xred | 21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
Size

790KB
MD5

34ea30e2956e159f62de5bb505607d72
SHA1

09ba2a385f12a67baa222aa5a25554cad19ee186
SHA256

21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac
SHA512

85399de642265efb1c7e1d8cbb8a55cf9d1b03c008f70286e635db0ef637640edbf1161cb0e5f88e83a5539940ff6047afcce4ac94e0fec2d7dd349252c5e6b5
SSDEEP

12288:WMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V91PzC:WnsJ39LyjbJkQFMhmC+6GD9o

Score

10^/10

xred backdoor discovery macro persistence

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Suspicious Office macro 2 IoCs

Office document equipped with macros.

macro

resource
behavioral1/files/0x001c000000016cf0-405.dat
behavioral1/files/0x001f000000016cab-440.dat

Executes dropped EXE 3 IoCs

pid	Process
2092	._cache_21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
2736	Synaptics.exe
1984	._cache_Synaptics.exe

Loads dropped DLL 7 IoCs

pid	Process
1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
2736	Synaptics.exe
2736	Synaptics.exe
2736	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2728	EXCEL.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2728	EXCEL.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2092	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	30
PID 1804 wrote to memory of 2092	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	30
PID 1804 wrote to memory of 2092	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	30
PID 1804 wrote to memory of 2092	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	30
PID 1804 wrote to memory of 2736	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	32
PID 1804 wrote to memory of 2736	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	32
PID 1804 wrote to memory of 2736	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	32
PID 1804 wrote to memory of 2736	1804	21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe	32
PID 2736 wrote to memory of 1984	2736	Synaptics.exe	33
PID 2736 wrote to memory of 1984	2736	Synaptics.exe	33
PID 2736 wrote to memory of 1984	2736	Synaptics.exe	33
PID 2736 wrote to memory of 1984	2736	Synaptics.exe	33

C:\Users\Admin\AppData\Local\Temp\21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
"C:\Users\Admin\AppData\Local\Temp\21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Users\Admin\AppData\Local\Temp\._cache_21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe"
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    PID:1984

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
790KB

MD5
34ea30e2956e159f62de5bb505607d72

SHA1
09ba2a385f12a67baa222aa5a25554cad19ee186

SHA256
21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac

SHA512
85399de642265efb1c7e1d8cbb8a55cf9d1b03c008f70286e635db0ef637640edbf1161cb0e5f88e83a5539940ff6047afcce4ac94e0fec2d7dd349252c5e6b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE

Filesize
825B

MD5
3b5e0bd6640456a749d9155e6c135727

SHA1
7d985e42e7df8cac3cf7ec917df10b9fbef09a21

SHA256
c362a3d2b661c6066a02fc169faaa1976c2f6160da5837c7e68b7e0f67b794ed

SHA512
b1b669bad519dccab5224c8fcdb13bb2b015e22fd30ba57e92c9cde4480e655f19f0bbb862db5fd87828d2a3ab74c4a6090f36b6358f9eefe5c82e024afe4a3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956

Filesize
1KB

MD5
1ea27366e034eb9447a33ce639c01489

SHA1
d12ed3e7e60c65ce90f0a58b9b9e47292caed923

SHA256
788d210ef206a4d11b6b506bf52124ee03fca4e8a9389fad43772202a7e29452

SHA512
e06f7443f0f7ca5db4411aa0718102c08068e95ec305b6b53c0b42a941a877de39f95c7e7514e69316b41a7ac19eaa6ccddc581fe475bdb842ec920691726e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE

Filesize
264B

MD5
2e6397766508305a3ede49b80af8d431

SHA1
0061018c3e4743c958296876ef3e69aadb6ad8c7

SHA256
a9dd1506c57afb1ad0645e4ade7a702180321c135ed7c91c56f92b6ffc5e6140

SHA512
7d2254ec9b639803780368a2b3fb4649a59dfc2d8e0dc4147bf14f35e59c59fc8e1c64a781c008b302e3b7fe7d939d581b7691d490c72dd704b128eefccce84f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c1b61ca7b2e85945e5d70752b86495b

SHA1
08c2c389f3d61104ca1aa150751972e0ee31032d

SHA256
fea6728ef78ddc92cd0d7f2efb414edfcba112f514ceb7d3880e055adc14152f

SHA512
0d45e8852d555585486e787a7786e743d9cbcd6ab284a14eaf8cae97bce1ede99f75786ea7631dae212901017ca5a01b76e93a67dcb5d1cbddab0ad6fac98ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c288a5229c619347b466a0eb792960c

SHA1
a710b361c093a6171f63e65aa15a9177797265a6

SHA256
4c97ea76b41570fa327868a60fbff58dcaffdfe3e504d7d28557b229cdda32e6

SHA512
50245e414145dd7180253f1bc6d829de263dcdebe9b4332f131a9376b7d19b1fe25354295849aeac663da3968a1dd818b8e772f41e847e81f9aae97ada673ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e83917bdcdc3e35ed6e32c4e3aa5aa74

SHA1
9bc25a92e6540f882f079895b026594356e7a8fb

SHA256
2665bc7934ba03dad0affaee7d912f75865081e6d925441ec8711fea52e3e009

SHA512
d736ce87309910f3289020b226ff0214baf986ed18c77c78953f6d9075bd714d2e5e7bcedab9d9d118db734e02e5ff694b816780441275edfec8291845070fb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5337af68b69d02b51f4d7a80ce849518

SHA1
aaaac6faaa569a8c39914395cf422a4a72914a81

SHA256
3c7938f6398f916694dc1c1546aa172cc174c85fde13e0f074a23a39de4078e1

SHA512
de3c4187541c4b99440b58ec92dc1c6e70f7f47fb2a6319f34435e764194ee25e0225e305fffd19dc678cd7059d966c421051aab2c8986a9a0f1eda9d0f29944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5362d0ebbc1a326b46d465d81dc005c

SHA1
2e8ef67215aff641b7f4e23fc4af956d1e0a9065

SHA256
a3f0f649acbb6abb70c9747175e997e9edc01df271eb922ce2541c220d172d25

SHA512
d46574a089d05d4f0bcef47e867580689e8c8a25a8a5f42a3cf295069247885367296f113e58ee2c92bcd2fb00d1f57a3bd6bd5f3299345c5b27bff441fb6593

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cf59d4155b9fc970a961e473cd3f3d6

SHA1
66c8aeef42d58526ad041a38dc50a5fa1151d202

SHA256
7db46f8a72b9811d88fead8db6fd105da6b5cb96f110ac19aa6a63a0ec604cdc

SHA512
383f92d735a8ab2a774c89d54b966c0a3903d0140503fb16acd957c3f238557e4020863fab2e98e48c3c865be1aed52dd9d61298b1dc8bf525762575b63f6bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7b8c0e53e3743578dd7ddc3aa401dc3

SHA1
a8a2756470b42769bc1e6890883870c2cd486893

SHA256
9c46b97808c3ad7646481941992809100f79af86e11e2662a1e2479a51346817

SHA512
fa2ee97db3ff5aebb0bafaa081133521b2f620e95a4e4d4eac23acb8e53d850a9eeb3e77d6ac84da26ed0feb6b4878729265f8cfe00a1d4fa4db3d374ba88fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956

Filesize
252B

MD5
88bef0aa475d4475f24a38249e084a01

SHA1
d6d27916032901f168778c4b4b774700ef67a1fa

SHA256
f5970b24c13c09d5baa06bce2a2fb84c4307b5098c6f025c89555ee4022e587b

SHA512
18e26be2b3b457cbab790266d1bfdbe5832f890c15925a4bc37d82c495105567a91ade0eb6223c107e5e8ad94d976c738f58139bfbaebb050529629619885e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_21824a9af919eb320360ad88dddf4746bf20c0b00ab48cdd97b294ea537465ac.exe

Filesize
37KB

MD5
850beafe1fda7c6d7f76826e572d7f13

SHA1
86727493d8e04e43f11681fc83db8f19e29bf014

SHA256
330e08b2e5ba65ff55bf520c50ec3bcc7931808d69de9522164e4f78f04579ae

SHA512
4b23a2898a1a182378ef5fe0adfa5d9e622b750c75d73acfe12c4cd9bc15ad076e26bb96d8d144b54ab16ebe7e0b1dc2f4ea8da5dcb96589c1d9eebc5ae1f825

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB78E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB7FE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB9DA.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
21KB

MD5
7daaa54df4a1092922bbf48f1da67deb

SHA1
b57d1a6c0833d1b0ccd82e2d16d8109e555904eb

SHA256
bf2f40dec6f5cf35336b59ff19a0b660878b3c81e73faaa1eaa38664629bcb48

SHA512
2f0e87ada30a340c83d77ec820f7b97dfdd1e4bba6dd1fb1d004bce657533985c29b4b29ff007f9b994421eb376556a27170a46820c7d470fd0dc3bfa55dfe96

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
22KB

MD5
00fdbe17373ede84d80ac1a91def9042

SHA1
67b10db02a352dfdce4059f3ff6c5f0a847f54c6

SHA256
a7021ec0b966246213cd08356aac02b5fb1034236f389dbb1d8b270f98c0efe8

SHA512
963873cbe3e42813083d266e1d3dc71c19f7d045cb40ef79f152a7f0914ef3d10270d39d43d9a8b064774ba68910259d68f49a9e0586f248a696b0cfddb7754b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
22KB

MD5
9b5eb12d7b9c319b11bb8c5752cc7b51

SHA1
ae475a7caa862b15644f9fe30c88efbe8d44f329

SHA256
eb548f1dd16a0539ddfef8f2b519a55a6a8be425f2dd0502d2d1e35e796f5b99

SHA512
d5179c12daec6eb5bd7301ba13b2de0a8857fcedb96fdcd59be8d90d74615acbb186fc4751af617cfd861ebffda82fb7a630388e951986595139223dbf2c05cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
23KB

MD5
c74e9361f34f4f0fdc643bc12208fd28

SHA1
594d76753fa91ce92f699b47602033ac196beadb

SHA256
5c95daf195a32a903e1bd1960493df728a3a95f69eb75fcd363dd4bb191077ab

SHA512
fb021bb3a2a04f4dc259bf441a228235e8a9c31eb3c43e8c985688ecc42f0acbf5036475f05f657e67f4eccb3cd011e02d502afbec06b2b2f8c98157342920e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
24KB

MD5
81b30238a63856f0803b920ce0fd2243

SHA1
1dd1c2b48ca7597068f789addda54e4f4d14d119

SHA256
bbe4425867c30949420831a0e1e868a67de86026ff3988f32ac50e12a0f188ab

SHA512
5e0c10da2bbb1262ad2add20404f0ae3ad9a952a060aeb29bc2774a8b8ff19f6273d3f913cc2c3261ffe326fc4397cd9a584bb8f784760fd874abb00bd386d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vIMo7EwN.xlsm

Filesize
25KB

MD5
4fb09389ce3af60bd1413362adb8c7f9

SHA1
53c27db0791e67f1734bb36bb393e0d115ce28c0

SHA256
0228ca156f9e69a82f73c2415d04042a871b999a119810f6ad9f255a1ce3f68b

SHA512
32f36a4e699c0cb792bc75808e66d30a0e4081f14cd88f26800663a30394d7072ec9b31822e2089a2f4b054b748c7eec26e278271bca1976f9b4067dfa30e52b

Download Submit
C:\Users\Admin\Desktop\~$LimitTrace.xlsx

Filesize
165B

MD5
ff09371174f7c701e75f357a187c06e8

SHA1
57f9a638fd652922d7eb23236c80055a91724503

SHA256
e4ba04959837c27019a2349015543802439e152ddc4baf4e8c7b9d2b483362a8

SHA512
e4d01e5908e9f80b7732473ec6807bb7faa5425e3154d5642350f44d7220af3cffd277e0b67bcf03f1433ac26a26edb3ddd3707715b61d054b979fbb4b453882

Download Submit
memory/1804-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1804-35-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2092-20-0x0000000001EB0000-0x0000000001F30000-memory.dmp

Filesize
512KB

Download
memory/2728-104-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2728-444-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2736-445-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2736-446-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2736-483-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads