da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935

Analysis

max time kernel
8s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
Size

536KB
MD5

430b555bb62c9a65824b1a96d0eafd1b
SHA1

f1b9d8c31298e9c8dc3a4b96e77d0ffde1ed7835
SHA256

da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935
SHA512

97a728f186954648a1dfa47e71bcbb6ebccf05eb849d4c2295ecfd8580a6cb4087ee2e49c35b6260a80449d7ef55a08aeaa5a8e5e88c648277d8d52c92f113ee
SSDEEP

12288:rhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:rdQyDLzJTveuK0/Okx2LF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3152-0-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-14-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-25-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-26-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-30-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-42-0x0000000000570000-0x0000000000672000-memory.dmp	upx
behavioral2/memory/3152-66-0x0000000000570000-0x0000000000672000-memory.dmp	upx

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	114.114.114.114

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\35f6a0	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
2640	Explorer.EXE
2640	Explorer.EXE
2640	Explorer.EXE
2640	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
Token: SeTcbPrivilege	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
Token: SeDebugPrivilege	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
Token: SeDebugPrivilege	2640	Explorer.EXE
Token: SeTcbPrivilege	2640	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 2640	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe	13
PID 3152 wrote to memory of 2640	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe	13
PID 3152 wrote to memory of 2640	3152	da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2640
- C:\Users\Admin\AppData\Local\Temp\da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe
  "C:\Users\Admin\AppData\Local\Temp\da8791002b6af34e99103220e3e6d078a24e4848f50977cc10e7281b48191935.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3152

Network

DNS

down.nugong.asia

Explorer.EXE

Remote address:

114.114.114.114:53

Request

down.nugong.asia

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR
DNS

114.114.114.114.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.114.114.114.in-addr.arpa

IN PTR

Response

114.114.114.114.in-addr.arpa

IN PTR

public1114dnscom
DNS

114.114.114.114.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.114.114.114.in-addr.arpa

IN PTR
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

down.nugong.asia

Explorer.EXE

Remote address:

223.5.5.5:53

Request

down.nugong.asia

IN A

Response
DNS

down.nugong.asia

Remote address:

8.8.8.8:53

Request

down.nugong.asia

IN A

Response
DNS

down.nugong.asia

Remote address:

8.8.8.8:53

Request

down.nugong.asia

IN A
DNS

5.5.5.223.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.5.5.223.in-addr.arpa

IN PTR

Response

5.5.5.223.in-addr.arpa

IN PTR

public1alidnscom
DNS

dns.alidns.com

Remote address:

8.8.8.8:53

Request

dns.alidns.com

IN A

Response

dns.alidns.com

IN A

223.5.5.5

dns.alidns.com

IN A

223.6.6.6
GET

https://dns.alidns.com/resolve?name=down.nugong.asia&type=1

Explorer.EXE

Remote address:

223.5.5.5:443

Request

GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: dns.alidns.com
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: max-age=66.000000
Content-Length: 253
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:36 GMT
Connection: close
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
GET

http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

Remote address:

223.5.5.5:80

Request

GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: dns.alidns.com
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=67.000000
Content-Length: 253
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:36 GMT
Connection: close
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
GET

http://223.5.5.5/resolve?name=down.nugong.asia&type=1

Remote address:

223.5.5.5:80

Request

GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: 223.5.5.5
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=64.000000
Content-Length: 253
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:38 GMT
Connection: close
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR
GET

http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

Remote address:

223.5.5.5:80

Request

GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: dns.alidns.com
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=127.000000
Content-Length: 260
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:42 GMT
Connection: close
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
GET

http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

Remote address:

223.5.5.5:80

Request

GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: 223.5.5.5
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=126.000000
Content-Length: 260
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:43 GMT
Connection: close
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
GET

http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

Remote address:

223.5.5.5:80

Request

GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: dns.alidns.com
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=89.000000
Content-Length: 259
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:48 GMT
Connection: close
GET

http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

Remote address:

223.5.5.5:80

Request

GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: 223.5.5.5
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=89.000000
Content-Length: 259
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:00:50 GMT
Connection: close
GET

http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

Remote address:

223.5.5.5:80

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=36.000000
Content-Length: 253
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:01:07 GMT
Connection: close

Request

GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: dns.alidns.com
Connection: Close
DNS

Remote address:

8.8.8.8:53

Response

slscr.update.microsoft.com

IN CNAME

sls.update.microsoft.com

sls.update.microsoft.com

IN CNAME

glb.sls.prod.dcat.dsp.trafficmanager.net

glb.sls.prod.dcat.dsp.trafficmanager.net

IN A

20.12.23.50
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
GET

http://223.5.5.5/resolve?name=down.nugong.asia&type=1

Remote address:

223.5.5.5:80

Request

GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: 223.5.5.5
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=27.000000
Content-Length: 253
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:01:15 GMT
Connection: close
DNS

Remote address:

92.123.241.104:80

Response

HTTP/1.1 200 OK

Cache-Control: public, max-age=7776000, s-maxage=7776000
Content-Type: image/png
Last-Modified: Wed, 16 Nov 2022 11:27:12 GMT
Accept-Ranges: none
ETag: W/"gEDUIDB4OERBQzdDNTgxQTY1QjZD"
MS-CV: zsQkoTNmB0i92H+f.0
Access-Control-Expose-Headers: MS-CV
Content-Length: 14694
Date: Sat, 30 Dec 2023 12:01:18 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
GET

http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

Remote address:

223.5.5.5:80

Request

GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
Accept-Encoding: gzip, deflate
Host: 223.5.5.5
Connection: Close

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Cache-Control: max-age=87.000000
Content-Length: 259
Content-Type: application/json
S: 89.149.23.59
Date: Sat, 30 Dec 2023 12:01:22 GMT
Connection: close
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

204.79.197.200:443

g.bing.com

156 B
3
223.5.5.5:443

https://dns.alidns.com/resolve?name=down.nugong.asia&type=1

tls, http

Explorer.EXE

970 B
3.7kB
12
9

HTTP Request

GET https://dns.alidns.com/resolve?name=down.nugong.asia&type=1

HTTP Response

200
223.5.5.5:80

http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

http

357 B
676 B
5
5

HTTP Request

GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

1.1kB
3.7kB
15
9
13.107.21.200:443

g.bing.com

tls

2.2kB
9.4kB
22
19
223.5.5.5:80

http://223.5.5.5/resolve?name=down.nugong.asia&type=1

http

560 B
676 B
7
5

HTTP Request

GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

973 B
3.8kB
12
9
223.5.5.5:443

dns.alidns.com

tls

973 B
3.8kB
12
9
223.5.5.5:443

dns.alidns.com

tls

1.0kB
3.7kB
13
9
223.5.5.5:80

http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

http

458 B
684 B
7
5

HTTP Request

GET http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

1.0kB
3.7kB
14
9
223.5.5.5:80

http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

http

355 B
684 B
5
5

HTTP Request

GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

973 B
3.8kB
12
9
223.5.5.5:443

dns.alidns.com

tls

1.3kB
4.9kB
14
10
223.5.5.5:443

dns.alidns.com

tls

1.1kB
3.7kB
14
10
223.5.5.5:80

http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

http

596 B
722 B
10
6

HTTP Request

GET http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

1.2kB
3.6kB
15
8
223.5.5.5:80

http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

http

401 B
642 B
6
4

HTTP Request

GET http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

HTTP Response

200
61.170.44.200:443

52 B
1
39.175.102.185:443

104 B
2
120.226.2.188:443

52 B
1
223.5.5.5:443

dns.alidns.com

40 B
1
223.5.5.5:80

http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

http

639 B
596 B
6
3

HTTP Response

200

HTTP Request

GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
121.12.174.144:443

52 B
1
219.151.137.57:443

104 B
2
223.5.5.5:443

dns.alidns.com

tls

1.0kB
3.7kB
14
9
223.5.5.5:80

http://223.5.5.5/resolve?name=down.nugong.asia&type=1

http

450 B
676 B
7
5

HTTP Request

GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

HTTP Response

200
219.151.137.59:443

156 B
3
223.5.5.5:443

dns.alidns.com

tls

1.7kB
5.1kB
18
11
223.5.5.5:443

dns.alidns.com

tls

596 B
3.6kB
7
5
117.180.236.80:443

52 B
1
223.5.5.5:443

dns.alidns.com

tls

1.2kB
3.7kB
15
9
223.5.5.5:80

dns.alidns.com

46 B
40 B
1
1
92.123.241.104:80

http

52 B
1.4kB
1
1

HTTP Response

200
36.150.211.193:443

52 B
1
223.5.5.5:80

http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

http

401 B
682 B
6
5

HTTP Request

GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

HTTP Response

200
223.5.5.5:443

dns.alidns.com

tls

319 B
52 B
3
1
183.204.12.135:443

104 B
2
42.231.136.87:443

52 B
1
182.150.5.184:443

156 B
3
93.184.221.240:80

2.1kB
43.7kB
32
32
120.222.152.71:443

104 B
2
111.43.169.68:443

104 B
2
58.215.114.233:443

156 B
3
182.242.216.243:443

156 B
3
120.222.152.57:443

156 B
3
124.225.188.132:443

156 B
3
120.222.152.62:443

156 B
3
124.225.14.210:443

156 B
3
122.189.171.111:443

156 B
3
118.212.235.102:443

156 B
3
120.222.152.122:443

104 B
2
204.79.197.200:443

tse1.mm.bing.net

tls

1.8kB
9.6kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls

1.8kB
9.6kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls

1.7kB
8.2kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls

1.2kB
7.6kB
13
9
204.79.197.200:443

tse1.mm.bing.net

tls

23.7kB
583.6kB
439
430
124.225.14.101:443

52 B
1

114.114.114.114:53

down.nugong.asia

dns

Explorer.EXE

62 B
1

DNS Request

down.nugong.asia
8.8.8.8:53

g.bing.com

dns

112 B
158 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

208.194.73.20.in-addr.arpa

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

114.114.114.114.in-addr.arpa

dns

148 B
106 B
2
1

DNS Request

114.114.114.114.in-addr.arpa

DNS Request

114.114.114.114.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

133.32.126.40.in-addr.arpa

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
223.5.5.5:53

down.nugong.asia

dns

Explorer.EXE

62 B
136 B
1
1

DNS Request

down.nugong.asia
8.8.8.8:53

down.nugong.asia

dns

124 B
136 B
2
1

DNS Request

down.nugong.asia

DNS Request

down.nugong.asia
8.8.8.8:53

5.5.5.223.in-addr.arpa

dns

68 B
100 B
1
1

DNS Request

5.5.5.223.in-addr.arpa
8.8.8.8:53

dns.alidns.com

dns

60 B
92 B
1
1

DNS Request

dns.alidns.com

DNS Response

223.5.5.5

223.6.6.6
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

167.109.18.2.in-addr.arpa

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

dns

160 B
1

DNS Response

20.12.23.50
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

31.243.111.52.in-addr.arpa

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

55.36.223.20.in-addr.arpa

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

146 B
212 B
2
2

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
1KB

MD5
6f2fe23b3a9817243e2e1e61d5fa9593

SHA1
68f501cfbe9abdf1a121b71155c6a52ef5c74870

SHA256
055634aa6efc859784b584eef57d621586c3964b9578fa3fc2614fcc3dae8feb

SHA512
07c1a03120c05f88a0aa89d93d53ee7c721306af166f363570c8200fd72cb8a532f9a656d3336fe53416978b07c65668c21cd178952ff518d1663bf5095ee538

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E

Filesize
938B

MD5
f4704e4373e961459bb62a5d06d36a06

SHA1
3ae524d2f6b5ec83c20e378d6e0c5764e276d9d4

SHA256
daed1871001185edccf1eae9d71fee0db26cfbcffffa910513487d72bf6dcde6

SHA512
9cbf66f8d992103dbd4277904ce18c3601783d8afab937fcf8bb85d6f70b47511318413bd72f5555aeac4248ba033eeb26aeba4023552678c00e9a8b45d56ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E

Filesize
520B

MD5
fc69943acdbbd0e033eafbed59cebcda

SHA1
a77f16cf7c4a07dc25e133fc93c79694c0c6df47

SHA256
37dee40f07424bb893ed093fb428e2c0b8e273fd6fc2d48a387d4f6d1a989f58

SHA512
4b8c8f4a16a7c5e5eb0c64465ecf57ad9a7c7a0b9f70c371d9b51fec3ca04b9a0a9ffd61e528e1ba303e244660ef9c5d0807fcd7fad6b5263fa1ec8a5a435ed3

Download Submit
memory/2640-5-0x00000000033E0000-0x0000000003459000-memory.dmp

Filesize
484KB

Download
memory/2640-16-0x00000000033E0000-0x0000000003459000-memory.dmp

Filesize
484KB

Download
memory/2640-4-0x00000000031E0000-0x00000000031E3000-memory.dmp

Filesize
12KB

Download
memory/2640-7-0x00000000033E0000-0x0000000003459000-memory.dmp

Filesize
484KB

Download
memory/2640-3-0x00000000031E0000-0x00000000031E3000-memory.dmp

Filesize
12KB

Download
memory/3152-14-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-0-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-25-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-26-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-30-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-42-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download
memory/3152-66-0x0000000000570000-0x0000000000672000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.