d40ffbdfb7a95ee4a651feeecbc1e1fe69342abbb3d80e89b0edea43483328ae

Analysis

max time kernel
135s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:32 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GOLAYA-BABE.exe
Size

180KB
MD5

f28c1e58c5766a111297588e8ab02361
SHA1

3d55a55fd6d193d32742fe89bf6041f9182ee447
SHA256

6e239da433517b0856f91d212baebdf1963d80ba6c546a440da19121580818ca
SHA512

e09add020c39a8fa5b14f094679daa9d0645f4c0fe39a33194e9c4c3cdadee05986904084387437203387d97be4381c9714e47451aff01e6a7e6fcb5ec9797fd
SSDEEP

3072:6BAp5XhKpN4eOyVTGfhEClj8jTk+0hL/eSZZvLf6CNsPrXJ8WYQKaLba:JbXE9OiTGfhEClq90GSZZvLCCNsPrXJa

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	720	WScript.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	cmd.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	WScript.exe
File opened for modification	C:\Windows\System32\drivers\etc\hîsts	WScript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	GOLAYA-BABE.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\nasri_v_moi_rot.govno	GOLAYA-BABE.exe
File opened for modification	C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\chilli_v_zope\04en_cheshetsa_pizdets.bat	GOLAYA-BABE.exe
File opened for modification	C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ez_i_baldei_po_polnoi.vbs	GOLAYA-BABE.exe
File opened for modification	C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ne_zabud_hoppersi.vbs	GOLAYA-BABE.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	GOLAYA-BABE.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 2560	396	GOLAYA-BABE.exe	37
PID 396 wrote to memory of 2560	396	GOLAYA-BABE.exe	37
PID 396 wrote to memory of 2560	396	GOLAYA-BABE.exe	37
PID 396 wrote to memory of 2992	396	GOLAYA-BABE.exe	39
PID 396 wrote to memory of 2992	396	GOLAYA-BABE.exe	39
PID 396 wrote to memory of 2992	396	GOLAYA-BABE.exe	39
PID 396 wrote to memory of 720	396	GOLAYA-BABE.exe	40
PID 396 wrote to memory of 720	396	GOLAYA-BABE.exe	40
PID 396 wrote to memory of 720	396	GOLAYA-BABE.exe	40

C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe
"C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\chilli_v_zope\04en_cheshetsa_pizdets.bat" "
  2⤵
  - Drops file in Drivers directory
  PID:2560
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ez_i_baldei_po_polnoi.vbs"
  2⤵
  - Drops file in Drivers directory
  PID:2992
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ne_zabud_hoppersi.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:720

Network

DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR

Response
DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

0.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.181.190.20.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR

Response

57.110.18.2.in-addr.arpa

IN PTR

a2-18-110-57deploystaticakamaitechnologiescom
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR

Response

178.178.17.96.in-addr.arpa

IN PTR

a96-17-178-178deploystaticakamaitechnologiescom
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

181.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.178.17.96.in-addr.arpa

IN PTR

Response

181.178.17.96.in-addr.arpa

IN PTR

a96-17-178-181deploystaticakamaitechnologiescom
DNS

32.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.134.221.88.in-addr.arpa

IN PTR

Response

32.134.221.88.in-addr.arpa

IN PTR

a88-221-134-32deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

201.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.178.17.96.in-addr.arpa

IN PTR

Response

201.178.17.96.in-addr.arpa

IN PTR

a96-17-178-201deploystaticakamaitechnologiescom
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301213_14S1AH6BJGZ74J8NX&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301213_14S1AH6BJGZ74J8NX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301622_101PY29MXP6VGMEP0&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301622_101PY29MXP6VGMEP0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

64.62.191.222:1234

WScript.exe

260 B
5
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.7kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.2kB
16
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301622_101PY29MXP6VGMEP0&pid=21.2&w=1080&h=1920&c=4

tls, http2

5.9kB
93.0kB
85
77

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301142_11TUY2FDIIUV7WQCS&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301213_14S1AH6BJGZ74J8NX&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301208_1A8N3XLBQPT0ST5XU&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301622_101PY29MXP6VGMEP0&pid=21.2&w=1080&h=1920&c=4
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.7kB
18
13

8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

206.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

206.178.17.96.in-addr.arpa

DNS Request

206.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

21.177.190.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

21.177.190.20.in-addr.arpa

DNS Request

21.177.190.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

0.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.181.190.20.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

167.109.18.2.in-addr.arpa

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

207 B
131 B
3
1

DNS Request

100.5.17.2.in-addr.arpa

DNS Request

100.5.17.2.in-addr.arpa

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

57.110.18.2.in-addr.arpa

dns

210 B
133 B
3
1

DNS Request

57.110.18.2.in-addr.arpa

DNS Request

57.110.18.2.in-addr.arpa

DNS Request

57.110.18.2.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

178.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

178.178.17.96.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

181.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

181.178.17.96.in-addr.arpa
8.8.8.8:53

32.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

32.134.221.88.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

292 B
144 B
4
1

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

201.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

201.178.17.96.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

21.236.111.52.in-addr.arpa

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\chilli_v_zope\04en_cheshetsa_pizdets.bat

Filesize
2KB

MD5
fc2fcf4351f2aded0dada73e9f8d576f

SHA1
7b6e794c9366485a36e06eafb01d0f4a4d8691bf

SHA256
b0836c3e971d44ab408e6a809a891c3818ee80329f26af232295ef8518c9ba91

SHA512
4c673179d008c12685d282429afa89f477306624c473cc9475b90e09b58a69eee871cb26533d11f6c39c15a3693dd28ee3684dfed737f0b65c268842d1c24331

Download Submit
C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ez_i_baldei_po_polnoi.vbs

Filesize
923B

MD5
7e250a4c3a7a6449119c02ffa9152fb3

SHA1
3d9e376ebd79cdcdf4545d2517e24bf4cc0ae3e5

SHA256
572ccd595ec789cc3c56de893214e2b102aaade4cf791b1df1a9d5d478343ce1

SHA512
ffa60a58dffeb27f9aa50e2e203ce817ec7af4bc29bb50cbe47e21ffa15d68afb15d517140ac1242e6604588adc3a205f0036eb2a45008d5d153e721a695fc17

Download Submit
C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\nasri_v_moi_rot.govno

Filesize
33B

MD5
7d94f52916ecca6d3c68eb13ab68a2ab

SHA1
f40da9aa43d2208ab2ca0c0792572588b5f54c02

SHA256
354b2baf1b5a08368077e053984063a0a94736e16d3d77aa259e7d212e50b92a

SHA512
c15e0655df3a745949926ff7b783b565a137916a3dfc52f15698643ac8405223259d2ae7641e4d4ab572f926cd0b192a500ef10349cab60b1e92da838497fd0c

Download Submit
C:\Program Files (x86)\edem_na_adam\krasnoe_na_chernom\kutturotti\ne_zabud_hoppersi.vbs

Filesize
700B

MD5
d00588d055e55ec3c9b932160f5d8871

SHA1
4ab42990617c4a65186da8b02c0029b38a4d6022

SHA256
ad14702ab903328311dfa29ac20ea72344153a92d4c5e26f46fa00b8c244f1aa

SHA512
fed047bd84641dfb44c4093e24f3e983f7f69f9e604bc1dae4156daf3b395855fa0d32f611df216cc05c599f0f7cf7daf5bb9da781a5890328d5bb1c83db8e91

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
c0805e6fff9d30c65b91bc9284beac8e

SHA1
45456e27d6632159ed7e4403caa1a16721c3b603

SHA256
53f25ec3705be321e5d7c17acc6ea1aba6aae01e99223f97d97bcf288c5a8228

SHA512
34648a026528d9746f73d01f7600bf947fdee00ddf8525cb89338ebd9b51789f968a79b4c1671eeb96ac83f21788167980835cae8c0f86a550ff95bddfa3c2c3

Download Submit
memory/396-40-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.