mydoom | b4a62fd2f5774a517dc26728a127c5f39047e446875479318144f39565e97bbb

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
Size

20KB
MD5

aa7f93ca0367b07b3bdccfd36397c9c9
SHA1

a91429cf218c319b20762632834135a8a5399421
SHA256

b4a62fd2f5774a517dc26728a127c5f39047e446875479318144f39565e97bbb
SHA512

cb8ac8c6271baed5f7fc15be4a92095904ce7fce3311525a63ee1f5c20f1508941c6f97c73628f45421253e19cf9ee9492f66cf388e01c175071fe2c09fc7845
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUd:SCIqdH/k1ZVcT194jp4d

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 23 IoCs

resource	yara_rule
behavioral1/memory/5960-9-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-86-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-87-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-139-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-158-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-159-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-237-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-289-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-290-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-321-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-322-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-323-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-334-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-346-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-423-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-450-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-451-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-486-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-580-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-581-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-605-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5380-607-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/2528-608-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 2 IoCs

pid	Process
2528	lsass.exe
5960	lsass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	lsass.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5380-0-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/files/0x000a0000000227af-4.dat	upx
behavioral1/memory/5960-9-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-86-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-87-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-139-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-158-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-159-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-237-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-289-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-290-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-321-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-322-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-323-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-334-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-346-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-423-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-450-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-451-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-486-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-580-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-581-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-605-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5380-607-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/2528-608-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\D9DD1C02-B701-4BF3-9F81-58F1DD4DE0B5\root\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\D9DD1C02-B701-4BF3-9F81-58F1DD4DE0B5\root\vfs\Windows\assembly\GAC_MSIL\WinRAR.v.3.2.and.key.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Winamp 5.0 (en) Crack.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\index.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\Harry Potter.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\WinRAR.v.3.2.and.key.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\index.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\en-US\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\index.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\index.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\Winamp 5.0 (en) Crack.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WinRAR.v.3.2.and.key.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\index.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\Kazaa Lite.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\index.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\index.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\ICQ 4 Lite.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\Winamp 5.0 (en).com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ICQ 4 Lite.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\WinRAR.v.3.2.and.key.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\index.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\ICQ 4 Lite.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\Harry Potter.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\Winamp 5.0 (en).exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Harry Potter.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\Harry Potter.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\en-US\index.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\index.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\en-US\Kazaa Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\Winamp 5.0 (en).exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Harry Potter.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File created	C:\Windows\lsass.exe	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
File opened for modification	C:\Windows\lsass.exe	lsass.exe
File created	C:\Windows\lsass.exe	lsass.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 2528	1408	cmd.exe	87
PID 1408 wrote to memory of 2528	1408	cmd.exe	87
PID 1408 wrote to memory of 2528	1408	cmd.exe	87
PID 6000 wrote to memory of 5960	6000	cmd.exe	90
PID 6000 wrote to memory of 5960	6000	cmd.exe	90
PID 6000 wrote to memory of 5960	6000	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa7f93ca0367b07b3bdccfd36397c9c9.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:2528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:6000
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  PID:5960

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tjqs4s.txt

Filesize
36B

MD5
337bb2d42bea8f0fd2a82959a546ddc4

SHA1
38d26cfa80505b3143ce5c525b69c3efb8a50638

SHA256
1ef0ecc4db69b92ef54b00f4b534a07372f0149fd5df5b011eaaa2d1c01227ae

SHA512
def8d4b15e3990b5d2e8c8866bb8dba7ec2564252ebf3e389fff631e40fd47c636911370c976fab161d2a41c8aff615df581fbce7c3b02c69059fdb024007797

Download Submit
C:\Windows\lsass.exe

Filesize
20KB

MD5
aa7f93ca0367b07b3bdccfd36397c9c9

SHA1
a91429cf218c319b20762632834135a8a5399421

SHA256
b4a62fd2f5774a517dc26728a127c5f39047e446875479318144f39565e97bbb

SHA512
cb8ac8c6271baed5f7fc15be4a92095904ce7fce3311525a63ee1f5c20f1508941c6f97c73628f45421253e19cf9ee9492f66cf388e01c175071fe2c09fc7845

Download Submit
memory/2528-321-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-323-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-608-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-87-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-139-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-581-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-451-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-237-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-346-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-290-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/2528-159-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-607-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-450-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-334-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-289-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-423-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-486-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-0-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-580-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-158-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-605-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-322-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5380-86-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-9-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads