Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0a108a13d6...03.exe

windows7-x64

7

0a108a13d6...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 11:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe

  • Size

    536KB

  • MD5

    5834ff7c2403151983fd30f7bf5771cc

  • SHA1

    a5b1b92b50d60625b05805e20d9677dcbf7cc4c7

  • SHA256

    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803

  • SHA512

    e4b62031df834028aed18a6c364776642da8e102c66c8e03bcf9ab9f86433f35287d88c6bed8e57a0d05bb57621f3adadb3cfa9c3fcbb5309ccbad456c6a41e5

  • SSDEEP

    12288:mhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:mdQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1228
    • C:\Users\Admin\AppData\Local\Temp\0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
      "C:\Users\Admin\AppData\Local\Temp\0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2884

Network

  • flag-us
    DNS
    down.nugong.asia
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    114.114.114.114:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-cn
    DNS
    down.nugong.asia
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-us
    DNS
    down.nugong.asia
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    8.8.8.8:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-us
    DNS
    dns.alidns.com
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    8.8.8.8:53
    Request
    dns.alidns.com
    IN A
    Response
    dns.alidns.com
    IN A
    223.5.5.5
    dns.alidns.com
    IN A
    223.6.6.6
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=36.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:48:36 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=34.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:48:38 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=353.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:48:40 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
  • flag-us
    DNS
    down.nugong.asia
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    114.114.114.114:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-cn
    DNS
    down.nugong.asia
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=1.000000
    Content-Length: 252
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:11 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=1.000000
    Content-Length: 252
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:12 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=320.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:13 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=467.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:15 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=410.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:19 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=19.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:20 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=12.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:28 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=24.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:24 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=13.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:26 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=454.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:28 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=449.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:32 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=385.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:34 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=9.000000
    Content-Length: 258
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:36 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=374.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:45 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=6.000000
    Content-Length: 258
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:39 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=25.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:49 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=22.000000
    Content-Length: 259
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sat, 30 Dec 2023 11:49:53 GMT
    Connection: close
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    904 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    http
    Explorer.EXE
    357 B
     676 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    842 B
     2.8kB
     10
    8
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    http
    Explorer.EXE
    398 B
     676 B
     6
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    819 B
     2.7kB
     9
    6
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    http
    Explorer.EXE
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    699 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    http
    Explorer.EXE
    360 B
     92 B
     5
    2

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    861 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    455 B
     674 B
     7
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    676 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    352 B
     674 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    904 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    904 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    452 B
     897 B
     7
    6

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    803 B
     2.7kB
     11
    6
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    1.1kB
     2.8kB
     12
    8
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16
    http
    Explorer.EXE
    443 B
     893 B
     7
    6

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    789 B
     2.8kB
     11
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    360 B
     682 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    936 B
     3.9kB
     12
    9
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    670 B
     1.2kB
     9
    7

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    http
    Explorer.EXE
    360 B
     682 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    728 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    http
    Explorer.EXE
    355 B
     682 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    741 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    743 B
     2.8kB
     10
    7
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    743 B
     2.7kB
     10
    6
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    576 B
     825 B
     7
    4

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    360 B
     857 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    1.2kB
     2.8kB
     13
    8
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    745 B
     2.8kB
     10
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    530 B
     680 B
     6
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    460 B
     853 B
     7
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    676 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    355 B
     680 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 120.226.2.65:443
    Explorer.EXE
    104 B
     2
  • 36.150.211.193:443
    Explorer.EXE
    104 B
     2
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    745 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    412 B
     682 B
     6
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    676 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    355 B
     682 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 125.74.5.241:443
    Explorer.EXE
    104 B
     2
  • 223.106.228.214:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 111.43.169.68:443
    Explorer.EXE
    104 B
     2
  • 124.225.188.238:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 120.222.152.62:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 61.170.44.200:443
    Explorer.EXE
    104 B
     2
  • 39.175.102.78:443
    Explorer.EXE
    104 B
     2
  • 111.12.215.50:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 117.34.18.87:443
    Explorer.EXE
    104 B
     2
  • 120.222.152.253:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 111.0.39.235:443
    Explorer.EXE
    104 B
     2
  • 58.222.30.226:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 183.255.104.113:443
    Explorer.EXE
    104 B
     2
  • 121.12.174.144:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 110.249.196.101:443
    Explorer.EXE
    104 B
     2
  • 182.242.217.164:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 42.231.136.215:443
    Explorer.EXE
    104 B
     2
  • 120.222.152.234:443
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    104 B
     2
  • 114.114.114.114:53
    down.nugong.asia
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 223.5.5.5:53
    down.nugong.asia
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 8.8.8.8:53
    down.nugong.asia
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 8.8.8.8:53
    dns.alidns.com
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    60 B
     92 B
     1
    1

    DNS Request

    dns.alidns.com

    DNS Response

    223.5.5.5
    223.6.6.6

  • 114.114.114.114:53
    down.nugong.asia
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 223.5.5.5:53
    dns.alidns.com
    dns
    0a108a13d62926524680d6b68b2778f7ac1436d2322a07fc8aacbf09ac930803.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    505ed80d60f9e03118bbfb13d606d413

    SHA1

    dec8f0c197e75415c4a2b6df1dc1d7652bd06d45

    SHA256

    00cda857eba076c7d42bc1f7ae44f6c0c4d714e01cd2f488c58e3bfd3a2a392d

    SHA512

    b9f17b03a0c966ebe728a8f2c10c5f4c893b709a01818c67f58ea44bc6736d9bf9e9812b49cff4324467677cab14be3d207d3788309ce1f8fd80306e913e8b61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e57f48d625009f939e0eb5085b9930a2

    SHA1

    c19db0fa2e381d87eccfa50b939807168798b9ea

    SHA256

    07ffa90aa1427b6aef05576f6b58c0acf864b629b6561dbc810dec443574d9b4

    SHA512

    bb45c30db856bd4dfcdad2f7d31c416ea237ee9aeecd7e7d5fd02d2c36b50f25285060b010c8d42bf534b29c2a443aa5c7994e267ee6d094e165b8d7ae2c869d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45cd63995278f2b28f3c19ffb6f4a3cf

    SHA1

    aee3f5022a72b1b5434bd4ab0c9bd5a69dcb4102

    SHA256

    988aa1cf52cbd65fc757f403a06f0bae001f19805817069b0f0b6779f53115fc

    SHA512

    5bc04a3d8617ed9c366d757269cd614b06be469752a599dfafe7a1c2b458665703e234e79bf44a391cbf0b6deb08aa8324f4954602d07019ae2f1af471110535

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b43201f2316af4953d72fb1e890d2ba0

    SHA1

    a0c0ac7545c962175c5aecd558bd6716ef142d83

    SHA256

    5871e3035bdb079950e63bf95a1c536f616149ac718b4617f823a63806771597

    SHA512

    c930ef5a45951f6cc1e98605e5e757f662815020f1f9e9eec20716787eb0407fd7abfd9f041b12b12a9f05027f3cbb4f1648fe1f2f3c77025ab4ae4842ca4c65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f8f1fce366aa4a54fabbb8be494459c

    SHA1

    8d9d66ca070919a86d94dff7ef9fcfe5ac0ffe51

    SHA256

    451fec0b8b48cbd6fffdc5fbf702de965bee8a66b0a4923afe0b6533b28d8443

    SHA512

    12bf365f492b75f085662463f7da09db7e834ac034713c0c4f887e615653fc39d97525aa7e4207a03f4dc2608ab18b61981d50df710f3f2c31011aee911499a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74d95d0a6ee21af3c03da0b98ca4d28b

    SHA1

    da46e288d8219407d1dea11c9add60111436811c

    SHA256

    e24244abf4d637879021104b8349574968161d748b3d832c850b9b19931a6e99

    SHA512

    1aa9a8d96355660a50f3f4842a26690e1e33cdb1b6cf59b291046be6a9a4b5c442482cbe4623a0169ce99331d471d03bfac5115e389fd0914c701474e70dd6ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f64e5da02ee5ac8c585cce5c95174de

    SHA1

    62e784e3d9af1699719abf29f4dd24497d112338

    SHA256

    c17e38e553a1b5030434906351453772fa8ebec4f4798adb4eed84ac3ce73371

    SHA512

    a6103cbc0e1c059af574503e4f8d3a02c0207bf92c363c39ef9ac4206c6b7edc4f7f0ef03310e69767c87f9aec8a6c703f7c093e5fa2c143f29b26ea556c4897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66e8845db4e9a5aac850bdf2f0c6e203

    SHA1

    0e2df209a3abe470ba961f2552e05ee1a3c18d85

    SHA256

    91f1553010438009e93e1fb48a046d490882df7aac7830e546a918071644563f

    SHA512

    2f05044bfba00a65e9dade916200aab38267c4b5926c02f7b642a97e93a31c3c56b4a339b43fc7d24231541739626f534c32bb490fa9aa9a647a1597faf95434

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75e8a621f047a12fd8f59be7fcae535b

    SHA1

    9dcca900d9a4124829cdeef1c67d18a51faacfd2

    SHA256

    e95208783b61cd2bb7f89f5c1093a8f63903d83759897cebecb61a91170b6386

    SHA512

    3256a2fdf648b7972f45ac2f16214f84cee65147dd22bbc5639f38289dc0c0677fdcca1e99e0a41f05e483b33b446c2268d504ed7d901d4e355434a147cc226f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8104.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8174.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1228-7-0x0000000003DA0000-0x0000000003E19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1228-152-0x0000000003DA0000-0x0000000003E19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1228-4-0x0000000003DA0000-0x0000000003E19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1228-5-0x0000000002A90000-0x0000000002A93000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1228-3-0x0000000002A90000-0x0000000002A93000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2884-141-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-442-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-0-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-264-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-764-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-769-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-781-0x0000000000E40000-0x0000000000F42000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.