Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 03:10 UTC

General

  • Target

    0c8eba1d7455a34444a8d4220ced4658.exe

  • Size

    2.6MB

  • MD5

    0c8eba1d7455a34444a8d4220ced4658

  • SHA1

    8a5cd139c2fed99792b56274e323df839a81be03

  • SHA256

    ff950cbd3a415dac5562a43931de7f641457764c8f35aec39f4181eac9e1e05e

  • SHA512

    9dcf11afe148beecc5013a4b81504bca01956e867821a0597447835b80702aca338082e91369966c4eaeaffa27c899899d908a2b90d6f6b5344c04416ae09b9a

  • SSDEEP

    49152:IAsmsLB1VA6U4P9+0b1tEmdvmH2gc/ZLr0yK6hX0Su78aay3:WdBP97kvcFr0hckS63

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c8eba1d7455a34444a8d4220ced4658.exe
    "C:\Users\Admin\AppData\Local\Temp\0c8eba1d7455a34444a8d4220ced4658.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Users\Admin\AppData\Local\Temp\0c8eba1d7455a34444a8d4220ced4658.exe
      C:\Users\Admin\AppData\Local\Temp\0c8eba1d7455a34444a8d4220ced4658.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:3460

Network

  • flag-us
    DNS
    cutit.org
    0c8eba1d7455a34444a8d4220ced4658.exe
    Remote address:
    8.8.8.8:53
    Request
    cutit.org
    IN A
    Response
    cutit.org
    IN A
    64.91.240.248
  • flag-us
    GET
    https://cutit.org/oxgBR
    0c8eba1d7455a34444a8d4220ced4658.exe
    Remote address:
    64.91.240.248:443
    Request
    GET /oxgBR HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: cutit.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 31 Dec 2023 13:51:05 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
    X-Powered-By: PHP/5.4.16
    Connection: close
    Cache-Control: no-cache
    Pragma: no-cache
    Location: http://ww1.cutit.org/oxgBR?usid=25&utid=4502544793
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    22.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    248.240.91.64.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    248.240.91.64.in-addr.arpa
    IN PTR
    Response
    248.240.91.64.in-addr.arpa
    IN PTR
    crocodile parklogiccom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.13.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.13.222.173.in-addr.arpa
    IN PTR
    Response
    40.13.222.173.in-addr.arpa
    IN PTR
    a173-222-13-40deploystaticakamaitechnologiescom
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ww1.cutit.org
    0c8eba1d7455a34444a8d4220ced4658.exe
    Remote address:
    8.8.8.8:53
    Request
    ww1.cutit.org
    IN A
    Response
    ww1.cutit.org
    IN CNAME
    sedoparking.com
    sedoparking.com
    IN A
    64.190.63.136
  • flag-de
    GET
    http://ww1.cutit.org/oxgBR?usid=25&utid=4502544793
    0c8eba1d7455a34444a8d4220ced4658.exe
    Remote address:
    64.190.63.136:80
    Request
    GET /oxgBR?usid=25&utid=4502544793 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Cache-Control: no-cache
    Host: ww1.cutit.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Sun, 31 Dec 2023 13:51:05 GMT
    content-type: text/html; charset=UTF-8
    transfer-encoding: chunked
    vary: Accept-Encoding
    x-powered-by: PHP/8.1.17
    expires: Mon, 26 Jul 1997 05:00:00 GMT
    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    pragma: no-cache
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_Yod+PZPn1TDpPTOUlYTLPJs0kPqEh3K1uTWKcsybGZtGDliHKIERN48b0ZIQdcPMNCeOXxYbyIZ4fVO5irJi6g==
    last-modified: Sun, 31 Dec 2023 13:51:05 GMT
    x-cache-miss-from: parking-56c7b4c6cb-dk84n
    server: NginX
  • flag-us
    DNS
    201.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    201.179.17.96.in-addr.arpa
    IN PTR
    Response
    201.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-201deploystaticakamaitechnologiescom
  • flag-us
    DNS
    136.63.190.64.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.63.190.64.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    100.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.5.17.2.in-addr.arpa
    IN PTR
    Response
    100.5.17.2.in-addr.arpa
    IN PTR
    a2-17-5-100deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    178.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.178.17.96.in-addr.arpa
    IN PTR
    Response
    178.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-178deploystaticakamaitechnologiescom
  • flag-us
    DNS
    178.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.178.17.96.in-addr.arpa
    IN PTR
    Response
    178.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-178deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
    Response
    32.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301724_1GGOULONZ6XJKTHM3&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301724_1GGOULONZ6XJKTHM3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 414919
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7AFCD31AA55E417EAAA2FCC990A43C58 Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:55Z
    date: Sun, 31 Dec 2023 13:52:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301315_1JM5631GU1VNGZFL5&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301315_1JM5631GU1VNGZFL5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 344890
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 73C42DFBAE714F749F9AF353DE6E3D54 Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:55Z
    date: Sun, 31 Dec 2023 13:52:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 194587
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BE3355A08029423F97819DC489724380 Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:55Z
    date: Sun, 31 Dec 2023 13:52:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301294_148KA4PJU37KL6ZLZ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301294_148KA4PJU37KL6ZLZ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 215256
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 929BBE0531E141888CFCFA795E3C2141 Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:55Z
    date: Sun, 31 Dec 2023 13:52:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 269855
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2F71E0B77A97439B8C36922B9EE620CE Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:55Z
    date: Sun, 31 Dec 2023 13:52:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301703_1IW22ZXGG4KW3W1YI&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301703_1IW22ZXGG4KW3W1YI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 301809
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0DFCAD2C472E4C6CA8D7F5E0E36E1271 Ref B: LON04EDGE1113 Ref C: 2023-12-31T13:52:56Z
    date: Sun, 31 Dec 2023 13:52:56 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
    Response
    211.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-211deploystaticakamaitechnologiescom
  • 64.91.240.248:443
    https://cutit.org/oxgBR
    tls, http
    0c8eba1d7455a34444a8d4220ced4658.exe
    1.4kB
    3.9kB
    16
    10

    HTTP Request

    GET https://cutit.org/oxgBR

    HTTP Response

    302
  • 64.190.63.136:80
    http://ww1.cutit.org/oxgBR?usid=25&utid=4502544793
    http
    0c8eba1d7455a34444a8d4220ced4658.exe
    1.6kB
    24.2kB
    30
    21

    HTTP Request

    GET http://ww1.cutit.org/oxgBR?usid=25&utid=4502544793

    HTTP Response

    200
  • 20.231.121.79:80
    46 B
    1
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301703_1IW22ZXGG4KW3W1YI&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    64.6kB
    1.8MB
    1340
    1335

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301724_1GGOULONZ6XJKTHM3&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301315_1JM5631GU1VNGZFL5&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301294_148KA4PJU37KL6ZLZ&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301703_1IW22ZXGG4KW3W1YI&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    9.7kB
    17
    15
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    8.4kB
    17
    15
  • 88.221.135.217:80
  • 8.8.8.8:53
    cutit.org
    dns
    0c8eba1d7455a34444a8d4220ced4658.exe
    55 B
    71 B
    1
    1

    DNS Request

    cutit.org

    DNS Response

    64.91.240.248

  • 8.8.8.8:53
    22.177.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    22.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    248.240.91.64.in-addr.arpa
    dns
    72 B
    109 B
    1
    1

    DNS Request

    248.240.91.64.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    40.13.222.173.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    40.13.222.173.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    ww1.cutit.org
    dns
    0c8eba1d7455a34444a8d4220ced4658.exe
    59 B
    104 B
    1
    1

    DNS Request

    ww1.cutit.org

    DNS Response

    64.190.63.136

  • 8.8.8.8:53
    201.179.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    201.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    136.63.190.64.in-addr.arpa
    dns
    72 B
    156 B
    1
    1

    DNS Request

    136.63.190.64.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    100.5.17.2.in-addr.arpa
    dns
    69 B
    131 B
    1
    1

    DNS Request

    100.5.17.2.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    178.178.17.96.in-addr.arpa
    dns
    144 B
    274 B
    2
    2

    DNS Request

    178.178.17.96.in-addr.arpa

    DNS Request

    178.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    32.134.221.88.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    32.134.221.88.in-addr.arpa

    DNS Request

    32.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    144 B
    316 B
    2
    2

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    144 B
    316 B
    2
    2

    DNS Request

    88.156.103.20.in-addr.arpa

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    346 B
    2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    146 B
    212 B
    2
    2

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    144 B
    274 B
    2
    2

    DNS Request

    174.178.17.96.in-addr.arpa

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    13.173.189.20.in-addr.arpa
    dns
    144 B
    316 B
    2
    2

    DNS Request

    13.173.189.20.in-addr.arpa

    DNS Request

    13.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    211.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    211.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0c8eba1d7455a34444a8d4220ced4658.exe

    Filesize

    893KB

    MD5

    d46a288cf73428aeacaa1d7686688027

    SHA1

    5f83baad65e2a29d54a21ea834f46b33da1fc6ba

    SHA256

    23a9fc3ec74f3819828e1e5254b79ee8a96e967619ba6fb90dda02b199017800

    SHA512

    e39feee5fc18555199e1f8e2ba2f425797f716d70afa78533a5d90d4f105737363a19d5aa8c5284f6d527d9f68e306d441a9aec5fa7f881aa5ac14f86f9789ab

  • memory/3460-18-0x00000000023F0000-0x000000000264A000-memory.dmp

    Filesize

    2.4MB

  • memory/3460-14-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/3460-30-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/4124-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/4124-1-0x0000000002260000-0x00000000024BA000-memory.dmp

    Filesize

    2.4MB

  • memory/4124-2-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/4124-13-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.