Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

22b7909298...62.exe

windows7-x64

7

22b7909298...62.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 01:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22b7909298c4e5d9a18055e3b1c66e62.exe

  • Size

    506KB

  • MD5

    22b7909298c4e5d9a18055e3b1c66e62

  • SHA1

    da9a3ab62f8bb89ae0cf924081b328315d33d0f9

  • SHA256

    45b9e6e8b0de0313d76e5765fc0e3cc2bb0f873e7c6c2e13e59aa81c06353469

  • SHA512

    36d43094ad1135eb40a958b459cb09d56bd0bfc269c94032289bc1b948d09d12d6bb2e5dc9f77733998017b5f7137ddf88161507dbea213c202b9e07609e5d11

  • SSDEEP

    6144:UFDRlD2QwHZr2PJBXTeNhrOvFcW+tKLhnGXY2sxYbjpMfiSLLb858+0iIL2co:U7IQ+URBSfrW3+twpGovYS7Ln82TBo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe
    "C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe
      C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:4856

Network

  • flag-us
    DNS
    1.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    210.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.178.17.96.in-addr.arpa
    IN PTR
    Response
    210.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-210deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    167.109.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.109.18.2.in-addr.arpa
    IN PTR
    Response
    167.109.18.2.in-addr.arpa
    IN PTR
    a2-18-109-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.UZ9ZLk5AJw.com
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    8.8.8.8:53
    Request
    www.UZ9ZLk5AJw.com
    IN A
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    w.google.com
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    8.8.8.8:53
    Request
    w.google.com
    IN A
    Response
    w.google.com
    IN CNAME
    www3.l.google.com
    www3.l.google.com
    IN A
    142.250.200.46
  • flag-gb
    GET
    http://w.google.com/
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    142.250.200.46:80
    Request
    GET / HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: w.google.com
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Referrer-Policy: no-referrer
    Content-Length: 1561
    Date: Mon, 01 Jan 2024 18:14:55 GMT
  • flag-us
    DNS
    pastebin.com
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.68.143
    pastebin.com
    IN A
    104.20.67.143
    pastebin.com
    IN A
    172.67.34.170
  • flag-us
    GET
    http://pastebin.com/raw/ubFNTPjt
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    104.20.68.143:80
    Request
    GET /raw/ubFNTPjt HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: pastebin.com
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 01 Jan 2024 18:14:55 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jan 2024 19:14:55 GMT
    Location: https://pastebin.com/raw/ubFNTPjt
    Server: cloudflare
    CF-RAY: 83ecbea5ee166316-LHR
  • flag-us
    GET
    https://pastebin.com/raw/ubFNTPjt
    22b7909298c4e5d9a18055e3b1c66e62.exe
    Remote address:
    104.20.68.143:443
    Request
    GET /raw/ubFNTPjt HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: pastebin.com
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 01 Jan 2024 18:15:01 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 1092
    Server: cloudflare
    CF-RAY: 83ecbec8db174596-LHR
  • flag-us
    DNS
    46.200.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.200.250.142.in-addr.arpa
    IN PTR
    Response
    46.200.250.142.in-addr.arpa
    IN PTR
    lhr48s30-in-f141e100net
  • flag-us
    DNS
    143.68.20.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    143.68.20.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
    Response
    182.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-182deploystaticakamaitechnologiescom
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    58.99.105.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.99.105.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    188.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    188.178.17.96.in-addr.arpa
    IN PTR
    Response
    188.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-188deploystaticakamaitechnologiescom
  • flag-us
    DNS
    90.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 188125
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A274C2F9B20A4FF1AEF8D8C7848D606A Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:26Z
    date: Mon, 01 Jan 2024 18:16:25 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 315531
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F3FABA9C20E9466CA3BF8576EE8EF521 Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:26Z
    date: Mon, 01 Jan 2024 18:16:25 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 321569
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EC714A23F9AD4B8A9C943622160F6B70 Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:26Z
    date: Mon, 01 Jan 2024 18:16:25 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301016_1JYF9DMA1IXNJGX54&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301016_1JYF9DMA1IXNJGX54&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 495838
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EAB7EA1D31A348A69D0A99A4B43C42E8 Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:27Z
    date: Mon, 01 Jan 2024 18:16:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301449_18WFR7RMGIWPOQT3H&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301449_18WFR7RMGIWPOQT3H&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 435610
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A2C51AA0D0F6455EB2DE69221C825DFD Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:27Z
    date: Mon, 01 Jan 2024 18:16:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 168408
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A429504B37B14F8E9B8FC309D787DF87 Ref B: LON04EDGE0621 Ref C: 2024-01-01T18:16:27Z
    date: Mon, 01 Jan 2024 18:16:27 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • 20.231.121.79:80
    260 B
     5
  • 142.250.200.46:80
    http://w.google.com/
    http
    22b7909298c4e5d9a18055e3b1c66e62.exe
    462 B
     1.9kB
     5
    4

    HTTP Request

    GET http://w.google.com/

    HTTP Response

    404
  • 104.20.68.143:80
    http://pastebin.com/raw/ubFNTPjt
    http
    22b7909298c4e5d9a18055e3b1c66e62.exe
    1.0kB
     424 B
     7
    3

    HTTP Request

    GET http://pastebin.com/raw/ubFNTPjt

    HTTP Response

    301
  • 104.20.68.143:443
    https://pastebin.com/raw/ubFNTPjt
    tls, http
    22b7909298c4e5d9a18055e3b1c66e62.exe
    1.1kB
     4.7kB
     11
    8

    HTTP Request

    GET https://pastebin.com/raw/ubFNTPjt

    HTTP Response

    404
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    71.4kB
     2.0MB
     1488
    1481

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301059_1P6JR4ZMHWPBH8OVK&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301492_19VWK67ER2VBBOLMY&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301016_1JYF9DMA1IXNJGX54&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301449_18WFR7RMGIWPOQT3H&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301716_1XIXMEDMAZL1LK8SN&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.7kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.7kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.7kB
     17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.7kB
     17
    14
  • 8.8.8.8:53
    1.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    1.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    210.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    210.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    167.109.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    167.109.18.2.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

  • 8.8.8.8:53
    www.UZ9ZLk5AJw.com
    dns
    22b7909298c4e5d9a18055e3b1c66e62.exe
    64 B
     137 B
     1
    1

    DNS Request

    www.UZ9ZLk5AJw.com

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    w.google.com
    dns
    22b7909298c4e5d9a18055e3b1c66e62.exe
    58 B
     95 B
     1
    1

    DNS Request

    w.google.com

    DNS Response

    142.250.200.46

  • 8.8.8.8:53
    pastebin.com
    dns
    22b7909298c4e5d9a18055e3b1c66e62.exe
    58 B
     106 B
     1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.68.143
    104.20.67.143
    172.67.34.170

  • 8.8.8.8:53
    46.200.250.142.in-addr.arpa
    dns
    73 B
     112 B
     1
    1

    DNS Request

    46.200.250.142.in-addr.arpa

  • 8.8.8.8:53
    143.68.20.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    143.68.20.104.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    182.178.17.96.in-addr.arpa
    dns
    216 B
     137 B
     3
    1

    DNS Request

    182.178.17.96.in-addr.arpa

    DNS Request

    182.178.17.96.in-addr.arpa

    DNS Request

    182.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    58.99.105.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    58.99.105.20.in-addr.arpa

  • 8.8.8.8:53
    188.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    188.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    90.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    90.65.42.20.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     173 B
     2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\22b7909298c4e5d9a18055e3b1c66e62.exe
    Filesize

    506KB

    MD5

    e40a1897da867236ccea9a99d1667eb3

    SHA1

    aa7e9fdaf2276fe0f219b72db565e751351e99dd

    SHA256

    1129f24840b34f08bbfcc3b12f922809093224889ffa8823c34adda9cd4758c3

    SHA512

    03fced9c386747f72c43970c88e45eb6a9a863e9dabc6c37e2a9d1d572218ae7e0839c14b630a67dddf2b74f28410fae88d863ec6d767c190082d8ece5fe785e

    Download Submit

  • memory/3472-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/3472-1-0x0000000001630000-0x00000000016B3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/3472-2-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/3472-11-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/4392-13-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/4392-15-0x0000000000170000-0x00000000001F3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/4392-20-0x0000000004F00000-0x0000000004F7E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/4392-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4392-27-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.