Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d503056ec6...a1.exe

windows7-x64

7

d503056ec6...a1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d503056ec6e08ce00b34e08e1db5d3a1.exe

  • Size

    7.8MB

  • MD5

    d503056ec6e08ce00b34e08e1db5d3a1

  • SHA1

    a7d763c982b120e0603a45907e34885cfd1246bf

  • SHA256

    1cfd00b0d4b4ea345feb82811ed6c085a7d95f96b3a2f4f3db8f739220b92a75

  • SHA512

    1c1deafcac07b182de546b27a7886ee1eb22d50f78b67b2031b42ed66b33bc00e6f14f798c4763d5dc3431c28d6b6590d3fba4bbd2a5c3b26a008cd34dccb0af

  • SSDEEP

    196608:ohRbdlirsJ+2dlirf0LdlirsJ+2dliru7PmmdlirsJ+2dlirf0LdlirsJ+2dlir:ohRXqSR7PmEqS

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Program crash 2 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe
    "C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3340
    • C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe
      C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4596
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe" /TN BLiB1zkTf55f /F
        3⤵
        • Creates scheduled task(s)
        PID:3868
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c schtasks.exe /Query /XML /TN BLiB1zkTf55f > C:\Users\Admin\AppData\Local\Temp\AxCL66D.xml
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4884
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks.exe /Query /XML /TN BLiB1zkTf55f
          4⤵
            PID:3060
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 604
          3⤵
          • Program crash
          PID:1388
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 632
          3⤵
          • Program crash
          PID:3356
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4596 -ip 4596
      1⤵
        PID:3704
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4596 -ip 4596
        1⤵
          PID:2188

        Network

        • flag-us
          DNS
          23.177.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.177.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          81.171.91.138.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          81.171.91.138.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          209.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          209.178.17.96.in-addr.arpa
          IN PTR
          Response
          209.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-209deploystaticakamaitechnologiescom
        • flag-us
          DNS
          114.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          114.110.16.96.in-addr.arpa
          IN PTR
          Response
          114.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-114deploystaticakamaitechnologiescom
        • flag-us
          DNS
          9.228.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          9.228.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          9.228.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          9.228.82.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          205.47.74.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          205.47.74.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
          Response
          41.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-41deploystaticakamaitechnologiescom
        • flag-us
          DNS
          208.194.73.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          208.194.73.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          208.194.73.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          208.194.73.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          208.194.73.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          208.194.73.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          171.39.242.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          171.39.242.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          171.39.242.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          171.39.242.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          241.154.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.154.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
        • flag-us
          DNS
          pastebin.com
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          Remote address:
          8.8.8.8:53
          Request
          pastebin.com
          IN A
          Response
          pastebin.com
          IN A
          104.20.67.143
          pastebin.com
          IN A
          172.67.34.170
          pastebin.com
          IN A
          104.20.68.143
        • flag-us
          DNS
          2.136.104.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          2.136.104.51.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          cutit.org
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          Remote address:
          8.8.8.8:53
          Request
          cutit.org
          IN A
          Response
          cutit.org
          IN A
          64.91.240.248
        • flag-us
          DNS
          cutit.org
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          Remote address:
          8.8.8.8:53
          Request
          cutit.org
          IN A
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301437_1FQQRRH2LMYR70J12&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301437_1FQQRRH2LMYR70J12&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 382840
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8B662724F7074146B6094FBAB7AF665D Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:38:44Z
          date: Fri, 22 Dec 2023 19:38:44 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 279680
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 5603D1C0F1504AB1868719FC6781C284 Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:38:44Z
          date: Fri, 22 Dec 2023 19:38:44 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301004_1LZXIYCLYQ81B617H&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301004_1LZXIYCLYQ81B617H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 273276
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 0A2FABABFBCC4CCA82B033620B06C19D Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:38:44Z
          date: Fri, 22 Dec 2023 19:38:44 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 446334
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 629977A8836F492EB4CBCCADF0E1C237 Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:38:44Z
          date: Fri, 22 Dec 2023 19:38:44 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 134896
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 80C116C770C1496FBFCD112F3E12105A Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:38:44Z
          date: Fri, 22 Dec 2023 19:38:44 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301617_1V543CFQPAISNVZHR&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301617_1V543CFQPAISNVZHR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 126415
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: BC55EEFB35934FEBBCE9D5EAD87FEBB2 Ref B: LON04EDGE0707 Ref C: 2023-12-22T19:39:14Z
          date: Fri, 22 Dec 2023 19:39:13 GMT
        • flag-us
          DNS
          143.67.20.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          143.67.20.104.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          143.67.20.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          143.67.20.104.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          200.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.197.79.204.in-addr.arpa
          IN PTR
          Response
          200.197.79.204.in-addr.arpa
          IN PTR
          a-0001a-msedgenet
        • flag-us
          DNS
          248.240.91.64.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          248.240.91.64.in-addr.arpa
          IN PTR
          Response
          248.240.91.64.in-addr.arpa
          IN PTR
          crocodile parklogiccom
        • flag-us
          DNS
          18.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.134.221.88.in-addr.arpa
          IN PTR
          Response
          18.134.221.88.in-addr.arpa
          IN PTR
          a88-221-134-18deploystaticakamaitechnologiescom
        • flag-us
          DNS
          18.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.134.221.88.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          30.243.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          30.243.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          32.169.19.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          32.169.19.2.in-addr.arpa
          IN PTR
          Response
          32.169.19.2.in-addr.arpa
          IN PTR
          a2-19-169-32deploystaticakamaitechnologiescom
        • flag-us
          DNS
          43.58.199.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.58.199.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          GET
          https://cutit.org/oxgBR
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          Remote address:
          64.91.240.248:443
          Request
          GET /oxgBR HTTP/1.1
          User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; pt-br; MZ608 Build/7.7.1-141-7-FLEM-UMTS-LA) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
          Host: cutit.org
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Fri, 22 Dec 2023 19:39:15 GMT
          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
          X-Powered-By: PHP/5.4.16
          Cache-Control: no-cache
          Pragma: no-cache
          Content-Length: 1894
          Content-Type: text/html; charset=UTF-8
        • flag-us
          DNS
          193.179.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          193.179.17.96.in-addr.arpa
          IN PTR
          Response
          193.179.17.96.in-addr.arpa
          IN PTR
          a96-17-179-193deploystaticakamaitechnologiescom
        • flag-us
          DNS
          4.173.189.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          4.173.189.20.in-addr.arpa
          IN PTR
          Response
        • 104.20.67.143:443
          pastebin.com
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          236 B
           132 B
           5
          3
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          2.0kB
           8.7kB
           22
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          2.0kB
           8.7kB
           22
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          2.0kB
           8.7kB
           22
          13
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          2.0kB
           8.7kB
           22
          14
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239317301617_1V543CFQPAISNVZHR&pid=21.2&w=1080&h=1920&c=4
          tls, http2
          65.8kB
           1.8MB
           1341
          1325

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301437_1FQQRRH2LMYR70J12&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301004_1LZXIYCLYQ81B617H&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301617_1V543CFQPAISNVZHR&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200
        • 64.91.240.248:443
          cutit.org
          tls
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          762 B
           3.1kB
           10
          7
        • 64.91.240.248:443
          https://cutit.org/oxgBR
          tls, http
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          1.7kB
           5.8kB
           18
          10

          HTTP Request

          GET https://cutit.org/oxgBR

          HTTP Response

          200
        • 8.8.8.8:53
          23.177.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          23.177.190.20.in-addr.arpa

        • 8.8.8.8:53
          81.171.91.138.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          81.171.91.138.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          209.178.17.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          209.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          114.110.16.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          114.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          9.228.82.20.in-addr.arpa
          dns
          140 B
           156 B
           2
          1

          DNS Request

          9.228.82.20.in-addr.arpa

          DNS Request

          9.228.82.20.in-addr.arpa

        • 8.8.8.8:53
          205.47.74.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          205.47.74.20.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          41.110.16.96.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          41.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          208.194.73.20.in-addr.arpa
          dns
          216 B
           158 B
           3
          1

          DNS Request

          208.194.73.20.in-addr.arpa

          DNS Request

          208.194.73.20.in-addr.arpa

          DNS Request

          208.194.73.20.in-addr.arpa

        • 8.8.8.8:53
          171.39.242.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          171.39.242.20.in-addr.arpa

          DNS Request

          171.39.242.20.in-addr.arpa

        • 8.8.8.8:53
          241.154.82.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          241.154.82.20.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          124 B
           173 B
           2
          1

          DNS Request

          tse1.mm.bing.net

          DNS Request

          tse1.mm.bing.net

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          pastebin.com
          dns
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          58 B
           106 B
           1
          1

          DNS Request

          pastebin.com

          DNS Response

          104.20.67.143
          172.67.34.170
          104.20.68.143

        • 8.8.8.8:53
          2.136.104.51.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          2.136.104.51.in-addr.arpa

        • 8.8.8.8:53
          cutit.org
          dns
          d503056ec6e08ce00b34e08e1db5d3a1.exe
          110 B
           71 B
           2
          1

          DNS Request

          cutit.org

          DNS Request

          cutit.org

          DNS Response

          64.91.240.248

        • 8.8.8.8:53
          143.67.20.104.in-addr.arpa
          dns
          144 B
           134 B
           2
          1

          DNS Request

          143.67.20.104.in-addr.arpa

          DNS Request

          143.67.20.104.in-addr.arpa

        • 8.8.8.8:53
          200.197.79.204.in-addr.arpa
          dns
          73 B
           106 B
           1
          1

          DNS Request

          200.197.79.204.in-addr.arpa

        • 8.8.8.8:53
          248.240.91.64.in-addr.arpa
          dns
          72 B
           109 B
           1
          1

          DNS Request

          248.240.91.64.in-addr.arpa

        • 8.8.8.8:53
          18.134.221.88.in-addr.arpa
          dns
          144 B
           137 B
           2
          1

          DNS Request

          18.134.221.88.in-addr.arpa

          DNS Request

          18.134.221.88.in-addr.arpa

        • 8.8.8.8:53
          30.243.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          30.243.111.52.in-addr.arpa

        • 8.8.8.8:53
          32.169.19.2.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          32.169.19.2.in-addr.arpa

        • 8.8.8.8:53
          43.58.199.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          43.58.199.20.in-addr.arpa

        • 8.8.8.8:53
          193.179.17.96.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          193.179.17.96.in-addr.arpa

        • 8.8.8.8:53
          4.173.189.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          4.173.189.20.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\AxCL66D.xml
          Filesize

          1KB

          MD5

          e26ec896747fe5bc332f669fe50fda10

          SHA1

          ddefaea283a801d3ad6611314cfa490efcd63734

          SHA256

          25208c7bbdc75b939c27d9b5e6891a23830fdbf80541f34e25108c0a2bbe6a48

          SHA512

          ff9f6e217a96f89e78f83a818005cb78b05f4c4bcf2e7e4c3763a28ff3a707e63c8b4731a962ead3edeabc6594cfd6455f2e69587624e750229eb88d47838f59

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\d503056ec6e08ce00b34e08e1db5d3a1.exe
          Filesize

          7.8MB

          MD5

          04cea029ba1c8fb699204c14b1b5152f

          SHA1

          132cc27319be3227e81c5930f3262cfc6bafcbcb

          SHA256

          113c745c5f1568a8e1114220ab7feca6b32b527caac272fd194a29575c1375aa

          SHA512

          07fbd25bf1cace71f22990f5d1601266c5a5bbff82e5453d749d8a4e4af1dd0c5d9e81b0e2e9e6431bba6d44954570f298d150d81cdb304ff4f977ad816e0bf8

          Download Submit

        • memory/3340-0-0x0000000000400000-0x000000000065C000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/3340-1-0x0000000000400000-0x000000000046B000-memory.dmp

          Filesize

          428KB

          Download

        • memory/3340-3-0x0000000025000000-0x000000002507E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/3340-13-0x0000000000400000-0x000000000046B000-memory.dmp

          Filesize

          428KB

          Download

        • memory/4596-15-0x0000000000400000-0x000000000065C000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/4596-17-0x0000000001730000-0x00000000017AE000-memory.dmp

          Filesize

          504KB

          Download

        • memory/4596-22-0x00000000004B0000-0x000000000051B000-memory.dmp

          Filesize

          428KB

          Download

        • memory/4596-23-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4596-32-0x0000000000400000-0x000000000065C000-memory.dmp

          Filesize

          2.4MB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.