hxxps://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4[.]ipfs[.]cf-ipfs[.]com/space[.]html&client=webapp#ben@dover[.]com

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02/07/2023, 16:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/space.html&client=webapp#ben@dover.com

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1336	2492	WerFault.exe	13

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133327901951141924"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
884	chrome.exe
884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2700	884	chrome.exe	86
PID 884 wrote to memory of 2700	884	chrome.exe	86
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 4700	884	chrome.exe	87
PID 884 wrote to memory of 3680	884	chrome.exe	88
PID 884 wrote to memory of 3680	884	chrome.exe	88
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89
PID 884 wrote to memory of 4956	884	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/space.html&client=webapp#ben@dover.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fff536d9758,0x7fff536d9768,0x7fff536d9778
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1812,i,9908492006176926435,9509108139375241644,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:392

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 2492 -ip 2492
1⤵
PID:4016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2492 -s 1796
1⤵
- Program crash
PID:1336

Network

DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

IN A

Response

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

IN CNAME

cloudflare-ipfs.com

cloudflare-ipfs.com

IN A

104.17.64.14

cloudflare-ipfs.com

IN A

104.17.96.13
GET

https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/space.html&client=webapp

chrome.exe

Remote address:

104.17.64.14:443

Request

GET /space.html&client=webapp HTTP/2.0
host: bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Sun, 02 Jul 2023 16:49:54 GMT
content-type: text/plain; charset=utf-8
cf-ray: 7e086274890e0a70-AMS
cf-cache-status: EXPIRED
cache-control: no-store
vary: Accept-Encoding
x-cf-ipfs-cache-status: miss
x-content-type-options: nosniff
set-cookie: __cf_bm=0CjGwSWiVUAktop_EU0bCfL4CbM2RihDlMRf7dshIEE-1688316594-0-AeYU2jnus3/kcIRlaM1bdA35rRV5TKMb41NsBsvo6Mfb6JSEcBirhntZ2xPHPbiBYK7/+LGSFfkVZ1e2ReEy/Jo=; path=/; expires=Sun, 02-Jul-23 17:19:54 GMT; domain=.bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/favicon.ico

chrome.exe

Remote address:

104.17.64.14:443

Request

GET /favicon.ico HTTP/2.0
host: bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/space.html&client=webapp
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __cf_bm=0CjGwSWiVUAktop_EU0bCfL4CbM2RihDlMRf7dshIEE-1688316594-0-AeYU2jnus3/kcIRlaM1bdA35rRV5TKMb41NsBsvo6Mfb6JSEcBirhntZ2xPHPbiBYK7/+LGSFfkVZ1e2ReEy/Jo=

Response

HTTP/2.0 404

date: Sun, 02 Jul 2023 16:49:54 GMT
content-type: text/plain; charset=utf-8
cf-ray: 7e08627a09680a70-AMS
cf-cache-status: EXPIRED
cache-control: no-store
vary: Accept-Encoding
x-cf-ipfs-cache-status: miss
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

250.255.255.239.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.255.255.239.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

10.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.36.251.142.in-addr.arpa

IN PTR

Response

10.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f101e100net
DNS

14.64.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.64.17.104.in-addr.arpa

IN PTR

Response
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.46
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

45.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.8.109.52.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

161.252.72.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.252.72.23.in-addr.arpa

IN PTR

Response

161.252.72.23.in-addr.arpa

IN PTR

a23-72-252-161deploystaticakamaitechnologiescom

192.229.221.95:80

322 B
7
104.17.64.14:443

https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/favicon.ico

tls, http2

chrome.exe

2.2kB
4.2kB
14
15

HTTP Request

GET https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/space.html&client=webapp

HTTP Response

404

HTTP Request

GET https://bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com/favicon.ico

HTTP Response

404
142.251.36.46:443

clients2.google.com

tls, http2

chrome.exe

1.3kB
8.5kB
13
14
20.42.73.27:443

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
96.16.110.41:443

322 B
7
93.184.221.240:80

322 B
7

8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

dns

chrome.exe

122 B
184 B
1
1

DNS Request

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

DNS Response

104.17.64.14

104.17.96.13
8.8.8.8:53

250.255.255.239.in-addr.arpa

dns

74 B
131 B
1
1

DNS Request

250.255.255.239.in-addr.arpa
104.17.64.14:443

bafybeieonlsfjduhlvnhqu34blq2ni3txli4pr6tfbfzpu6frtdu33u7j4.ipfs.cf-ipfs.com

https

chrome.exe

1.3kB
2.5kB
1
2
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

10.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

10.36.251.142.in-addr.arpa
8.8.8.8:53

14.64.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.64.17.104.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.251.36.46
142.251.36.46:443

clients2.google.com

https

chrome.exe

2.4kB
8.2kB
10
12
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

45.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

45.8.109.52.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

161.252.72.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

161.252.72.23.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a4bb93253a48efba2cfa4353dbd7f447

SHA1
d32f5dd5292b43657dda21d4b77986d67d43f7b0

SHA256
f61a00b258ce4345c42ce527f4b9a67f0b1146af1bb39d42117626b2b554c46d

SHA512
c0b8c66f628c1ac85fe083c6988539d21aec3b209cd9a537b7d289f8cb95cf09aa07ac533bf564cfaed71361d25b3d34fed253ed4f89b8f4197a96aeba1bc8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a234f0b8cb7a80a9e553927adf11d31b

SHA1
77b399fb8d5abc26dda5fc55bebf8d2c825681b7

SHA256
f8b62b7184f3ad8941f68dce0648584d546d52a86b33bc57fe87e798d70a1101

SHA512
2ae493ecfbb096ff47231f1a2d7e17b2ffff09757997f3e5d8cc724220ea1a9f61acce94b9805e257c6241af73fb0268960d3eacee8fe8338f5ca85e9c834f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
623b6e14c9b821728d20b90acfdd3cea

SHA1
129f7f2ef6b072bccc3e40a2dbb193c270b88ab4

SHA256
c88963945cf306a91fc3905f4eec54114e904ea07f9e89087e768c677b7b584e

SHA512
fc9e650ca378ac0926d1d7fb9b058cb549dd5c4cf61fae65bf6195fa807d4b7c389cf73350c55ac26444a807d686c1f88acfcc0674d585003f8b10d7e5bda30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
7c467db95d7654b695208959f3d1f747

SHA1
f613ece2efdd7045a3a30db81be8a12c57d9577c

SHA256
74b7f19210dac5e1efc200f7ec388eff9c9b18b94eff46a2018c55d05c01ff64

SHA512
83b365427932b2625d63a97a63d87962c1863f6d2c92158085f727ba418804314f9ef54241394369cc92aa292c940ca9c46527dd66790110957d41c14bb6bb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.