mydoom | 3b4d16946b7a42be7fe017253fa93339dcdef2c31e384eeda6c3e15ef1136e23

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
Size

21KB
MD5

ae2b37621959e8a2c27ad41bcbaaacb0
SHA1

839c22285b8df5407e885785d9237819c6e31dbd
SHA256

3b4d16946b7a42be7fe017253fa93339dcdef2c31e384eeda6c3e15ef1136e23
SHA512

68def112faf6538d50a0aefb77d891005b35e468890f8d599d071d6911fd9e7cd3ec13829513f23a10547fe819b20ab0f4156cf03e6a786b2c8b10011dc24a6f
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUd6:SCIqdH/k1ZVcT194jp4d6

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 22 IoCs

resource	yara_rule
behavioral1/memory/216-9-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-86-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-87-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-139-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-153-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-154-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-243-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-313-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-314-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-316-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-338-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-352-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-427-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-439-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-440-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-479-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-480-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-572-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-631-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4796-632-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-633-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5960-635-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 2 IoCs

pid	Process
4796	lsass.exe
216	lsass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	lsass.exe

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5960-0-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/files/0x0008000000023306-4.dat	upx
behavioral1/memory/216-9-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-86-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-87-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-139-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-153-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-154-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-243-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-313-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-314-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-316-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-338-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-352-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-427-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-439-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-440-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-479-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-480-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-572-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-631-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4796-632-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-633-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5960-635-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Kazaa Lite.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\ICQ 4 Lite.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\index.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\Winamp 5.0 (en) Crack.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\Winamp 5.0 (en) Crack.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Harry Potter.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Kazaa Lite.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\Harry Potter.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\index.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Harry Potter.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\WinRAR.v.3.2.and.key.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\index.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\BCB472F2-7DCA-49EC-9FFA-869385F8E94F\root\vfs\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\BCB472F2-7DCA-49EC-9FFA-869385F8E94F\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\index.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Winamp 5.0 (en).exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\index.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\Harry Potter.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\Kazaa Lite.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\Harry Potter.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\Winamp 5.0 (en).exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\index.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\index.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Winamp 5.0 (en).exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\Winamp 5.0 (en) Crack.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\Kazaa Lite.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\Winamp 5.0 (en).com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\WinRAR.v.3.2.and.key.com	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\Winamp 5.0 (en).ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\WinRAR.v.3.2.and.key.exe	lsass.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\lsass.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
File opened for modification	C:\Windows\lsass.exe	lsass.exe
File created	C:\Windows\lsass.exe	lsass.exe
File opened for modification	C:\Windows\lsass.exe	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 4796	2012	cmd.exe	86
PID 2012 wrote to memory of 4796	2012	cmd.exe	86
PID 2012 wrote to memory of 4796	2012	cmd.exe	86
PID 5484 wrote to memory of 216	5484	cmd.exe	89
PID 5484 wrote to memory of 216	5484	cmd.exe	89
PID 5484 wrote to memory of 216	5484	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ae2b37621959e8a2c27ad41bcbaaacb0.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:5484
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  PID:216

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aqwswftk41y.txt

Filesize
1KB

MD5
d5646ccb885d92bb140bebb58e177e59

SHA1
c1b74ac1d10816c223d05ced7eb10aac19831a87

SHA256
4e2645e2f1367894b9dc8b44d07226c321d32ad17e36db5632912668b7215668

SHA512
019bc74c5fd376a3936a4e0077aeff7894ee0e3b24cedcda6e8732ff73b62c2cc59cb82f478304443c9c2c0d2ba4922d4c843a99f8d932cefbf160025e36ce4a

Download Submit
C:\Windows\lsass.exe

Filesize
21KB

MD5
ae2b37621959e8a2c27ad41bcbaaacb0

SHA1
839c22285b8df5407e885785d9237819c6e31dbd

SHA256
3b4d16946b7a42be7fe017253fa93339dcdef2c31e384eeda6c3e15ef1136e23

SHA512
68def112faf6538d50a0aefb77d891005b35e468890f8d599d071d6911fd9e7cd3ec13829513f23a10547fe819b20ab0f4156cf03e6a786b2c8b10011dc24a6f

Download Submit
memory/216-9-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-316-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-352-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-87-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-139-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-632-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-154-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-243-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-480-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-314-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4796-439-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-338-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-86-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-427-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-0-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-440-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-479-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-313-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-572-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-631-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-153-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-633-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5960-635-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads