mydoom | 525201fab00b205c8eb49ee1f814805f797c9c9bbc71f1978454dcfc9d3bd498

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
Size

58KB
MD5

b1d2b77aeaa2cd9df48f1ea3a272c124
SHA1

3f57281db53ca952883250aa53a817ea84f4c172
SHA256

525201fab00b205c8eb49ee1f814805f797c9c9bbc71f1978454dcfc9d3bd498
SHA512

af59fd389e3285925c361ce8f012e5dd9023a96df97844ec669a758d513a6b3e5f3413f7ec630fd34ad1a655927e0bb67a0383a356cb568dd40d0f15bc6b38f1
SSDEEP

768:SCIqdH/k1ZVcT194jp4z8uSl/yjB7mre6O3BdaJeaRVYGt5mzG3qYwfCmh3LUC6h:SNqaLV8a6z8u+MBhL3uJ9Z5SEmh3Ylh

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 20 IoCs

resource	yara_rule
behavioral1/memory/3248-10-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-87-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-88-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-140-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-165-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-166-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-245-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-296-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-297-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-299-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-300-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-305-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-306-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-357-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-430-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-440-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-441-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-488-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/5452-577-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom
behavioral1/memory/4128-578-0x0000000000800000-0x000000000080D000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 2 IoCs

pid	Process
4128	lsass.exe
3248	lsass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	lsass.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5452-0-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/files/0x00050000000229c8-4.dat	upx
behavioral1/memory/3248-10-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-87-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-88-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-140-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-165-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-166-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-245-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-296-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-297-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-299-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-300-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-305-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-306-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-357-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-430-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-440-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-441-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-488-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/5452-577-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/4128-578-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\ICQ 4 Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\WinRAR.v.3.2.and.key.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ICQ 4 Lite.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\WinRAR.v.3.2.and.key.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Kazaa Lite.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\Winamp 5.0 (en) Crack.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\index.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\D9DD1C02-B701-4BF3-9F81-58F1DD4DE0B5\root\WinRAR.v.3.2.and.key.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\ICQ 4 Lite.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\index.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\index.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\index.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\index.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\Harry Potter.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\D9DD1C02-B701-4BF3-9F81-58F1DD4DE0B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\ICQ 4 Lite.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Winamp 5.0 (en).com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\Kazaa Lite.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Winamp 5.0 (en) Crack.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\Winamp 5.0 (en).exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\Winamp 5.0 (en) Crack.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\index.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Harry Potter.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\WinRAR.v.3.2.and.key.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\Harry Potter.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\WinRAR.v.3.2.and.key.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\Kazaa Lite.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\ICQ 4 Lite.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\Winamp 5.0 (en) Crack.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\D9DD1C02-B701-4BF3-9F81-58F1DD4DE0B5\root\vfs\Windows\assembly\Kazaa Lite.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\Kazaa Lite.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Winamp 5.0 (en).exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Winamp 5.0 (en).com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\Harry Potter.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\Winamp 5.0 (en) Crack.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\index.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WinRAR.v.3.2.and.key.ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\WinRAR.v.3.2.and.key.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Harry Potter.ShareReactor.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Winamp 5.0 (en) Crack.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\Winamp 5.0 (en).com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\ICQ 4 Lite.exe	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\index.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\Winamp 5.0 (en).ShareReactor.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\Winamp 5.0 (en).com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\Kazaa Lite.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\index.ShareReactor.com	lsass.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\index.com	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\Kazaa Lite.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Program Files\Common Files\microsoft shared\ICQ 4 Lite.com	lsass.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\WinRAR.v.3.2.and.key.exe	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\Winamp 5.0 (en) Crack.ShareReactor.com	lsass.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\Kazaa Lite.exe	lsass.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File created	C:\Windows\lsass.exe	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
File opened for modification	C:\Windows\lsass.exe	lsass.exe
File created	C:\Windows\lsass.exe	lsass.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 4128	2428	cmd.exe	88
PID 2428 wrote to memory of 4128	2428	cmd.exe	88
PID 2428 wrote to memory of 4128	2428	cmd.exe	88
PID 5252 wrote to memory of 3248	5252	cmd.exe	91
PID 5252 wrote to memory of 3248	5252	cmd.exe	91
PID 5252 wrote to memory of 3248	5252	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1d2b77aeaa2cd9df48f1ea3a272c124.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:4128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:5252
- C:\Windows\lsass.exe
  C:\Windows\lsass.exe
  2⤵
  - Executes dropped EXE
  PID:3248

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tjqs4s.txt

Filesize
37KB

MD5
3d54c522b34741745875fb1e9c942b24

SHA1
3b338454ce353b1a256e3ad719315391125e76a9

SHA256
f0b5a2fe856af8a9d1d6846485ffe708ec8c6fe0e3cb8094dd9f3a76ba4d9e3e

SHA512
70a1ce8c3f10a4957eb26a926fe5d207bf7fcfa7774087cf7a0161cccbd77c954edefc65b76dba63e787d993d05c80235d3ec9d69d87a7489b54bae4830056b1

Download Submit
C:\Windows\lsass.exe

Filesize
58KB

MD5
b1d2b77aeaa2cd9df48f1ea3a272c124

SHA1
3f57281db53ca952883250aa53a817ea84f4c172

SHA256
525201fab00b205c8eb49ee1f814805f797c9c9bbc71f1978454dcfc9d3bd498

SHA512
af59fd389e3285925c361ce8f012e5dd9023a96df97844ec669a758d513a6b3e5f3413f7ec630fd34ad1a655927e0bb67a0383a356cb568dd40d0f15bc6b38f1

Download Submit
memory/3248-10-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-299-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-578-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-88-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-140-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-441-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-166-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-245-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-305-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/4128-297-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-296-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-300-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-0-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-306-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-357-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-430-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-440-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-165-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-488-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-577-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/5452-87-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads