banload | aaf0e30255217a22cc244a75919e99227d11f7e92b0f6e474e93fddc8a1f7142

General

Target

MouseSpeedSetup.exe
Size

7.3MB
MD5

0530d46a8be39eed7b0c613ab6182c82
SHA1

9a567aa4df2644010a7c0d97244ccbdf2be62def
SHA256

aaf0e30255217a22cc244a75919e99227d11f7e92b0f6e474e93fddc8a1f7142
SHA512

ed2dcec32a611f278d787a22ddc7145a1086d91d106276236922928128398ba780cd3b0764508635d039c7a3e0900c4e8e791badcf1d95606eb0a89e3245c65c
SSDEEP

98304:NkL4SowvA8okj4yklTsH3/CbmWLPcWqe3UnHzfJTwbESzfsYf6ugUM0NgkVxDl:+N9NDklTWWLUnTfbQi0Xvp

Score

10^/10

banload defense_evasion discovery downloader dropper persistence trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	mssLicChk.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mssLicChk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mssLicChk.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\gpsMouseSpeed = "C:\\Program Files (x86)\\MouseSpeedSwitcher\\MouseSpeed.exe"	MouseSpeedSetup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\gpsMouseSpeed = "C:\\Program Files (x86)\\MouseSpeedSwitcher\\MouseSpeed.exe"	MouseSpeed.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
2168	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-GPK15.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-MRI98.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-MLCBF.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-A9UJO.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-VNDL8.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-M5NQD.tmp	MouseSpeedSetup.tmp
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.dat	MouseSpeedSetup.tmp
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-KKJEU.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-088KJ.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-P1SO2.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-KNHFF.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-DQATN.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\is-B4DT2.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.dat	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-3PFFO.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-9JSH9.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\is-UIE42.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-3KDQ6.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-059R8.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-D84TE.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-QBHQS.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-Q7JLA.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.msg	MouseSpeedSetup.tmp

Executes dropped EXE 4 IoCs

pid	Process
3068	MouseSpeedSetup.tmp
2168	MouseSpeed.exe
812	mssLicChk.exe
1264	MouseSpeed.exe

Loads dropped DLL 7 IoCs

pid	Process
2076	MouseSpeedSetup.exe
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeedSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeedSetup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeed.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssLicChk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeed.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}	MouseSpeed.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}\Hideadeby = 7a42674518fb8329407e2ab924fe56820827baff016c2006b8cc5022a195090a	MouseSpeed.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\AutoConvertTo	mssLicChk.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}\Hideadeby = 7a42674518fb8329407e2ab924fe56820827baff016c2006b8cc5022a195090a	MouseSpeed.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\Insertable	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\NotInsertable	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\Ole1Class	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\ = "Microsoft Excel Chart"	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\AutoConvertTo\ = "{00020821-0000-0000-C000-000000000046}"	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\DefaultIcon\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE,1"	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\NotInsertable\	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\Ole1Class\ = "ExcelChart"	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\DefaultIcon	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\Insertable\	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\ProgID	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\ProgID\ = "ExcelChart"	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\TreatAs	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\TreatAs\ = "{00020821-0000-0000-C000-000000000046}"	mssLicChk.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}	MouseSpeed.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3068	MouseSpeedSetup.tmp
3068	MouseSpeedSetup.tmp

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1264	MouseSpeed.exe
Token: SeIncBasePriorityPrivilege	1264	MouseSpeed.exe
Token: 33	1264	MouseSpeed.exe
Token: SeIncBasePriorityPrivilege	1264	MouseSpeed.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3068	MouseSpeedSetup.tmp
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2168	MouseSpeed.exe
2168	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe
1264	MouseSpeed.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 2076 wrote to memory of 3068	2076	MouseSpeedSetup.exe	30
PID 3068 wrote to memory of 2168	3068	MouseSpeedSetup.tmp	32
PID 3068 wrote to memory of 2168	3068	MouseSpeedSetup.tmp	32
PID 3068 wrote to memory of 2168	3068	MouseSpeedSetup.tmp	32
PID 3068 wrote to memory of 2168	3068	MouseSpeedSetup.tmp	32
PID 3068 wrote to memory of 812	3068	MouseSpeedSetup.tmp	33
PID 3068 wrote to memory of 812	3068	MouseSpeedSetup.tmp	33
PID 3068 wrote to memory of 812	3068	MouseSpeedSetup.tmp	33
PID 3068 wrote to memory of 812	3068	MouseSpeedSetup.tmp	33
PID 3068 wrote to memory of 1264	3068	MouseSpeedSetup.tmp	36
PID 3068 wrote to memory of 1264	3068	MouseSpeedSetup.tmp	36
PID 3068 wrote to memory of 1264	3068	MouseSpeedSetup.tmp	36
PID 3068 wrote to memory of 1264	3068	MouseSpeedSetup.tmp	36

C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\is-P8LJ3.tmp\MouseSpeedSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-P8LJ3.tmp\MouseSpeedSetup.tmp" /SL5="$301C4,6780985,832512,C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe" /r
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2168
- - C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:812
- - C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\SysMeecheoCommon\aboobooheabegh.had

Filesize
32B

MD5
2f10bf333a6251407126629b85d93fbd

SHA1
473f7b9b524e1cd2cf759422054f3b14b8fe61b7

SHA256
f819b15d9cfb1dbdd81aca8acde7cc6602f2844c35be0042ba3a0d1886aee5ef

SHA512
92bf86a6db1ab3463c749e9197abc36497e180916605d3c1d456800e6dba03cc53e9ed3f87d0c17127342ff5d0c89bd57e7349568b86ddddd54e849c24a5eb77

Download Submit
C:\Users\Admin\AppData\Local\Temp\5BA66BE2

Filesize
14B

MD5
d853880fa6f3b52fcca5888ad97bf723

SHA1
65cc85049317977f67d2ea41505f58087c69591b

SHA256
9e77d5079990913bc8f362f447461233cb32850b4e1514e1d8beac80ea28eb2e

SHA512
d612e4ac94bc5c0e4243645aa4be063e9835df6ab8327e1319743b55ca07a1414e29f60f594f6a6de343aa0f8ab238543417fad75382e5fd143655e77e86e7a7

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
737B

MD5
45bc927bf0de606aa2718cc5a8723b38

SHA1
57330fe147a781874b035e2a2b35ad9740feda6e

SHA256
00e7ccf4ad5fafe012ff989fa0acdb18d7855497bda43804b2ceb6843d89ca0f

SHA512
459d10c66c924eac161d4c7d62b0d439cca4916db308f63e95d21189dbe596350dfa4d3f2c8592fe016247f683e232c4c1b1405b6d7d76fea629d4dfff0f23d8

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
4KB

MD5
d3228dd6a7439e55cf7068cd0c963b14

SHA1
d65aa1cc8bd6be8b74f4a5ee40fee022f3552fa7

SHA256
0e9dcd0fffe3bc015845ae183ddc0750de34bdf213fa88d95cef0cecb8183997

SHA512
3d7f95f1d4269235679cf96bc5492009cfbccc209d0b20d6bf3e8998dd07bc31510abee2973f6417bcd06f15653b7cb8cd5199c12286262a617c0631649da7b3

Download Submit
\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe

Filesize
4.6MB

MD5
5b916619621b1495cac1e5e93a5d582f

SHA1
873dbe0f809cfb10de02b2d292eaad1ec86c46c5

SHA256
507044f90efdce52671938922ce67cdb0f384b3479175c3865ce5610d65405f6

SHA512
197e225a3d740846c2a2317318c25960f7ca0dde87e86f832a503539ef820dde9e6dd0e1a40a842e5a5c0b3f9ebd6ad420dc8a9aca44763bb7dffde948cc7cdb

Download Submit
\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe

Filesize
1.8MB

MD5
8e22ee7bb869fa2ef45caf8695f3c97d

SHA1
076ed837cc049809199f0a538cc2eee1b165d01c

SHA256
76cb0884c52d0f0e1998a77eba76a3abdf8e23684715f594b83a47bcc4750f68

SHA512
08daf0c6b43f1cc9fcc77b5338de0f0d0e729af88178a88e4d4d8a79a2f3ac7564423ff02548a3e60b32328cfcf4eaa02543f07fe57597e49fb8b259c80b1c0b

Download Submit
\Users\Admin\AppData\Local\Temp\is-P8LJ3.tmp\MouseSpeedSetup.tmp

Filesize
3.1MB

MD5
044b0f4a2bc68e5fce570f054fce47c2

SHA1
edaa03cbca1ad86deaaec84a8c0a91a81da46674

SHA256
3e3c194b5a92e8a6c4cda0c0081c0ccfda898dcf09abcb549e8fe5ed6a8e85bb

SHA512
d99c80b6f075c70d5a6a823e61df7ac5d5f73386a6d920cece71350e011fab1f468d74c89775ac44b38ed04be724e744e83be5bfb3e93d5d7c33491d589166a0

Download Submit
memory/812-104-0x0000000000400000-0x0000000000604000-memory.dmp

Filesize
2.0MB

Download
memory/812-99-0x0000000002580000-0x0000000002777000-memory.dmp

Filesize
2.0MB

Download
memory/812-141-0x0000000000400000-0x0000000000604000-memory.dmp

Filesize
2.0MB

Download
memory/812-105-0x0000000002580000-0x0000000002777000-memory.dmp

Filesize
2.0MB

Download
memory/1264-113-0x0000000000FD0000-0x000000000223C000-memory.dmp

Filesize
18.4MB

Download
memory/1264-214-0x0000000000FD0000-0x000000000223C000-memory.dmp

Filesize
18.4MB

Download
memory/1264-212-0x0000000000FD0000-0x000000000223C000-memory.dmp

Filesize
18.4MB

Download
memory/1264-213-0x0000000000FD0000-0x000000000223C000-memory.dmp

Filesize
18.4MB

Download
memory/2076-140-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2076-10-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2076-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2076-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2168-93-0x00000000000D0000-0x000000000133C000-memory.dmp

Filesize
18.4MB

Download
memory/2168-82-0x00000000000D0000-0x000000000133C000-memory.dmp

Filesize
18.4MB

Download
memory/3068-59-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download
memory/3068-111-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download
memory/3068-110-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download
memory/3068-98-0x0000000005AB0000-0x0000000005CB4000-memory.dmp

Filesize
2.0MB

Download
memory/3068-139-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3068-81-0x0000000005AB0000-0x0000000006D1C000-memory.dmp

Filesize
18.4MB

Download
memory/3068-74-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download
memory/3068-57-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3068-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3068-8-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads