b6e9d1747ff3ad84495d15a45d3f5ca59d20a9e8d383

Analysis

max time kernel
113s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Inquiry List.doc
Size

143KB
MD5

3aa187a17e25bd67e3026b0e064fd308
SHA1

6edae74a7702bd0e0f346973f20fadb6498f57a0
SHA256

7977ee7a05a814e726e1b6e9d1747ff3ad84495d15a45d3f5ca59d20a9e8d383
SHA512

1f5bf5029b1cc058ff3b63b4345ca74a3f8098070e817f0ca8365f41afd3be206d1261907bca1fffee6457c853251f7ecf129ea6d68ec110fa30ee2e14674d7b
SSDEEP

1536:f7dgmjjy2lQkySTUb2roegTK+g9WomfaQjSqttJnkL5mS9kBwNR42qte1:fZPjbTU+J799IjSqtteL5N9kBF20

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 54 IoCs

resource	yara_rule
behavioral2/memory/2836-39-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-73-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-93-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-80-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-79-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-78-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-76-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-75-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-74-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-72-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-71-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-77-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-70-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-68-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-69-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-95-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-121-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-120-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-118-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-117-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-116-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-115-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-114-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-113-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-112-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-111-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-109-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-102-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-101-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-100-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-98-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-96-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-119-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-92-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-91-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-90-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-89-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-88-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-110-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-87-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-108-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-107-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-106-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-86-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-105-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-104-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-85-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-103-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-84-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-83-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-99-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-82-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-97-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2
behavioral2/memory/2836-81-0x0000000002B10000-0x0000000003B10000-memory.dmp	modiloader_stage2

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2836	brightness.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	2836	WerFault.exe	87

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	brightness.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	10	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4692	WINWORD.EXE
4692	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4692	WINWORD.EXE
4692	WINWORD.EXE
4692	WINWORD.EXE
4692	WINWORD.EXE
4692	WINWORD.EXE
4692	WINWORD.EXE
4692	WINWORD.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 2836	4692	WINWORD.EXE	87
PID 4692 wrote to memory of 2836	4692	WINWORD.EXE	87
PID 4692 wrote to memory of 2836	4692	WINWORD.EXE	87

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Inquiry List.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Users\Admin\AppData\Local\Temp\brightness.exe
  C:\Users\Admin\AppData\Local\Temp\brightness.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 2084
    3⤵
    - Program crash
    PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2836 -ip 2836
1⤵
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD7246.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\brightness.exe

Filesize
958KB

MD5
2259c943023426384e455139d63a0512

SHA1
6887f434c4fd214de7065b6dbcaabdfb7e48c464

SHA256
80bd5d37d851dc02ff3777786a27575787ff6742839ddbe451403c6939f56a9f

SHA512
4c6743fe5af8665dda3e50dfa2b3fc195803c1ef1ba790b12c5ffbd13e462fdc90ec2ab0970932385083b4ade51160c78ac4943c9910aab8f251fca62ad80229

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
f32a3f521b35ceedef2cd14d72ce8618

SHA1
bd69348b8ed1b71e89da01432df0c9173eaf4223

SHA256
d8cee31eee7a958e80f707a64badbbb998bffe89363f15f10da0b02a8fa866bf

SHA512
cd8e3eb439cf029f2e3b0e6723f9267b6d0267978b2323741466f96e91fc9c07f97e392cfb37ef69779012e8ec2583fbcd9a84c9d0436654862379482c33fd88

Download Submit
memory/2836-96-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-100-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-81-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-97-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-82-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-99-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-83-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-84-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-103-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-85-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-104-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-105-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-86-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-106-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-107-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-34-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/2836-39-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-38-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-108-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-87-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-71-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-110-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-88-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-89-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-90-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-91-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-92-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-119-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-98-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-115-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-72-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-101-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-102-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-167-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/2836-109-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-111-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-112-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-73-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-93-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-94-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/2836-80-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-79-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-78-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-76-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-75-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-74-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-113-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-114-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-69-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-70-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-68-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-77-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-95-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-121-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-120-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-118-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-117-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/2836-116-0x0000000002B10000-0x0000000003B10000-memory.dmp

Filesize
16.0MB

Download
memory/4692-51-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-43-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-49-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-66-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-2-0x00007FFF550B0000-0x00007FFF550C0000-memory.dmp

Filesize
64KB

Download
memory/4692-57-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-56-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-47-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-48-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-50-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-52-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-1-0x00007FFF950CD000-0x00007FFF950CE000-memory.dmp

Filesize
4KB

Download
memory/4692-53-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-54-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-55-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-7-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-45-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-46-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-44-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-42-0x00007FFF950CD000-0x00007FFF950CE000-memory.dmp

Filesize
4KB

Download
memory/4692-41-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-6-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-30-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-22-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-21-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-13-0x00007FFF53020000-0x00007FFF53030000-memory.dmp

Filesize
64KB

Download
memory/4692-12-0x00007FFF53020000-0x00007FFF53030000-memory.dmp

Filesize
64KB

Download
memory/4692-10-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-11-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-3-0x00007FFF550B0000-0x00007FFF550C0000-memory.dmp

Filesize
64KB

Download
memory/4692-4-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-5-0x00007FFF550B0000-0x00007FFF550C0000-memory.dmp

Filesize
64KB

Download
memory/4692-9-0x00007FFF95030000-0x00007FFF95225000-memory.dmp

Filesize
2.0MB

Download
memory/4692-8-0x00007FFF550B0000-0x00007FFF550C0000-memory.dmp

Filesize
64KB

Download
memory/4692-0-0x00007FFF550B0000-0x00007FFF550C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads