487f4dd9bdbe94a9cf1a04a8fdec19f16f86864d05d06f0511544b3ff68c850c

Resubmissions

14/04/2025, 00:47

250414-a5llsswlw6 10

14/04/2025, 00:42

250414-a2qfkswk15 10

Analysis

max time kernel
64s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virusshare/3/VirusShare_3fb34964fa7b8c6bfad8d960380ff04e.doc
Size

34KB
MD5

3fb34964fa7b8c6bfad8d960380ff04e
SHA1

9a3aec40056ce74bac833989ed71dfb6c2626f4c
SHA256

26026b1b3d0cb660c6be6c536df679acca0b5562a3adbb507d001474d23f5650
SHA512

a82b522dfd7eac30292a9e9ab19ddac94563804e77a1090e5f44de7e794ef4e5ebe0e7fb36e5177479417c8176ae0475613700755ca015c7ce941a4740215faa
SSDEEP

384:bzIPMepSbSsG/CdPvunCpeJzKoSS3D6JO5LfBqtjbjk4Eohubn3ezta:nIPMecWsGKVunFFRDE6pqjhust

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x000800000002436f-544.dat	office_macro_on_action

Deletes itself 1 IoCs

pid	Process
5908	WINWORD.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0 = 44003100000000008e5a840510003300340009000400efbe8e5a72058e5a84052e000000c6420200000007000000000000000000000000000000d3f1a3003300000010000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000006e5af08c12004170704461746100400009000400efbe6e5af08c8e5a72052e00000067e101000000010000000000000000000000000000002c267b004100700070004400610074006100000016000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000006e5a4892100041646d696e003c0009000400efbe6e5af08c8e5a72052e0000005ce101000000010000000000000000000000000000009a4c9000410064006d0069006e00000014000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000006e5ad79110004c6f63616c003c0009000400efbe6e5af08c8e5a72052e0000007ae10100000001000000000000000000000000000000017b35004c006f00630061006c00000014000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\NodeSlot = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000006e5af08c1100557365727300640009000400efbe874f77488e5a72052e000000c70500000000010000000000000000003a0000000000cd12870055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000008e5a8405100054656d7000003a0009000400efbe6e5af08c8e5a86052e0000007be10100000001000000000000000000000000000000d3f1a300540065006d007000000014000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5e003100000000008e5a720510005649525553537e310000460009000400efbe8e5a72058e5a73052e000000b642020000000700000000000000000000000000000071cf07017600690072007500730073006800610072006500000018000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	WINWORD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\virusshare\3\~WRD0003.tmp\:Zone.Identifier:$DATA	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5908	WINWORD.EXE
5908	WINWORD.EXE

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE
5908	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\virusshare\3\VirusShare_3fb34964fa7b8c6bfad8d960380ff04e.doc" /o ""
1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5908

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDDAE7.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\virusshare\3\~WRD0003.tmp

Filesize
35KB

MD5
8edda72644412a4eaf20a741254382c9

SHA1
cd2b97b1cde1f9cfdf609d6f4438f1033e4e49ba

SHA256
2818c73e31b1aa2d32c82cc028e41f97ef525fecced26cf7b4db7035ccc3cc42

SHA512
d0ec24cb5999a8c0b321815b4dd8721b17843e83ed0b202ab53205e9ae8c996ae588e04c434a50dae5ab80d3a52e64a4e9636f25a526761e6654f77388ccbcfd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of ~WRL3964.asd

Filesize
95KB

MD5
56550fd19f886ad16e6236247069073e

SHA1
2748704724c3c32cbad2765bd1aed185906f4632

SHA256
1778765cce2861dfd40b308db92bb84a67227047d18388b32b11bb59e07cfd8c

SHA512
e037904d345f56006adcfb4efa26cb79b20641505d23f986bb350490fc8d272656b9761db841625ec96b4d87c6eafbadb4531b173eae27e1e42a01c595a6626e

Download Submit
memory/5908-6-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-22-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-8-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-7-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-1-0x00007FF84312D000-0x00007FF84312E000-memory.dmp

Filesize
4KB

Download
memory/5908-12-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-13-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-11-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-10-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-14-0x00007FF800CB0000-0x00007FF800CC0000-memory.dmp

Filesize
64KB

Download
memory/5908-17-0x00007FF800CB0000-0x00007FF800CC0000-memory.dmp

Filesize
64KB

Download
memory/5908-16-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-19-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-18-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-15-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-2-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-21-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-20-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-34-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-35-0x00007FF84312D000-0x00007FF84312E000-memory.dmp

Filesize
4KB

Download
memory/5908-36-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-9-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download
memory/5908-5-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-4-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-3-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-0-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-614-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-613-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-616-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-615-0x00007FF803110000-0x00007FF803120000-memory.dmp

Filesize
64KB

Download
memory/5908-617-0x00007FF843090000-0x00007FF843285000-memory.dmp

Filesize
2.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads