Dumpulator VEH
Tags
attack-pattern: | Data Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 0f053573-1499-46ab-b645-95a1ec6eae24 |
Fingerprint | 772ed51428f0b2d2 |
Analysis status | DONE |
Considered CTI value | 1 |
Text language | |
Published | Jan. 15, 2023, midnight |
Added to db | Jan. 16, 2023, 7:44 a.m. |
Last updated | Nov. 18, 2024, 1:38 a.m. |
Headline | Dumpulator VEH |
Title | Dumpulator VEH |
Detected Hints/Tags/Attributes | 21/1/27 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 207 | ✔ | OALABS Research | https://research.openanalysis.net/feed.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 6 | dp.call |
|
Details | Domain | 2 | dp.read |
|
Details | Domain | 1 | dumpulator.py |
|
Details | Domain | 2 | ntsyscalls.py |
|
Details | File | 1 | gudump.dmp |
|
Details | File | 5 | blobrunner.exe |
|
Details | File | 22 | apphelp.dll |
|
Details | File | 16 | sechost.dll |
|
Details | File | 748 | kernel32.dll |
|
Details | File | 41 | rpcrt4.dll |
|
Details | File | 82 | kernelbase.dll |
|
Details | File | 533 | ntdll.dll |
|
Details | File | 3 | 'iertutil.dll |
|
Details | File | 1 | dumpulator.py |
|
Details | File | 2 | ntsyscalls.py |
|
Details | File | 2 | 'psapi.dll |
|
Details | File | 1 | 'msi.dll |
|
Details | File | 1209 | powershell.exe |
|
Details | File | 16 | ieinstal.exe |
|
Details | File | 7 | ielowutil.exe |
|
Details | File | 13 | extexport.exe |
|
Details | File | 3 | 'wininet.dll |
|
Details | File | 3 | 'kernelbase.dll |
|
Details | File | 1 | c:\\program files\\qemu-ga\\qemu-ga.exe |
|
Details | File | 1 | c:\\program files\\qga\\qga.exe |
|
Details | sha256 | 1 | e3a8356689b97653261ea6b75ca911bc65f523025f15649e87b1aef0071ae107 |
|
Details | IPv4 | 1 | 146.70.147.12 |