8041e900a75f060856d82da625ff2a6ec4151d9a55220dffa5ee0be21876bc2d

Analysis

max time kernel
207s
max time network
232s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 18:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ajccqfmlzq.exe
Size

610KB
MD5

6b517cbb0b72101e9d9796ffb1d1c27f
SHA1

48b3616738a2e2b80c41a1212c106b7172c5d6e6
SHA256

e4495c45b3359a9491837638425d56e772ad78cbd3859843b4e4f402b8b9b136
SHA512

8b6c6473e479dd239ef78bf9b48971719460320d9e5d643dac750ad8be838b611a255fa1fb74a43fddb901500f9f424b82ad259400660ff586c798d7773dc9eb
SSDEEP

12288:lnle51CQgrlV257eqhdtq6L59kCqU5NEYJuuhm2mQFGFRd4HJKYdCysCl:WVO67DhpvkCqU5NEuX8/+hHJDf3l

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 4 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	ajccqfmlzq.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	ajccqfmlzq.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded309000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	ajccqfmlzq.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0400000001000000100000002c8f9f661d1890b147269d8e86828ca90f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181181900000001000000100000000b6cd9778e41ad67fd6be0a6903710442000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	ajccqfmlzq.exe

C:\Users\Admin\AppData\Local\Temp\ajccqfmlzq.exe
"C:\Users\Admin\AppData\Local\Temp\ajccqfmlzq.exe"
1⤵
- Modifies system certificate store
PID:1420

Network

DNS

omega.turystyka.pl

ajccqfmlzq.exe

Remote address:

8.8.8.8:53

Request

omega.turystyka.pl

IN A

Response

omega.turystyka.pl

IN A

79.137.69.186
GET

https://omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: omega.turystyka.pl
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 01 Dec 2022 18:18:40 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000
Location: https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==
Content-Length: 331
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

www.omega.turystyka.pl

ajccqfmlzq.exe

Remote address:

8.8.8.8:53

Request

www.omega.turystyka.pl

IN A

Response

www.omega.turystyka.pl

IN A

79.137.69.186
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.omega.turystyka.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:18:40 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d; path=/
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:18:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:18:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:18:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:19:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:19:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:19:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:19:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:19:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:20:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:20:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

ajccqfmlzq.exe

Remote address:

79.137.69.186:443

Request

GET /telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc== HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Connection: Keep-Alive
Host: www.omega.turystyka.pl
Cookie: sid=d896a9e9d7594df6a358d6c7130cc36d

Response

HTTP/1.1 404 Not Found

Date: Thu, 01 Dec 2022 18:20:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

79.137.69.186:443

omega.turystyka.pl

ajccqfmlzq.exe

152 B
3
79.137.69.186:443

https://omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.3kB
9.3kB
11
13

HTTP Request

GET https://omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

301
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.5kB
22.2kB
15
22

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

www.omega.turystyka.pl

ajccqfmlzq.exe

152 B
3
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.2kB
13
16

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.5kB
14.2kB
14
17

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

www.omega.turystyka.pl

ajccqfmlzq.exe

152 B
3
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

www.omega.turystyka.pl

ajccqfmlzq.exe

152 B
3
79.137.69.186:443

www.omega.turystyka.pl

ajccqfmlzq.exe

152 B
3
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

tls, http

ajccqfmlzq.exe

1.4kB
14.1kB
13
15

HTTP Request

GET https://www.omega.turystyka.pl/telemetry.svc?action=GetAnalyticsOptions&cv=DQiyenw71HsXFU14cda8qxSNmM0If6GkpvmmRWJ1Kc==

HTTP Response

404
79.137.69.186:443

www.omega.turystyka.pl

tls

ajccqfmlzq.exe

343 B
309 B
3
3

8.8.8.8:53

omega.turystyka.pl

dns

ajccqfmlzq.exe

64 B
80 B
1
1

DNS Request

omega.turystyka.pl

DNS Response

79.137.69.186
8.8.8.8:53

www.omega.turystyka.pl

dns

ajccqfmlzq.exe

68 B
84 B
1
1

DNS Request

www.omega.turystyka.pl

DNS Response

79.137.69.186

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-54-0x0000000140000000-0x00000001400DA000-memory.dmp

Filesize
872KB

Download
memory/1420-55-0x000007FEFBA41000-0x000007FEFBA43000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.