0fe6d78e321028b931c3c1dbc467b2db424a333803f06db7f60311d11b15917f

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6b2b9d42581d755c3f423a3a273796f5.xls
Size

296KB
MD5

6b2b9d42581d755c3f423a3a273796f5
SHA1

cfdc7aa01f169b4995d7f4dea63fe88264ba5069
SHA256

0fe6d78e321028b931c3c1dbc467b2db424a333803f06db7f60311d11b15917f
SHA512

1657ee63f2fcff6febbe6020bc9a602c259bf9d53ad6b2a4cbed1cdd6f42ec384c6bd90b9ca9b2b54e1328225364ff6ee81bcd52d14fca6e2ca41da24aa3f80a
SSDEEP

6144:rf5VC9ECYkyTClYAZfcBvEHVwbPgcUk9l0uq0l+65Xo/5jW:rfD1CWWEiybPgz5M2/5

Score

10^/10

defense_evasion macro macro_on_action persistence xlm

Malware Config

Signatures

Process spawned unexpected child process 6 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	3496	3472	cmd.exe	85
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	2948	3472	cmd.exe	85
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	832	3472	cmd.exe	85
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	1624	3472	cmd.exe	85
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	1468	3472	cmd.exe	85
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	4132	3472	cmd.exe	85

Office macro that triggers on suspicious action 2 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral2/files/0x0008000000023d3d-80.dat	office_macro_on_action
behavioral2/files/0x000c000000023be6-101.dat	office_macro_on_action

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3156	attrib.exe
4372	attrib.exe

Suspicious Office macro 2 IoCs

Office document equipped with 4.0 macros.

macro xlm

resource	yara_rule
behavioral2/files/0x0008000000023d3d-80.dat	office_xlm_macros
behavioral2/files/0x000c000000023be6-101.dat	office_xlm_macros

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet.exe = "internet.exe"	EXCEL.EXE

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\internet.exe	EXCEL.EXE

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3472	EXCEL.EXE
408	WINWORD.EXE

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
408	WINWORD.EXE
408	WINWORD.EXE
408	WINWORD.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE
3472	EXCEL.EXE

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 3496	3472	EXCEL.EXE	91
PID 3472 wrote to memory of 3496	3472	EXCEL.EXE	91
PID 3496 wrote to memory of 1800	3496	cmd.exe	93
PID 3496 wrote to memory of 1800	3496	cmd.exe	93
PID 3472 wrote to memory of 2948	3472	EXCEL.EXE	94
PID 3472 wrote to memory of 2948	3472	EXCEL.EXE	94
PID 2948 wrote to memory of 4152	2948	cmd.exe	96
PID 2948 wrote to memory of 4152	2948	cmd.exe	96
PID 3472 wrote to memory of 832	3472	EXCEL.EXE	97
PID 3472 wrote to memory of 832	3472	EXCEL.EXE	97
PID 832 wrote to memory of 3220	832	cmd.exe	99
PID 832 wrote to memory of 3220	832	cmd.exe	99
PID 3472 wrote to memory of 1624	3472	EXCEL.EXE	100
PID 3472 wrote to memory of 1624	3472	EXCEL.EXE	100
PID 3472 wrote to memory of 1468	3472	EXCEL.EXE	107
PID 3472 wrote to memory of 1468	3472	EXCEL.EXE	107
PID 1468 wrote to memory of 3156	1468	cmd.exe	109
PID 1468 wrote to memory of 3156	1468	cmd.exe	109
PID 3472 wrote to memory of 4132	3472	EXCEL.EXE	110
PID 3472 wrote to memory of 4132	3472	EXCEL.EXE	110
PID 4132 wrote to memory of 4372	4132	cmd.exe	112
PID 4132 wrote to memory of 4372	4132	cmd.exe	112

Views/modifies file attributes 1 TTPs 4 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4372	attrib.exe
1800	attrib.exe
4152	attrib.exe
3156	attrib.exe

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6b2b9d42581d755c3f423a3a273796f5.xls"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c attrib -s -h c:\setflag.exe
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Windows\system32\attrib.exe
    attrib -s -h c:\setflag.exe
    3⤵
    - Views/modifies file attributes
    PID:1800
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c attrib -s -h c:\sendto.exe
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Windows\system32\attrib.exe
    attrib -s -h c:\sendto.exe
    3⤵
    - Views/modifies file attributes
    PID:4152
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c extrac32 /E /Y /L c:\ c:\cab.cab
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Windows\system32\extrac32.exe
    extrac32 /E /Y /L c:\ c:\cab.cab
    3⤵
    PID:3220
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c extract /E /Y /L c:\ c:\cab.cab
  2⤵
  - Process spawned unexpected child process
  PID:1624
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c attrib +s +h c:\setflag.exe
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\system32\attrib.exe
    attrib +s +h c:\setflag.exe
    3⤵
    - Sets file to hidden
    - Views/modifies file attributes
    PID:3156
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c attrib +s +h c:\sendto.exe
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Windows\system32\attrib.exe
    attrib +s +h c:\sendto.exe
    3⤵
    - Sets file to hidden
    - Views/modifies file attributes
    PID:4372

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
3800ef9fef580bac3b95642d30b7c143

SHA1
5cb8f564ebd86fde4099e2f81aa340973aa00139

SHA256
82b657fd0b1ab41de338959155e9bae83210901d9f2dadcc93fd550be09c6a8e

SHA512
1fba6902750a629a0e9eed5fd1e53743b5254d6596417c699dddbc0fb005e646ed99dc4a0d52c6cd2f07e91ca9cc1eebfaadcf24e4f52a5463f16e660f12ba09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
83a5d061fd204736c44fa3e49138e83e

SHA1
ba809d8e05b2c89e34cfe42a746dd2f1e0b7d716

SHA256
f88262fe0c2c54ec90aa078c722b38939a859b6d6176b5b2d42211f9e196f378

SHA512
43762034fa5a74921058af0979ea43aca31b6377b7904d4a437d2a7476a4881787670ee971770ed7f320b0eeddfc53b475a620a874217f47b6615bb146962306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7BD4031E-280C-4AFA-B84E-4CD00BD83E63

Filesize
177KB

MD5
987567d7a7e384f5bf3843daeb65d417

SHA1
7b928a9f2ee202f8110a61c37bd7c587f0ed9c10

SHA256
7c3b89e7f7bc8d04682e6403effa1ef3dc820d1659c6bded75e9b600d67c1810

SHA512
9ee472e6daa1b5cbe923942c1a93950b2ef04f46d0e68d7d5649e26bd44db828a1697c13d660a82bbae12639db6e7a1b58720f219a4363e391973f6344659bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
30269e1c52b10d71b8f345218ba9c0bf

SHA1
ca3058aa7b405d0ccd9b10d5f48e76fcf381c40f

SHA256
7596ee2e166460677a8f67a8507e1c42fffd3d5ea674795b50fd31db64f2d963

SHA512
29e67079cff4dce6ff0003d327e962f50fa0ee185056520ff22e4517f2917f0c20aba751dc97c41de6e44428b2a591351295246c5dcca085c186635ba9627110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
8654dbd843a0c4531906e3dc008d5baa

SHA1
7b7e33d50a1c16c8e2891a7e65aa338d4daaf8a7

SHA256
cc7b5ceeeb72dc4c2fec71c1f4e27d54f2d913d46c12274a3192739d9cd8e50f

SHA512
a94c0b2c35940c83913d2943432ab7d023bc9b53412ab5cd7eed4962ec189e144668b589d95745d674776ded7956868febbe0a432cb9010ff714e2312b8d8892

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\norma1.xlm

Filesize
68KB

MD5
2bfe86ff5c4839475907298314cfac62

SHA1
f7a3ec7c1a818cf8adfd13ac0f7a1fbe75fd9aa5

SHA256
ed73cf8033e46df967a17405b51c2ed33713ec3e22f29fb65a497c4931cc86c6

SHA512
50676dc42b7dc6af0ed420b92a4de5aca945b5ce655b122cc07f68678a2107acc67fc752527b5de2d928783bff64f391433ff4456239c789e9b4bfc1d94bf205

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
c26c99136e6df7b21a76e3492cda82e8

SHA1
54c57448b272b8985aae4415f4ff2cd1451b6adb

SHA256
bfb9e93018b040728e99658906243ac9d1b912e08c9d418db58b71d5584dde06

SHA512
f4742471f211ce3ab65c97bb7c693f039727baf7cec69f5ff4f89921919135b4a6ee24652812874439146867e3c4d356d8cc054d3e61cc3204221d0ce7d20b6c

Download Submit
C:\sendto.exe

Filesize
20KB

MD5
56bafcef305ce46d847421edd6eec04b

SHA1
e6e31dda260fee10b63c4dd297b433749ea7ac07

SHA256
3c6d90fdf13ef66dd36631796cd50db01dfb8e2db5b472c45202513ab816f272

SHA512
c78210f40daa6e2827d1280eaca5ae22cf036d20ff802826171cfdaf2b64a011f32c8689eec174d3375e197b240e4c92a2fb466b01c66a96e9276cd1de160e20

Download Submit
C:\setflag.exe

Filesize
32KB

MD5
a4f9be8517afb4c5d9c63960a5faf258

SHA1
6d3300bfc43b191819f687df91bfbe2c6294d6bb

SHA256
78b6db289832df709d17fd5c49359ddfb9cacaa8303cd77290427bac4c829ba2

SHA512
c6c918bc91ed645553245cc640ed66882af264035732b8a8c2682f14a9c8f183c38837c1b3e62ca7d16e1560e6bc2a4273b41c9614a046752928c9a0c45ecb2e

Download Submit
\??\c:\cab.cab

Filesize
70KB

MD5
5a876443f36ca54efae1c723041435c0

SHA1
7ebd6188c3df725008209b7d24f914b2b3ce0a6c

SHA256
02397a86f99f98f212adee047d25c56fa6644a3cf6058ddb0da0221d708f1ee9

SHA512
a065a1ed747b8348c49c909e7186da584a3f01bca4652b154d5f7f88c4de15c5f0c03884db5cf33bca9035944cf5c7bc6983571301dd0fa4d7c298942887a149

Download Submit
\??\c:\internet.exe

Filesize
24KB

MD5
072ca9f791665febeacda1be1e71a124

SHA1
20d6d75ef7e06c72b43a2e3be81f5ceab11a1a5a

SHA256
692bfa3ca595a0ed57dd1d5fa6652332162c90ea0c9b8c9b32ddbebbec063f3d

SHA512
3cd1c0727085dcc054b1c9111c934fef3473d57a91e1e247418a220e35c59e495282740621d6c9c01c86a39ad4e5c79d7d95dbd289e25f044cfad1f616d52290

Download Submit
\??\c:\norma1.xlm

Filesize
68KB

MD5
3f08a7010fe4ea32b210b7919448ada6

SHA1
c7bc3bb8f78ef217b83c593542b5c4cf602746a2

SHA256
506260a97f723ce79e3243b651dc8af1c3fcdbf72431be60b1a0afbab8d2dce9

SHA512
be8ac3dcb6574e6876c2f8d2e40c1c6ad75ca611275ccc73c7283f6b17f3956c16c14d9dfa10e36576011baa691378a8ce6115e380b821a2d6f549ea46567b4c

Download Submit
\??\c:\normal.dot

Filesize
103KB

MD5
26ab77fe4d542805e0afdc9d0efc92c2

SHA1
332dc776b13e8f04809a312183ef9532ea2b18d3

SHA256
1cb2d969e56664ddc1f496c63e424cbe1ce2f560f8350f4ffa451f0fc03006d9

SHA512
ef439dbbe390eb175bd9970d76827a6b506b88a4db7cda233d8b6591b22e3c7a454cbb8111ca78dbbd6b195c91aa89c7d0c9df952052d3471eb07ac80f98b89a

Download Submit
memory/408-125-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/408-128-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/408-127-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/408-126-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-9-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-4-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-47-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-38-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-14-0x00007FFBFA080000-0x00007FFBFA090000-memory.dmp

Filesize
64KB

Download
memory/3472-13-0x00007FFBFA080000-0x00007FFBFA090000-memory.dmp

Filesize
64KB

Download
memory/3472-0-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-10-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-11-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-12-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-8-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-117-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-116-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-114-0x00007FFC3C38D000-0x00007FFC3C38E000-memory.dmp

Filesize
4KB

Download
memory/3472-7-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-6-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-5-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-48-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-129-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-131-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-132-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-135-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-134-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-133-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-130-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-136-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-137-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-147-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-148-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-2-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-3-0x00007FFBFC370000-0x00007FFBFC380000-memory.dmp

Filesize
64KB

Download
memory/3472-151-0x00007FFC3C2F0000-0x00007FFC3C4E5000-memory.dmp

Filesize
2.0MB

Download
memory/3472-1-0x00007FFC3C38D000-0x00007FFC3C38E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads