Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

b673eef56b...44.exe

windows7-x64

7

b673eef56b...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe

  • Size

    536KB

  • MD5

    8330d11174bba642a0db6b6ccb0a6eba

  • SHA1

    815ab51b49dca00b7d2424cb2fce2ba2adc68f65

  • SHA256

    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44

  • SHA512

    ab03fef05b68de166a0d27555ffec72b6a33e377b302f98a4cb27974d47d95c55eca53f2040941e579a0570d24dfd3e3a515cad7686795fc4da80ddf20af8914

  • SSDEEP

    12288:zhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:zdQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1336
    • C:\Users\Admin\AppData\Local\Temp\b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
      "C:\Users\Admin\AppData\Local\Temp\b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2268

Network

  • flag-us
    DNS
    down.nugong.asia
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    114.114.114.114:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-cn
    DNS
    down.nugong.asia
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-us
    DNS
    down.nugong.asia
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    8.8.8.8:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-us
    DNS
    dns.alidns.com
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    8.8.8.8:53
    Request
    dns.alidns.com
    IN A
    Response
    dns.alidns.com
    IN A
    223.5.5.5
    dns.alidns.com
    IN A
    223.6.6.6
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=81.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:14 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=78.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:16 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=199.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:21 GMT
    Connection: close
  • flag-us
    DNS
    down.nugong.asia
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    114.114.114.114:53
    Request
    down.nugong.asia
    IN A
  • flag-cn
    DNS
    down.nugong.asia
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:53
    Request
    down.nugong.asia
    IN A
    Response
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=40.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:55 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=358.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:52 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=down.nugong.asia&type=1 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=36.000000
    Content-Length: 253
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:59 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=119.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:33:57 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=159.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:00 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=158.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:02 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=114.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:03 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=112.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:03 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=124.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:04 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.tyui54345.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=112.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:05 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=136.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:07 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi1.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=119.000000
    Content-Length: 441
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:09 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi2.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=129.000000
    Content-Length: 433
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:14 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=104.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:20 GMT
    Connection: close
  • flag-cn
    GET
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: dns.alidns.com
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=109.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:15 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=103.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:17 GMT
    Connection: close
  • flag-cn
    GET
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    Explorer.EXE
    Remote address:
    223.5.5.5:80
    Request
    GET /resolve?name=spi3.zxcv56745.xyz&type=16 HTTP/1.1
    Accept-Encoding: gzip, deflate
    Host: 223.5.5.5
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=102.000000
    Content-Length: 260
    Content-Type: application/json
    S: 89.149.23.59
    Date: Sun, 31 Dec 2023 14:34:22 GMT
    Connection: close
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    699 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    http
    Explorer.EXE
    449 B
     636 B
     7
    4

    HTTP Request

    GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    630 B
     2.8kB
     8
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    http
    Explorer.EXE
    444 B
     716 B
     7
    6

    HTTP Request

    GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    963 B
     2.8kB
     12
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    http
    Explorer.EXE
    452 B
     905 B
     7
    6

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    1.8kB
     2.6kB
     14
    6
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    668 B
     263 B
     9
    6
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    564 B
     255 B
     11
    6
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    791 B
     2.8kB
     11
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=down.nugong.asia&type=1
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    576 B
     676 B
     7
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    Explorer.EXE
    242 B
     92 B
     5
    2
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    http
    Explorer.EXE
    360 B
     857 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    969 B
     2.9kB
     12
    8
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    774 B
     2.9kB
     11
    8
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=down.nugong.asia&type=1
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    404 B
     676 B
     6
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=down.nugong.asia&type=1

    HTTP Response

    200
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    http
    Explorer.EXE
    406 B
     644 B
     6
    4

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    826 B
     2.9kB
     12
    9
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    751 B
     2.9kB
     10
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    751 B
     2.7kB
     10
    6
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    360 B
     857 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    695 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    http
    Explorer.EXE
    355 B
     684 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    695 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    360 B
     684 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    728 B
     2.9kB
     10
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    699 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    355 B
     684 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    849 B
     2.9kB
     12
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    360 B
     857 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    1.0kB
     132 B
     8
    3
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    360 B
     865 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    791 B
     2.8kB
     11
    7
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    412 B
     857 B
     6
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    520 B
     215 B
     6
    5
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    284 B
     215 B
     5
    5
  • 223.5.5.5:443
    dns.alidns.com
    Explorer.EXE
    282 B
     92 B
     6
    2
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    751 B
     2.9kB
     10
    8
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    634 B
     736 B
     8
    6

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:80
    http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    360 B
     684 B
     5
    5

    HTTP Request

    GET http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 223.5.5.5:443
    dns.alidns.com
    tls
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    676 B
     2.8kB
     9
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    520 B
     684 B
     6
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 120.222.152.193:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 223.5.5.5:443
    dns.alidns.com
    tls
    Explorer.EXE
    842 B
     2.8kB
     10
    7
  • 223.5.5.5:80
    http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16
    http
    Explorer.EXE
    355 B
     684 B
     5
    5

    HTTP Request

    GET http://223.5.5.5/resolve?name=spi3.zxcv56745.xyz&type=16

    HTTP Response

    200
  • 120.222.152.62:443
    Explorer.EXE
    104 B
     2
  • 120.222.152.62:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 118.212.235.109:443
    Explorer.EXE
    104 B
     2
  • 58.221.30.139:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 124.225.188.238:443
    Explorer.EXE
    104 B
     2
  • 39.175.102.247:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 120.222.152.66:443
    Explorer.EXE
    104 B
     2
  • 120.222.152.71:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 120.222.152.253:443
    Explorer.EXE
    104 B
     2
  • 42.231.136.87:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 111.31.238.222:443
    Explorer.EXE
    104 B
     2
  • 120.222.152.66:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    96 B
     2
  • 39.175.102.198:443
    Explorer.EXE
    104 B
     2
  • 112.46.51.224:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 118.212.235.231:443
    Explorer.EXE
    104 B
     2
  • 58.215.114.233:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 119.167.229.212:443
    Explorer.EXE
    104 B
     2
  • 139.200.106.73:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 117.180.236.80:443
    Explorer.EXE
    104 B
     2
  • 219.151.137.57:443
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    104 B
     2
  • 112.46.51.224:443
    Explorer.EXE
    48 B
     1
  • 114.114.114.114:53
    down.nugong.asia
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 223.5.5.5:53
    down.nugong.asia
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 8.8.8.8:53
    down.nugong.asia
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

  • 8.8.8.8:53
    dns.alidns.com
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    60 B
     92 B
     1
    1

    DNS Request

    dns.alidns.com

    DNS Response

    223.5.5.5
    223.6.6.6

  • 114.114.114.114:53
    down.nugong.asia
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    62 B
     1

    DNS Request

    down.nugong.asia

  • 223.5.5.5:53
    dns.alidns.com
    dns
    b673eef56bca48a2960264dd39fd3c8b6a9a8e6aa3f123695327d6db4fd1be44.exe
    62 B
     136 B
     1
    1

    DNS Request

    down.nugong.asia

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef6f6b92acd49d6b844ea2d5b44764f9

    SHA1

    8a2a65fc1cdd34eab9c1c4a7d46a93c4b9356bf7

    SHA256

    dfcbf798535d5f61268933c8fbc36a02850fd78fb5ae2d95549da007618735b6

    SHA512

    0666d25727009153e8bf1f4ef5ddd633ff1f713e7fe7b0476620eb81521d6c5119a81ca32d946f687212d895a191053e7409855976459668b40d0134dda4bac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b699da82ca7e0759853a024d1bdcec2

    SHA1

    7af0d1ce72aa2be6fb41eb510356c61aa98c6185

    SHA256

    b33f8f217378d065bf942a819994cdc16a79e98125077736b20941826e1c5a4a

    SHA512

    c608476ab35a749b67267c5ac4724150af6633f0c351927cc12b5d0381fa3681f1b9043cdca19914e089ff7235629c7a750a8b1f656c3eb3c778adfc576d06e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    241ae7829d9f74cfb7dd2e562af51750

    SHA1

    efbd461efe90798516d2ab6a6fd4e17d06ef2b93

    SHA256

    3a507c0e19946b3d1c5f755162e8dbd42524bc10287edad4dbf8ff8d2bce0b55

    SHA512

    9d2d64329b05c03a6720849991bd7b24cf545a21009868739c57a9ac67ddc531cfdb05011886be0f85d6051ecb071437aa581ed526230e086de2b0b2ef9525c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fffd1e01cd299cf133b4f79c97e278ef

    SHA1

    5fe07c0fb6f9827aff6fb1218f0426aac945d74d

    SHA256

    ef3b42c192348b7baadf1b63acce25290fc150f0627a6a04bc0a54d7f1c533ba

    SHA512

    31dba45fea778842d4c38a8e9ac8b01860907dbaddae9c994e2c8d657c2eb07d3a48571d1974ff68cdc3e9a33c9abe4161100351f8c28542bd5528497e2314d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e727ea5446807de8a925e9e567c3dbb7

    SHA1

    ffba198633b04cfc91a053c88890d334f9530676

    SHA256

    6a29ad1ad1143765f726e943077ab5e46908c9994fdf0b8da8188fbd93dadee8

    SHA512

    2e8214a6691bc108f881fdd6c67e4390b269bfb516c62acc906d2b15b930a99c973993823a03b6c7ffb8d2a36273d491b85e7ef140b61197ead0226f1fcc3052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67834b73b07400e8f0ec0e4e4bb87d41

    SHA1

    f5c8ec39cae5af4bd25a58f6ca0ad2aa4187cea6

    SHA256

    7d6dcf9b198c5fc0c611dc7f2c31d80debe21530f3074da1793093a4b30b7998

    SHA512

    3bf486f13ac5e29899e54cc2d242c0d5c7c6691687e7b91313593edf2609b8d2c4161d30409a8f0607035876dd2d795b6f35bce842c16e30f9a175587aef5d74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a07ff2525faa32ba75e0e7bfaff2b70e

    SHA1

    65e504e5228afbb79b18fb106405fba672139031

    SHA256

    bcaea0d481defef475617311a39cb07c4ed877dd997ec022b97e74f3e48ad052

    SHA512

    93153c17951c58c10bebfe8b8208eb283db592ec3dea2664d4beb2d4382267d9a2a14007a8178f3c39773a900a468d8538d35d7bff86f98832544ddb6e8829de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0430e41ba9121eaddc0c99973da46d91

    SHA1

    0ada2eec55e5ee7fb2f6ff410f27d673dd6f5af8

    SHA256

    34a2dfab70848f3b8d72bbc1394cce8db44e8ccf137a1fd69e4c86d86724c758

    SHA512

    d5363b2ea84cdf8ebeefe73b3c65e5bd1b4ce15fee00590cc99550e5b161a29e28332e9d870847a77464ac85c2890d70275a04037919be3c79d4b2cc0f5ec153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ce7c6d24f7f5d3369795d883a54d755

    SHA1

    44ddc1bdf71578642bee8c156912410828009517

    SHA256

    fa3d7ee31ee61f52f1e0bb7b36e8efb87e83018d3a1b92011695cfc552665161

    SHA512

    73f14f131bbc915af80ec06bbca6ad8e61c832ab2e11e7807e63f4fe8766a791eb923b6530ebbcef330c021077d59e7c80eb91566ebc20c3a4ed2ce77fc6f959

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ae7838cb4e53619b0584dac43a79c08

    SHA1

    cf0fae631b9ef42f69940556422cd54f911c0196

    SHA256

    c373a4104ee0522c6ce20b1d28c55c828d25577d01b8ca948ae14ba743ba98f3

    SHA512

    f7c6e21eb57646ac708db238d9ffa8b588483652852a0095f2053d92884aff406aaa5043d8f62de1fa5bb2b040b750f2d2725e32d0d26799ee8a53f211348e66

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9677.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar96D8.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1336-115-0x0000000003C30000-0x0000000003CA9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1336-6-0x00000000029E0000-0x00000000029E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1336-5-0x0000000003C30000-0x0000000003CA9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1336-4-0x00000000029E0000-0x00000000029E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1336-3-0x00000000029E0000-0x00000000029E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2268-155-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2268-113-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2268-0-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2268-394-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2268-655-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2268-669-0x0000000000D80000-0x0000000000E82000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.