strrat | a3bccc2abdcddb30063ea9b359a9fe22e9924de223a55b996705305555c9c243

Analysis

max time kernel
295s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06/02/2025, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091291932.jar
Size

129KB
MD5

cfe647211a65b5140028dc1bf20dfa84
SHA1

dbdf45b544bbf75678ab4049267ad8a8930b634c
SHA256

07392a03676ebaf54187f47b8eff0208ec5e24444dcd982c8c8ec5da829b8ad7
SHA512

9dca9bb6dcaf1c10008fe46d5bdf7d0d921c2dceb738b514fa5ccbbf2a8f7cb3268a0304e969e63d1e059ae191e6e68021054a62b59a57719e58f6489e60f972
SSDEEP

3072:f/2fvhcIBmn4A9UKqNDXIrbswLKxeBg0bYXrSSIHubW/L4J:XIvhzBmnj/q6rbsmYeBv8qiZ

Score

10^/10

strrat persistence stealer trojan

Malware Config

Signatures

STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
trojan stealer strrat
Strrat family
strrat

Loads dropped DLL 1 IoCs

pid	Process
1824	java.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\091291932 = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\091291932.jar\""	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\091291932 = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\091291932.jar\""	java.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
40	ip-api.com

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
720	schtasks.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3432	WMIC.exe
Token: SeSecurityPrivilege	3432	WMIC.exe
Token: SeTakeOwnershipPrivilege	3432	WMIC.exe
Token: SeLoadDriverPrivilege	3432	WMIC.exe
Token: SeSystemProfilePrivilege	3432	WMIC.exe
Token: SeSystemtimePrivilege	3432	WMIC.exe
Token: SeProfSingleProcessPrivilege	3432	WMIC.exe
Token: SeIncBasePriorityPrivilege	3432	WMIC.exe
Token: SeCreatePagefilePrivilege	3432	WMIC.exe
Token: SeBackupPrivilege	3432	WMIC.exe
Token: SeRestorePrivilege	3432	WMIC.exe
Token: SeShutdownPrivilege	3432	WMIC.exe
Token: SeDebugPrivilege	3432	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3432	WMIC.exe
Token: SeRemoteShutdownPrivilege	3432	WMIC.exe
Token: SeUndockPrivilege	3432	WMIC.exe
Token: SeManageVolumePrivilege	3432	WMIC.exe
Token: 33	3432	WMIC.exe
Token: 34	3432	WMIC.exe
Token: 35	3432	WMIC.exe
Token: 36	3432	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3432	WMIC.exe
Token: SeSecurityPrivilege	3432	WMIC.exe
Token: SeTakeOwnershipPrivilege	3432	WMIC.exe
Token: SeLoadDriverPrivilege	3432	WMIC.exe
Token: SeSystemProfilePrivilege	3432	WMIC.exe
Token: SeSystemtimePrivilege	3432	WMIC.exe
Token: SeProfSingleProcessPrivilege	3432	WMIC.exe
Token: SeIncBasePriorityPrivilege	3432	WMIC.exe
Token: SeCreatePagefilePrivilege	3432	WMIC.exe
Token: SeBackupPrivilege	3432	WMIC.exe
Token: SeRestorePrivilege	3432	WMIC.exe
Token: SeShutdownPrivilege	3432	WMIC.exe
Token: SeDebugPrivilege	3432	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3432	WMIC.exe
Token: SeRemoteShutdownPrivilege	3432	WMIC.exe
Token: SeUndockPrivilege	3432	WMIC.exe
Token: SeManageVolumePrivilege	3432	WMIC.exe
Token: 33	3432	WMIC.exe
Token: 34	3432	WMIC.exe
Token: 35	3432	WMIC.exe
Token: 36	3432	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4272	WMIC.exe
Token: SeSecurityPrivilege	4272	WMIC.exe
Token: SeTakeOwnershipPrivilege	4272	WMIC.exe
Token: SeLoadDriverPrivilege	4272	WMIC.exe
Token: SeSystemProfilePrivilege	4272	WMIC.exe
Token: SeSystemtimePrivilege	4272	WMIC.exe
Token: SeProfSingleProcessPrivilege	4272	WMIC.exe
Token: SeIncBasePriorityPrivilege	4272	WMIC.exe
Token: SeCreatePagefilePrivilege	4272	WMIC.exe
Token: SeBackupPrivilege	4272	WMIC.exe
Token: SeRestorePrivilege	4272	WMIC.exe
Token: SeShutdownPrivilege	4272	WMIC.exe
Token: SeDebugPrivilege	4272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4272	WMIC.exe
Token: SeRemoteShutdownPrivilege	4272	WMIC.exe
Token: SeUndockPrivilege	4272	WMIC.exe
Token: SeManageVolumePrivilege	4272	WMIC.exe
Token: 33	4272	WMIC.exe
Token: 34	4272	WMIC.exe
Token: 35	4272	WMIC.exe
Token: 36	4272	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4272	WMIC.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2676	4872	java.exe	96
PID 4872 wrote to memory of 2676	4872	java.exe	96
PID 4476 wrote to memory of 720	4476	cmd.exe	102
PID 4476 wrote to memory of 720	4476	cmd.exe	102
PID 1824 wrote to memory of 2376	1824	java.exe	103
PID 1824 wrote to memory of 2376	1824	java.exe	103
PID 2376 wrote to memory of 3432	2376	cmd.exe	105
PID 2376 wrote to memory of 3432	2376	cmd.exe	105
PID 1824 wrote to memory of 2392	1824	java.exe	106
PID 1824 wrote to memory of 2392	1824	java.exe	106
PID 2392 wrote to memory of 4272	2392	cmd.exe	108
PID 2392 wrote to memory of 4272	2392	cmd.exe	108
PID 1824 wrote to memory of 2832	1824	java.exe	109
PID 1824 wrote to memory of 2832	1824	java.exe	109
PID 2832 wrote to memory of 2848	2832	cmd.exe	111
PID 2832 wrote to memory of 2848	2832	cmd.exe	111
PID 1824 wrote to memory of 2380	1824	java.exe	112
PID 1824 wrote to memory of 2380	1824	java.exe	112
PID 2380 wrote to memory of 2528	2380	cmd.exe	114
PID 2380 wrote to memory of 2528	2380	cmd.exe	114

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\091291932.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\091291932.jar"
  2⤵
  - Adds Run key to start application
  PID:2676
- - C:\Windows\SYSTEM32\cmd.exe
    cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\091291932.jar"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Windows\system32\schtasks.exe
      schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\091291932.jar"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:720
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\091291932.jar"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1824
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2376
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3432
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2392
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4272
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list
        5⤵
        
        PID:2848
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list
        5⤵
        
        PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
520dff03b305f259d0519f81588462c4

SHA1
c0d9205cf10e0e031801e4a02c36390212f0345b

SHA256
5d3d4648f4f770423ce7ba944328cd61c2d4f4a8af7d392f1f7749a9764f0012

SHA512
4398cd789afd8e4726e939660000b6704dc30d77ec9d607b888ef0002fbdec550665070cf5213946f907a079dd507a7b88e25c37666d16fa23c8c0e94e8e6039

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna7010706764556412202.dll

Filesize
241KB

MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2089655958-977706906-1981639424-1000\83aa4cc77f591dfc2374580bbd95f6ba_bfc54fb9-d779-4763-84c8-34d8d411096a

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1824-226-0x000001B0DA800000-0x000001B0DA801000-memory.dmp

Filesize
4KB

Download
memory/1824-235-0x000001B0DA800000-0x000001B0DA801000-memory.dmp

Filesize
4KB

Download
memory/1824-236-0x000001B0DA800000-0x000001B0DA801000-memory.dmp

Filesize
4KB

Download
memory/4872-105-0x00000200A30E0000-0x00000200A30F0000-memory.dmp

Filesize
64KB

Download
memory/4872-64-0x00000200A2FC0000-0x00000200A2FD0000-memory.dmp

Filesize
64KB

Download
memory/4872-16-0x00000200A2F60000-0x00000200A2F70000-memory.dmp

Filesize
64KB

Download
memory/4872-20-0x00000200A2F80000-0x00000200A2F90000-memory.dmp

Filesize
64KB

Download
memory/4872-19-0x00000200A2F70000-0x00000200A2F80000-memory.dmp

Filesize
64KB

Download
memory/4872-23-0x00000200A2F90000-0x00000200A2FA0000-memory.dmp

Filesize
64KB

Download
memory/4872-25-0x00000200A2FA0000-0x00000200A2FB0000-memory.dmp

Filesize
64KB

Download
memory/4872-26-0x00000200A2FB0000-0x00000200A2FC0000-memory.dmp

Filesize
64KB

Download
memory/4872-33-0x00000200A2FC0000-0x00000200A2FD0000-memory.dmp

Filesize
64KB

Download
memory/4872-35-0x00000200A2CD0000-0x00000200A2F40000-memory.dmp

Filesize
2.4MB

Download
memory/4872-38-0x00000200A2FE0000-0x00000200A2FF0000-memory.dmp

Filesize
64KB

Download
memory/4872-41-0x00000200A2FF0000-0x00000200A3000000-memory.dmp

Filesize
64KB

Download
memory/4872-40-0x00000200A2F50000-0x00000200A2F60000-memory.dmp

Filesize
64KB

Download
memory/4872-37-0x00000200A2F40000-0x00000200A2F50000-memory.dmp

Filesize
64KB

Download
memory/4872-36-0x00000200A2FD0000-0x00000200A2FE0000-memory.dmp

Filesize
64KB

Download
memory/4872-42-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-45-0x00000200A3000000-0x00000200A3010000-memory.dmp

Filesize
64KB

Download
memory/4872-44-0x00000200A2F60000-0x00000200A2F70000-memory.dmp

Filesize
64KB

Download
memory/4872-49-0x00000200A3010000-0x00000200A3020000-memory.dmp

Filesize
64KB

Download
memory/4872-48-0x00000200A2F80000-0x00000200A2F90000-memory.dmp

Filesize
64KB

Download
memory/4872-47-0x00000200A2F70000-0x00000200A2F80000-memory.dmp

Filesize
64KB

Download
memory/4872-55-0x00000200A3030000-0x00000200A3040000-memory.dmp

Filesize
64KB

Download
memory/4872-54-0x00000200A3020000-0x00000200A3030000-memory.dmp

Filesize
64KB

Download
memory/4872-57-0x00000200A3040000-0x00000200A3050000-memory.dmp

Filesize
64KB

Download
memory/4872-56-0x00000200A2FA0000-0x00000200A2FB0000-memory.dmp

Filesize
64KB

Download
memory/4872-53-0x00000200A2F90000-0x00000200A2FA0000-memory.dmp

Filesize
64KB

Download
memory/4872-60-0x00000200A2FB0000-0x00000200A2FC0000-memory.dmp

Filesize
64KB

Download
memory/4872-61-0x00000200A3050000-0x00000200A3060000-memory.dmp

Filesize
64KB

Download
memory/4872-111-0x00000200A3070000-0x00000200A3080000-memory.dmp

Filesize
64KB

Download
memory/4872-67-0x00000200A3060000-0x00000200A3070000-memory.dmp

Filesize
64KB

Download
memory/4872-66-0x00000200A2FD0000-0x00000200A2FE0000-memory.dmp

Filesize
64KB

Download
memory/4872-71-0x00000200A2FE0000-0x00000200A2FF0000-memory.dmp

Filesize
64KB

Download
memory/4872-73-0x00000200A3070000-0x00000200A3080000-memory.dmp

Filesize
64KB

Download
memory/4872-76-0x00000200A3080000-0x00000200A3090000-memory.dmp

Filesize
64KB

Download
memory/4872-75-0x00000200A2FF0000-0x00000200A3000000-memory.dmp

Filesize
64KB

Download
memory/4872-79-0x00000200A3090000-0x00000200A30A0000-memory.dmp

Filesize
64KB

Download
memory/4872-78-0x00000200A3000000-0x00000200A3010000-memory.dmp

Filesize
64KB

Download
memory/4872-83-0x00000200A30A0000-0x00000200A30B0000-memory.dmp

Filesize
64KB

Download
memory/4872-114-0x00000200A30F0000-0x00000200A3100000-memory.dmp

Filesize
64KB

Download
memory/4872-84-0x00000200A3020000-0x00000200A3030000-memory.dmp

Filesize
64KB

Download
memory/4872-86-0x00000200A30B0000-0x00000200A30C0000-memory.dmp

Filesize
64KB

Download
memory/4872-85-0x00000200A3030000-0x00000200A3040000-memory.dmp

Filesize
64KB

Download
memory/4872-88-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-89-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-90-0x00000200A3040000-0x00000200A3050000-memory.dmp

Filesize
64KB

Download
memory/4872-93-0x00000200A30C0000-0x00000200A30D0000-memory.dmp

Filesize
64KB

Download
memory/4872-110-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-94-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-95-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-100-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-104-0x00000200A30D0000-0x00000200A30E0000-memory.dmp

Filesize
64KB

Download
memory/4872-106-0x00000200A3060000-0x00000200A3070000-memory.dmp

Filesize
64KB

Download
memory/4872-12-0x00000200A2F40000-0x00000200A2F50000-memory.dmp

Filesize
64KB

Download
memory/4872-108-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-92-0x00000200A3050000-0x00000200A3060000-memory.dmp

Filesize
64KB

Download
memory/4872-14-0x00000200A2F50000-0x00000200A2F60000-memory.dmp

Filesize
64KB

Download
memory/4872-82-0x00000200A3010000-0x00000200A3020000-memory.dmp

Filesize
64KB

Download
memory/4872-116-0x00000200A3080000-0x00000200A3090000-memory.dmp

Filesize
64KB

Download
memory/4872-117-0x00000200A3100000-0x00000200A3110000-memory.dmp

Filesize
64KB

Download
memory/4872-118-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-121-0x00000200A3110000-0x00000200A3120000-memory.dmp

Filesize
64KB

Download
memory/4872-120-0x00000200A3090000-0x00000200A30A0000-memory.dmp

Filesize
64KB

Download
memory/4872-124-0x00000200A3120000-0x00000200A3130000-memory.dmp

Filesize
64KB

Download
memory/4872-123-0x00000200A30A0000-0x00000200A30B0000-memory.dmp

Filesize
64KB

Download
memory/4872-126-0x00000200A30B0000-0x00000200A30C0000-memory.dmp

Filesize
64KB

Download
memory/4872-127-0x00000200A3130000-0x00000200A3140000-memory.dmp

Filesize
64KB

Download
memory/4872-129-0x00000200A3140000-0x00000200A3150000-memory.dmp

Filesize
64KB

Download
memory/4872-131-0x00000200A3150000-0x00000200A3160000-memory.dmp

Filesize
64KB

Download
memory/4872-133-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-137-0x00000200A30C0000-0x00000200A30D0000-memory.dmp

Filesize
64KB

Download
memory/4872-138-0x00000200A3160000-0x00000200A3170000-memory.dmp

Filesize
64KB

Download
memory/4872-144-0x00000200A3170000-0x00000200A3180000-memory.dmp

Filesize
64KB

Download
memory/4872-142-0x00000200A30D0000-0x00000200A30E0000-memory.dmp

Filesize
64KB

Download
memory/4872-143-0x00000200A30E0000-0x00000200A30F0000-memory.dmp

Filesize
64KB

Download
memory/4872-145-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-147-0x00000200A3180000-0x00000200A3190000-memory.dmp

Filesize
64KB

Download
memory/4872-150-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-153-0x00000200A30F0000-0x00000200A3100000-memory.dmp

Filesize
64KB

Download
memory/4872-154-0x00000200A3100000-0x00000200A3110000-memory.dmp

Filesize
64KB

Download
memory/4872-155-0x00000200A3190000-0x00000200A31A0000-memory.dmp

Filesize
64KB

Download
memory/4872-156-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-159-0x00000200A3110000-0x00000200A3120000-memory.dmp

Filesize
64KB

Download
memory/4872-161-0x00000200A3120000-0x00000200A3130000-memory.dmp

Filesize
64KB

Download
memory/4872-164-0x00000200A1500000-0x00000200A1501000-memory.dmp

Filesize
4KB

Download
memory/4872-165-0x00000200A2CD0000-0x00000200A2F40000-memory.dmp

Filesize
2.4MB

Download
memory/4872-189-0x00000200A30B0000-0x00000200A30C0000-memory.dmp

Filesize
64KB

Download
memory/4872-188-0x00000200A30A0000-0x00000200A30B0000-memory.dmp

Filesize
64KB

Download
memory/4872-187-0x00000200A3090000-0x00000200A30A0000-memory.dmp

Filesize
64KB

Download
memory/4872-186-0x00000200A3080000-0x00000200A3090000-memory.dmp

Filesize
64KB

Download
memory/4872-185-0x00000200A3070000-0x00000200A3080000-memory.dmp

Filesize
64KB

Download
memory/4872-184-0x00000200A3060000-0x00000200A3070000-memory.dmp

Filesize
64KB

Download
memory/4872-183-0x00000200A3050000-0x00000200A3060000-memory.dmp

Filesize
64KB

Download
memory/4872-182-0x00000200A3040000-0x00000200A3050000-memory.dmp

Filesize
64KB

Download
memory/4872-181-0x00000200A3030000-0x00000200A3040000-memory.dmp

Filesize
64KB

Download
memory/4872-180-0x00000200A3020000-0x00000200A3030000-memory.dmp

Filesize
64KB

Download
memory/4872-179-0x00000200A3010000-0x00000200A3020000-memory.dmp

Filesize
64KB

Download
memory/4872-178-0x00000200A3000000-0x00000200A3010000-memory.dmp

Filesize
64KB

Download
memory/4872-177-0x00000200A2FF0000-0x00000200A3000000-memory.dmp

Filesize
64KB

Download
memory/4872-167-0x00000200A2F50000-0x00000200A2F60000-memory.dmp

Filesize
64KB

Download
memory/4872-176-0x00000200A2F90000-0x00000200A2FA0000-memory.dmp

Filesize
64KB

Download
memory/4872-175-0x00000200A2FD0000-0x00000200A2FE0000-memory.dmp

Filesize
64KB

Download
memory/4872-174-0x00000200A2FC0000-0x00000200A2FD0000-memory.dmp

Filesize
64KB

Download
memory/4872-173-0x00000200A2FB0000-0x00000200A2FC0000-memory.dmp

Filesize
64KB

Download
memory/4872-172-0x00000200A2FA0000-0x00000200A2FB0000-memory.dmp

Filesize
64KB

Download
memory/4872-2-0x00000200A2CD0000-0x00000200A2F40000-memory.dmp

Filesize
2.4MB

Download
memory/4872-171-0x00000200A2FE0000-0x00000200A2FF0000-memory.dmp

Filesize
64KB

Download
memory/4872-170-0x00000200A2F80000-0x00000200A2F90000-memory.dmp

Filesize
64KB

Download
memory/4872-169-0x00000200A2F70000-0x00000200A2F80000-memory.dmp

Filesize
64KB

Download
memory/4872-168-0x00000200A2F60000-0x00000200A2F70000-memory.dmp

Filesize
64KB

Download
memory/4872-166-0x00000200A2F40000-0x00000200A2F50000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads