sality | 387ea5cba0304ea7cface2ecd2439ce3fea5eb15672d2367c7ca52f3e72da3c8

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

387ea5cba0304ea7cface2ecd2439ce3fea5eb15672d2367c7ca52f3e72da3c8_NeikiAnalytics.dll
Size

120KB
MD5

8be17b47ed444d820c8646e85b4f3b20
SHA1

f28fa390ed85b675ce9747212b2bbef90aa35dbc
SHA256

387ea5cba0304ea7cface2ecd2439ce3fea5eb15672d2367c7ca52f3e72da3c8
SHA512

52d4a099dd3109142f59cf0ce8e8de0127cdd4f6477f03c1a804182f2ffe4ae4ba30ab86241e44e966c90715d22529f2c168ba2d5531e26362320f238d0cd1c0
SSDEEP

3072:e5stVdchoisZ2/GCg9aMVb7vy5g5tdYooK:DtVKSbEG/aMtymZro

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

Modifies firewall policy service 3 TTPs 3 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1"	f7677bf.exe

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

f7677bf.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f7677bf.exe

Windows security bypass 2 TTPs 6 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	f7677bf.exe

Executes dropped EXE 3 IoCs

Processes:

f7677bf.exef767a10.exef769109.exe

pid process

3036 f7677bf.exe
2600 f767a10.exe
668 f769109.exe
Loads dropped DLL 6 IoCs

Processes:

rundll32.exe

pid process

2236 rundll32.exe
2236 rundll32.exe
2236 rundll32.exe
2236 rundll32.exe
2236 rundll32.exe
2236 rundll32.exe

pid	process
3036	f7677bf.exe
2600	f767a10.exe
668	f769109.exe

pid	process
2236	rundll32.exe
2236	rundll32.exe
2236	rundll32.exe
2236	rundll32.exe
2236	rundll32.exe
2236	rundll32.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3036-19-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-21-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-45-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-15-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-20-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-18-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-44-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-42-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-22-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-43-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-66-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-67-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-68-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-69-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-70-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-72-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-86-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-87-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-89-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-106-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-111-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx
behavioral1/memory/3036-153-0x0000000000980000-0x0000000001A3A000-memory.dmp	upx

Windows security modification 2 TTPs 7 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	f7677bf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	f7677bf.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	f7677bf.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

f7677bf.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f7677bf.exe

Enumerates connected drives 3 TTPs 13 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

f7677bf.exe

description	ioc	process
File opened (read-only)	\??\L:	f7677bf.exe
File opened (read-only)	\??\M:	f7677bf.exe
File opened (read-only)	\??\E:	f7677bf.exe
File opened (read-only)	\??\Q:	f7677bf.exe
File opened (read-only)	\??\G:	f7677bf.exe
File opened (read-only)	\??\J:	f7677bf.exe
File opened (read-only)	\??\N:	f7677bf.exe
File opened (read-only)	\??\O:	f7677bf.exe
File opened (read-only)	\??\R:	f7677bf.exe
File opened (read-only)	\??\H:	f7677bf.exe
File opened (read-only)	\??\I:	f7677bf.exe
File opened (read-only)	\??\K:	f7677bf.exe
File opened (read-only)	\??\P:	f7677bf.exe

Drops file in Windows directory 2 IoCs

Processes:

f7677bf.exe

description ioc process

File created C:\Windows\f767899 f7677bf.exe
File opened for modification C:\Windows\SYSTEM.INI f7677bf.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

f7677bf.exe

pid process

3036 f7677bf.exe
3036 f7677bf.exe

description	ioc	process
File created	C:\Windows\f767899	f7677bf.exe
File opened for modification	C:\Windows\SYSTEM.INI	f7677bf.exe

pid	process
3036	f7677bf.exe
3036	f7677bf.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

f7677bf.exe

description	pid	process
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe
Token: SeDebugPrivilege	3036	f7677bf.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

rundll32.exerundll32.exef7677bf.exe

description	pid	process	target process
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2236	2180	rundll32.exe	rundll32.exe
PID 2236 wrote to memory of 3036	2236	rundll32.exe	f7677bf.exe
PID 2236 wrote to memory of 3036	2236	rundll32.exe	f7677bf.exe
PID 2236 wrote to memory of 3036	2236	rundll32.exe	f7677bf.exe
PID 2236 wrote to memory of 3036	2236	rundll32.exe	f7677bf.exe
PID 3036 wrote to memory of 1104	3036	f7677bf.exe	taskhost.exe
PID 3036 wrote to memory of 1172	3036	f7677bf.exe	Dwm.exe
PID 3036 wrote to memory of 1204	3036	f7677bf.exe	Explorer.EXE
PID 3036 wrote to memory of 1956	3036	f7677bf.exe	DllHost.exe
PID 3036 wrote to memory of 2180	3036	f7677bf.exe	rundll32.exe
PID 3036 wrote to memory of 2236	3036	f7677bf.exe	rundll32.exe
PID 3036 wrote to memory of 2236	3036	f7677bf.exe	rundll32.exe
PID 2236 wrote to memory of 2600	2236	rundll32.exe	f767a10.exe
PID 2236 wrote to memory of 2600	2236	rundll32.exe	f767a10.exe
PID 2236 wrote to memory of 2600	2236	rundll32.exe	f767a10.exe
PID 2236 wrote to memory of 2600	2236	rundll32.exe	f767a10.exe
PID 2236 wrote to memory of 668	2236	rundll32.exe	f769109.exe
PID 2236 wrote to memory of 668	2236	rundll32.exe	f769109.exe
PID 2236 wrote to memory of 668	2236	rundll32.exe	f769109.exe
PID 2236 wrote to memory of 668	2236	rundll32.exe	f769109.exe
PID 3036 wrote to memory of 1104	3036	f7677bf.exe	taskhost.exe
PID 3036 wrote to memory of 1172	3036	f7677bf.exe	Dwm.exe
PID 3036 wrote to memory of 1204	3036	f7677bf.exe	Explorer.EXE
PID 3036 wrote to memory of 2600	3036	f7677bf.exe	f767a10.exe
PID 3036 wrote to memory of 2600	3036	f7677bf.exe	f767a10.exe
PID 3036 wrote to memory of 668	3036	f7677bf.exe	f769109.exe
PID 3036 wrote to memory of 668	3036	f7677bf.exe	f769109.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

f7677bf.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f7677bf.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f7677bf.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1104

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1172

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387ea5cba0304ea7cface2ecd2439ce3fea5eb15672d2367c7ca52f3e72da3c8_NeikiAnalytics.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387ea5cba0304ea7cface2ecd2439ce3fea5eb15672d2367c7ca52f3e72da3c8_NeikiAnalytics.dll,#1
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\AppData\Local\Temp\f7677bf.exe
C:\Users\Admin\AppData\Local\Temp\f7677bf.exe
4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:3036

C:\Users\Admin\AppData\Local\Temp\f767a10.exe
C:\Users\Admin\AppData\Local\Temp\f767a10.exe
4⤵
- Executes dropped EXE
PID:2600

C:\Users\Admin\AppData\Local\Temp\f769109.exe
C:\Users\Admin\AppData\Local\Temp\f769109.exe
4⤵
- Executes dropped EXE
PID:668

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1956

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f7677bf.exe
Filesize
97KB

MD5
8ea5d9ab70530e547f78287174c9bc94

SHA1
7498ee410f5f14546ac18a86ed7e051e7dc6614e

SHA256
72669fac8baeb340e4d02037cb3657b5b04dad1c8df24de3db3b91097e8e6563

SHA512
d5e7631f951375c29de70727c95a0d0b08d524f1faf3ed548c9cb61127165711ba8fbd0c8156ae11d3b840b6d51207e16b0da217bc06f5119705cbefbc98cc0d

Download Submit
memory/668-158-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/668-85-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/668-105-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/668-108-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/668-103-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1104-23-0x00000000001E0000-0x00000000001E2000-memory.dmp

Filesize
8KB

Download
memory/2236-12-0x0000000000100000-0x0000000000112000-memory.dmp

Filesize
72KB

Download
memory/2236-13-0x0000000000100000-0x0000000000112000-memory.dmp

Filesize
72KB

Download
memory/2236-60-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2236-33-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2236-83-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download
memory/2236-63-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2236-80-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2236-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2236-32-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2236-62-0x0000000000220000-0x0000000000232000-memory.dmp

Filesize
72KB

Download
memory/2236-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2236-46-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2236-1-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2236-4-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2600-104-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/2600-107-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/2600-99-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2600-154-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-65-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3036-42-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-87-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-43-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-66-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-67-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-68-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-69-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-70-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-72-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-44-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-18-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-20-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-86-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-22-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-89-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-47-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/3036-15-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-45-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-21-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-41-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/3036-19-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-106-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-111-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-128-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/3036-149-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3036-61-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/3036-153-0x0000000000980000-0x0000000001A3A000-memory.dmp

Filesize
16.7MB

Download
memory/3036-14-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads