mydoom | 9f8b37981b6edcd0e75f5415a3c1e032c2d66fc8774520c1fabf02010f507c1a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
Size

21KB
MD5

aa1742744668b9fe5f8301789efeba25
SHA1

6ff23a3b6a05385781eaa7b5a2d0203203649530
SHA256

9f8b37981b6edcd0e75f5415a3c1e032c2d66fc8774520c1fabf02010f507c1a
SHA512

647566216b2c2ad154d431887ca84d2d58a0e87b02f6ea46f342486f29036dd5277e8a2b375dc3f23ffd67dee0678b7ba26ac49b9567ec00f8cacd72728ba61e
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUp2pB3u:SCIqdH/k1ZVcT194jp4IX3u

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 22 IoCs

resource	yara_rule
behavioral1/memory/4500-9-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-86-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-87-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-139-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-161-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-162-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-239-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-292-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-293-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-324-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-396-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-443-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-444-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-474-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-524-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-525-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-592-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-633-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-634-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-635-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/1228-639-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4256-640-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 2 IoCs

pid	Process
4256	lsass.exe
4500	lsass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	lsass.exe

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1228-0-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/files/0x0009000000024362-4.dat	upx
behavioral1/memory/4500-9-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-86-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-87-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-139-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-161-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-162-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-239-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-292-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-293-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-324-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-396-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-443-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-444-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-474-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-524-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-525-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-592-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-633-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-634-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-635-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1228-639-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4256-640-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\Harry Potter.com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AE7AE25E-2212-4826-922C-C81C6AA4952D\root\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\WinRAR.v.3.2.and.key.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ICQ 4 Lite.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\Harry Potter.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\Harry Potter.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\index.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\en-US\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\index.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Winamp 5.0 (en).com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\Winamp 5.0 (en) Crack.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\index.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\Harry Potter.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\index.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\Harry Potter.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Harry Potter.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\Winamp 5.0 (en).com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\ICQ 4 Lite.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\index.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Harry Potter.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Harry Potter.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\index.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\index.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Winamp 5.0 (en).com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\ICQ 4 Lite.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	lsass.exe
File created	C:\Windows\lsass.exe	lsass.exe
File opened for modification	C:\Windows\lsass.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
File created	C:\Windows\lsass.exe	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 4256	3864	cmd.exe	87
PID 3864 wrote to memory of 4256	3864	cmd.exe	87
PID 3864 wrote to memory of 4256	3864	cmd.exe	87
PID 2624 wrote to memory of 4500	2624	cmd.exe	90
PID 2624 wrote to memory of 4500	2624	cmd.exe	90
PID 2624 wrote to memory of 4500	2624	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa1742744668b9fe5f8301789efeba25.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:4256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  PID:4500

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ugKqvbon.txt

Filesize
1KB

MD5
c734dfa3800e0ca082f66bf7414b721d

SHA1
a457007b51f371166cfb52460f0947fb3519264d

SHA256
593a19ad779b1282f8f8867c169b0d9440a681c5df9da8272cc2c9cb56246f4e

SHA512
886eb83d4abf20bac6e3945b2149d99375a273ecf8afa01757414610617b45c09576e0dc7c4d9f5d23b57ac2b8d2c998b14c1281f2e0b2afa9d7e6db383e9a65

Download Submit
C:\Windows\lsass.exe

Filesize
21KB

MD5
aa1742744668b9fe5f8301789efeba25

SHA1
6ff23a3b6a05385781eaa7b5a2d0203203649530

SHA256
9f8b37981b6edcd0e75f5415a3c1e032c2d66fc8774520c1fabf02010f507c1a

SHA512
647566216b2c2ad154d431887ca84d2d58a0e87b02f6ea46f342486f29036dd5277e8a2b375dc3f23ffd67dee0678b7ba26ac49b9567ec00f8cacd72728ba61e

Download Submit
memory/1228-633-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-639-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-86-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-635-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-443-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-161-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-592-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-524-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-292-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-474-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-0-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1228-396-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-324-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-444-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-293-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-239-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-525-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-162-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-139-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-634-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-87-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4256-640-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4500-9-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads