darkcomet | e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 02:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe
Size

369KB
MD5

80e5190a9e7141413f667935ddd2ee02
SHA1

d78092febb57e202cb9f2791861ce9cf46d1614d
SHA256

e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73
SHA512

54e1bb1a92c5d9a0ef2a0aa514550b5dc2ed326f5382dc3e5680c8f2022b36f569458111103c0776766ee7d633b502f4b31c934a7473b76c647651be13621cb7
SSDEEP

6144:xK+ZtjvFM7dlnOd9aJ261MCnDPxaaAMhgYNt28h83QNu6/Cu37Cr3oG:bvFa5OD961MCnDPEaW8m3euK3c

Score

10^/10

darkcomet wirecrypter defense_evasion discovery persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

WireCrypter

runeo.no-ip.info:1604

Mutex

DC_MUTEX-MSXSUHC

Attributes

gencode
N6yPChD0zHNX
install
false
offline_keylogger
true
persistence
false

rc4.plain

1
#KCMDDC51#-890

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3208	attrib.exe
1540	attrib.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	Java.exe

Executes dropped EXE 1 IoCs

pid	Process
1016	Java.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java Runtime = "C:\\Users\\Admin\\AppData\\Roaming\\Adobe\\Java.exe"	JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1016-7-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-9-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-10-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-11-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-12-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-13-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-14-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-15-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-16-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-17-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-18-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-19-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-20-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-21-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-22-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-23-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-24-0x0000000000400000-0x0000000000515000-memory.dmp	upx
behavioral2/memory/1016-25-0x0000000000400000-0x0000000000515000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5952	3036	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Java.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1016	Java.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1016	Java.exe
Token: SeSecurityPrivilege	1016	Java.exe
Token: SeTakeOwnershipPrivilege	1016	Java.exe
Token: SeLoadDriverPrivilege	1016	Java.exe
Token: SeSystemProfilePrivilege	1016	Java.exe
Token: SeSystemtimePrivilege	1016	Java.exe
Token: SeProfSingleProcessPrivilege	1016	Java.exe
Token: SeIncBasePriorityPrivilege	1016	Java.exe
Token: SeCreatePagefilePrivilege	1016	Java.exe
Token: SeBackupPrivilege	1016	Java.exe
Token: SeRestorePrivilege	1016	Java.exe
Token: SeShutdownPrivilege	1016	Java.exe
Token: SeDebugPrivilege	1016	Java.exe
Token: SeSystemEnvironmentPrivilege	1016	Java.exe
Token: SeChangeNotifyPrivilege	1016	Java.exe
Token: SeRemoteShutdownPrivilege	1016	Java.exe
Token: SeUndockPrivilege	1016	Java.exe
Token: SeManageVolumePrivilege	1016	Java.exe
Token: SeImpersonatePrivilege	1016	Java.exe
Token: SeCreateGlobalPrivilege	1016	Java.exe
Token: 33	1016	Java.exe
Token: 34	1016	Java.exe
Token: 35	1016	Java.exe
Token: 36	1016	Java.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1016	Java.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1016	3036	JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe	87
PID 3036 wrote to memory of 1016	3036	JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe	87
PID 3036 wrote to memory of 1016	3036	JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe	87
PID 1016 wrote to memory of 4244	1016	Java.exe	92
PID 1016 wrote to memory of 4244	1016	Java.exe	92
PID 1016 wrote to memory of 4244	1016	Java.exe	92
PID 1016 wrote to memory of 5232	1016	Java.exe	93
PID 1016 wrote to memory of 5232	1016	Java.exe	93
PID 1016 wrote to memory of 5232	1016	Java.exe	93
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 1016 wrote to memory of 4108	1016	Java.exe	95
PID 4244 wrote to memory of 3208	4244	cmd.exe	97
PID 4244 wrote to memory of 3208	4244	cmd.exe	97
PID 4244 wrote to memory of 3208	4244	cmd.exe	97
PID 5232 wrote to memory of 1540	5232	cmd.exe	98
PID 5232 wrote to memory of 1540	5232	cmd.exe	98
PID 5232 wrote to memory of 1540	5232	cmd.exe	98

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3208	attrib.exe
1540	attrib.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Roaming\Adobe\Java.exe
  "C:\Users\Admin\AppData\Roaming\Adobe\Java.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Roaming\Adobe\Java.exe" +s +h
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4244
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Users\Admin\AppData\Roaming\Adobe\Java.exe" +s +h
      4⤵
      Sets file to hidden
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:3208
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Roaming\Adobe" +s +h
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5232
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Users\Admin\AppData\Roaming\Adobe" +s +h
      4⤵
      Sets file to hidden
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:1540
- - C:\Windows\SysWOW64\notepad.exe
    notepad
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 588
  2⤵
  - Program crash
  PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3036 -ip 3036
1⤵
PID:1784

Network

DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.180.3
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.180.3:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Thu, 20 Mar 2025 01:34:32 GMT
Expires: Thu, 20 Mar 2025 02:24:32 GMT
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding
Age: 2813
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response
DNS

runeo.no-ip.info

Java.exe

Remote address:

8.8.8.8:53

Request

runeo.no-ip.info

IN A

Response

142.250.180.3:80

http://c.pki.goog/r/r1.crl

http

384 B
355 B
4
3

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304

8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.180.3
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info
8.8.8.8:53

runeo.no-ip.info

dns

Java.exe

62 B
122 B
1
1

DNS Request

runeo.no-ip.info

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Java.exe

Filesize
369KB

MD5
80e5190a9e7141413f667935ddd2ee02

SHA1
d78092febb57e202cb9f2791861ce9cf46d1614d

SHA256
e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73

SHA512
54e1bb1a92c5d9a0ef2a0aa514550b5dc2ed326f5382dc3e5680c8f2022b36f569458111103c0776766ee7d633b502f4b31c934a7473b76c647651be13621cb7

Download Submit
memory/1016-18-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-15-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-6-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-7-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-25-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-9-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-10-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-11-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-12-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-16-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-5-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-14-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-13-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-17-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-24-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-19-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-20-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-21-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-22-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/1016-23-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/3036-0-0x00000000004B8000-0x00000000004BA000-memory.dmp

Filesize
8KB

Download
memory/4108-8-0x00000000012A0000-0x00000000012A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.