mydoom | fdc22126f2ce3edf5289f6caea6a63dd233343fb7e408897ba7039a43172304a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
Size

27KB
MD5

8ad173787e1bda0379832e01a301ff26
SHA1

79ee55b602ce209808ed5b226389c410d2885107
SHA256

fdc22126f2ce3edf5289f6caea6a63dd233343fb7e408897ba7039a43172304a
SHA512

ee7f3f2816e15e32aed39cbac8e2d624f7956486988b765e04d6a08a75005c4708f788fceeff5cf7da41c9f233a9d333a0f3f5c5fec3c97c451f4adc80cc7c0c
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUoY40wFT3SlVSUn1x5+rqQA:SCIqdH/k1ZVcT194jp4NUT3uVj1+rqT

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 21 IoCs

resource	yara_rule
behavioral2/memory/1460-10-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-87-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-88-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-140-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-162-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-163-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-243-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-293-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-294-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-322-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-323-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-328-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-393-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-448-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-449-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-450-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-511-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-512-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-591-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/720-609-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral2/memory/5012-610-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 2 IoCs

pid	Process
5012	lsass.exe
1460	lsass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	lsass.exe

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/720-0-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/files/0x00060000000227be-4.dat	upx
behavioral2/memory/1460-10-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-87-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-88-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-140-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-162-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-163-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-243-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-293-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-294-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-322-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-323-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-328-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-393-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-448-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-449-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-450-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-511-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-512-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-591-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/720-609-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral2/memory/5012-610-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\Kazaa Lite.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\Harry Potter.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Harry Potter.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\ICQ 4 Lite.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\Kazaa Lite.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Kazaa Lite.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\CD770CB7-9E07-4D10-88E6-9B773B199C47\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\index.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\Winamp 5.0 (en).com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\Harry Potter.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Winamp 5.0 (en) Crack.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\Winamp 5.0 (en).com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\Winamp 5.0 (en).com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\index.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\Winamp 5.0 (en) Crack.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\Kazaa Lite.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Harry Potter.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\Harry Potter.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\Winamp 5.0 (en).com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Winamp 5.0 (en).com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\Harry Potter.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\Winamp 5.0 (en) Crack.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\index.ShareReactor.com	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\Harry Potter.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Harry Potter.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\lsass.exe	lsass.exe
File opened for modification	C:\Windows\lsass.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File created	C:\Windows\lsass.exe	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
File opened for modification	C:\Windows\lsass.exe	lsass.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5416 wrote to memory of 5012	5416	cmd.exe	88
PID 5416 wrote to memory of 5012	5416	cmd.exe	88
PID 5416 wrote to memory of 5012	5416	cmd.exe	88
PID 2252 wrote to memory of 1460	2252	cmd.exe	91
PID 2252 wrote to memory of 1460	2252	cmd.exe	91
PID 2252 wrote to memory of 1460	2252	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ad173787e1bda0379832e01a301ff26.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:5416
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:5012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\uRkmbus2.txt

Filesize
7KB

MD5
9ec72a8121f1d73e64234dc9ff825335

SHA1
b32a1c3fb18c7e24e57b550f56c87ea72971219e

SHA256
c7594d58d5c3c6c88b3ad7f4488fb3c95dbedb64d043f4d82d516c82ecf28c88

SHA512
eeac6019c3bf77d031bf8d2b8c23162cedb6b642aadeac378130f95f56fdd65b20eb772154a5affb5adbca19c92d9322fb9a82b44b40fb6c6ad3d96647d21c94

Download Submit
C:\Windows\lsass.exe

Filesize
27KB

MD5
8ad173787e1bda0379832e01a301ff26

SHA1
79ee55b602ce209808ed5b226389c410d2885107

SHA256
fdc22126f2ce3edf5289f6caea6a63dd233343fb7e408897ba7039a43172304a

SHA512
ee7f3f2816e15e32aed39cbac8e2d624f7956486988b765e04d6a08a75005c4708f788fceeff5cf7da41c9f233a9d333a0f3f5c5fec3c97c451f4adc80cc7c0c

Download Submit
memory/720-511-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-87-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-609-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-0-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-162-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-591-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-393-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-293-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-450-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-448-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/720-323-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1460-10-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-140-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-328-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-322-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-449-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-294-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-243-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-512-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-163-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-88-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5012-610-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads