redline | 252cba620b83622b2028ef371a6daf54f0c9f7ef8bbe09d9926ac1c563d0be4b

Analysis

max time kernel
101s
max time network
105s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2023, 17:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Realistic_CNI_Generator.html
Size

435B
MD5

71cce75cd323b443cbd10ca3143f47e8
SHA1

32f1f1ceafeb2eb053c42d2a8bb2e469f8da1743
SHA256

252cba620b83622b2028ef371a6daf54f0c9f7ef8bbe09d9926ac1c563d0be4b
SHA512

93c89a6e0a6ad1db873389503a065ef70c89a527ca22ef71616fc1fc34a30ae00594b3066845f9d359ff007c107175a12e693e55311ffc275c28c39a665b67cc

Score

10^/10

redline blank infostealer

Malware Config

Extracted

Family

redline

Botnet

BLANK

192.95.57.121:46515

Attributes

auth_value
aa29c5cd9d54830fad01184cfb64bc07

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4008-159-0x0000000000C40000-0x0000000000C78000-memory.dmp	family_redline

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 8a04badea7aed801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "13"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a861ffb026d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000064d47269d1b6e14e956d7bdcc86fbb4d000000000200000000001066000000010000200000006599fda35a91ff3dbbf1a673b0c3aa3bc7f086190dbc9e63794f2028f8e3ace3000000000e800000000200002000000077957d3b51ea71bf5924147a7466716bc6ec5b26e9c0648653d7422baf23c70e200000004c9e9901199ffc4f85b8362ae4dc410c1f10c26c08a334b1341e3b18cf7b5f514000000024baa3788b0d19a6ecf957905d1d064b0825f212a9f7e9c0103aa335da9f7788b65ce11ae58a06359de64ad76ddb066c05de0cdac90280b3337e4a2716648753	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4250059748"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000064d47269d1b6e14e956d7bdcc86fbb4d00000000020000000000106600000001000020000000b8f9a2d4e5dcc4f89b49650df3d39f1f013d800385edd68f98ae5a263806e4ec000000000e800000000200002000000056519bfecc487b6f7f91638ef33d283ff4ac68443e77d7ffdc2b200e7f30249b20000000c040062624fcc3b8fe770e1f8092da3559e0e43075567227347ff598217edab540000000f7d7d87a879969b74ad693e2f6d75520b829437b951cb4ec9d5d79f5f7e5432f005a26d39470b3d3a70bf1c101c8ed153ee0a5d4b7083040ce3415a1ca1a9a84	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "150"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "150"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03e8affb026d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28C3ACAE-92A4-11ED-A7A3-DA51CA8B26EF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\Total = "333"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\Total = "79"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\Total = "105"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "380360488"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "380328496"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "79"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\Total = "137"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "79"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "137"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31008432"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.upload.ee\ = "105"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{B2E2F748-8513-4189-8EAC-E5A816FD8EA6}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4250059748"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\upload.ee\Total = "150"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "333"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4257558464"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	iexplore.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2848	NOTEPAD.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3512	iexplore.exe
3512	iexplore.exe
5036	IEXPLORE.EXE
5036	IEXPLORE.EXE

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
5036	IEXPLORE.EXE
5036	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3512	iexplore.exe
3512	iexplore.exe
5036	IEXPLORE.EXE
5036	IEXPLORE.EXE
5036	IEXPLORE.EXE
5036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 5036	3512	iexplore.exe	66
PID 3512 wrote to memory of 5036	3512	iexplore.exe	66
PID 3512 wrote to memory of 5036	3512	iexplore.exe	66

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Realistic_CNI_Generator.html
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3512 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4224

C:\Users\Admin\Desktop\Realistic CNI Generator.exe
"C:\Users\Admin\Desktop\Realistic CNI Generator.exe"
1⤵
PID:4008

C:\Users\Admin\Desktop\Realistic CNI Generator.exe
"C:\Users\Admin\Desktop\Realistic CNI Generator.exe"
1⤵
PID:1920

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Numbers.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2848

C:\Users\Admin\Desktop\Realistic CNI Generator.exe
"C:\Users\Admin\Desktop\Realistic CNI Generator.exe"
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\709A8EC0F6D3194AD001E9041914421F_EF185B36BF409E157C6594875900B4A1

Filesize
471B

MD5
fa32f83b5795e6597e50f91496db3c5a

SHA1
5a6ad22f0f170026ea02cf93debbe3adfc1676d6

SHA256
87d61ff370b5ef4530122f342f265837a672b4512503a74c77b6c0565c902388

SHA512
084706438269a565d7d58588fc7614d6bb6fe8b03eb66b368d6726bcd8b767c4a0d0e1cafa62beb8f91f8c3a07e263263ef12c4a3908c68b014c56ee530e4c34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BB

Filesize
471B

MD5
66b8dc4d7dd42ca67d43d20ba74d7d8c

SHA1
13bd4e4d6fe08ad2fd9abef212bdb003f71c2ea6

SHA256
ed0f414e74bd7cb889d0a3fa8c3ff06a7717c3669e2691badb02a65768d3fbd5

SHA512
708ad9b3fe8bba7dfa6ee47c630ff213e5ee41615dc85e63bbb9cb95f57d60ba50dcc4e2c5468cc65911be5bbee232c8a6b21ebcb070d554849a2d7199be5c0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c095652a90450f6e9ed5dbdcb1f7e807

SHA1
e751b539a52150785c0740d444aa759331b985aa

SHA256
7dc466e98f2432c283d67159d100a79c1440e6fd132a9b8aa493cc26f8ff1181

SHA512
aa00b805ac890c08dc5eb6cd2cd78385e1b0f4228f1ec1466bf6c203ba3359710539f78a11bca7421e55ad55e6eedafbcefbaecfe7345b56b4beffe6ff57875a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\709A8EC0F6D3194AD001E9041914421F_EF185B36BF409E157C6594875900B4A1

Filesize
396B

MD5
f35195d0f7ab3fd79cf0a07813683fe1

SHA1
39db27ae981f89880c438aefa49bfa5a5a06764b

SHA256
268c73ba3c0ac113925fecf798246cbc7636a8c3615657d62c96db0038367157

SHA512
ed2b22fb64663c58a8d19cc7b0fb7dba1e9331e0a4034cdb961493d10810e3fc4664036164cde196a9c4ea547da14e15f1199d0690f70714ea06d6c73ae74578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BB

Filesize
400B

MD5
3d828ff614c45741b42d86267f38b8de

SHA1
d372dd5e92a733ff4d19ca73fbd923cb8e38abee

SHA256
12ffde1d7b7bc8f31d7502dca1bdf7d968da61265c276ef2d718845da5776465

SHA512
bc8688e495ceb214dbcc0cd6fe125e18b0b295ff8d660e523e422e7878e48b4c8d117db334f648db0c2204a33eab7d41221ee075865ac4a30423249139ec71ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
8dfb1129d66645dcb789afaa5f3acd70

SHA1
e694b74e8917f11d954164b641cb713b0930c416

SHA256
c0d0884446008703c0aaca9f71345796142240724c27f10d6a954d74ccf5a0c3

SHA512
b0f155cd0f8a550d3c362921f1f1739795262075586e8cd7e1f6803f6e1d7aeb358147503d9c2c20cfc386210b50c3383a64b831f1ff88f040aa4655387066bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X4NN93UB\Realistic_CNI_Generator.zip.j9880wr.partial

Filesize
3.5MB

MD5
dae741bec3e9a9e2ff43f1f3dc1b10cb

SHA1
ced2d6d129f83dd6a4d5909744b342f989554ca3

SHA256
94404ed925a837ff88651ea9dd83c8c87b1c738b1f6705471cb625d42833b96a

SHA512
1676ad8ecbf79e79f5ed64d2a81c7b46c2bfed292ea2490eef3576a0468918bfce3af75fa804a302d58d508c37ed2aa0f3318759ed2dca2e12183517bb34ba17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\C3EU8JA2.cookie

Filesize
690B

MD5
180dfdd7dbff1e607389bfcad5af7180

SHA1
a40f94c5af225f65dfb694686b372943dce2fcde

SHA256
4a8d7d1cda46c7bb1f6e070e84b730a69cf7864bde0a510c625453056c91b56e

SHA512
115d9d463a67cd6c95dcbc0c6f6222a18a61b9fc671475adb04820a8bea71c31b106171c75dec6407d58d3cd2d1b5e4a7d2f8c7c87b583073b6bdf46689c1a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\EEFBDQY2.cookie

Filesize
237B

MD5
7c7fad8c9243d0865100a0bc054eba18

SHA1
0e9e8fea90aab5af326685c4b29b6a17aff05d88

SHA256
26250cbec852853283cb6cf9f36b4e36f06497ecdaa5562554b3975f6a53e26f

SHA512
76427ff70041d558d226eba5936109ac3ac640b8dd7dc5d93ad1621125b2e34153144599927ee87ef1058608ee1b2342b568f8194bdd6c77447bec5a46c95c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HO8N38YH.cookie

Filesize
610B

MD5
5d34bda4ba8858e58a6d3a24307901fd

SHA1
72f48a3b2767222b6ad971cf655b3b90376693f6

SHA256
94f8607dcd030bdd453fed43fb64bee4aebf5bb3cc374d3eeabb1ac54944078a

SHA512
106af4716a7645f324625b237036c3cd9f17b313967d4a0443afb719a55487bb9c306d9d0cd03ff178ab579b6272dd233d631f85b96b4f02b1aa2751eebf8fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YUQY9964.cookie

Filesize
610B

MD5
34fba753f251dbf7f654dd11a660c96d

SHA1
b970a187b5a64dd15ed8b038ffd763203d04c7d7

SHA256
bac596bdc7fa103684db2f0eb3584b5e0a142c36dc4027dba463097749ded07c

SHA512
a5f2d8cdaa1917917b6275c4ae9017ac104e88a9ea5ff0659cd10bba1ecd98710dea182d72f1447946298141454104c34a1c53e0fdb4d20928f487fc30b9f803

Download Submit
memory/4008-155-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-161-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-128-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-129-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-130-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-131-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-132-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-133-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-134-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-135-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-137-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-138-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-136-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-139-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-140-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-141-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-142-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-143-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-144-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-145-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-146-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-147-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-148-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-149-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-150-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-151-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-152-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-153-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-154-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-126-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-156-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-157-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-158-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-159-0x0000000000C40000-0x0000000000C78000-memory.dmp

Filesize
224KB

Download
memory/4008-160-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-127-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-162-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-163-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-164-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-165-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-166-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-167-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-168-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-169-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-170-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-171-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-172-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-173-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-174-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-175-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-176-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-177-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-178-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-179-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-180-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-181-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-183-0x0000000006160000-0x0000000006766000-memory.dmp

Filesize
6.0MB

Download
memory/4008-182-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-184-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-185-0x00000000078B0000-0x00000000079BA000-memory.dmp

Filesize
1.0MB

Download
memory/4008-186-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-187-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-188-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-190-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-189-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-193-0x00000000059C0000-0x00000000059D2000-memory.dmp

Filesize
72KB

Download
memory/4008-195-0x0000000007B00000-0x0000000007B3E000-memory.dmp

Filesize
248KB

Download
memory/4008-197-0x0000000007B40000-0x0000000007B8B000-memory.dmp

Filesize
300KB

Download
memory/4008-125-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download
memory/4008-124-0x0000000077BE0000-0x0000000077D6E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads