Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ef813d3b0...40.exe

windows7-x64

7

3ef813d3b0...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ef813d3b06de0d718960ee0b3cac240.exe

  • Size

    107KB

  • MD5

    3ef813d3b06de0d718960ee0b3cac240

  • SHA1

    0358d69e1bb21aba314832be52aed676511d7224

  • SHA256

    04758db8553c2e207871021008fdba4a99576d3dfc9a1a42bbdfddf2448e333d

  • SHA512

    293d0af7a8dea9e7d32aea0a9f235c8d1eb500983c50eb392ca6bc5f1b1327118aee2eae924ba3ab0676d706ecdf49d6d6763f12879f68fc6cd4d005950652a0

  • SSDEEP

    1536:3WU7JfGXyjPrwpw2ZCZg6oIg/g4Rx/jz6OLVSRepPk7IfsdOApw/8Wt0qfplybjO:H1xUpgZ2J/g4n/FsRecP5pI8WRpyK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ef813d3b06de0d718960ee0b3cac240.exe
    "C:\Users\Admin\AppData\Local\Temp\3ef813d3b06de0d718960ee0b3cac240.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 2.bat
      2⤵
        PID:4632
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c 2.bat
        2⤵
          PID:4168

      Network

      • flag-us
        DNS
        23.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.179.17.96.in-addr.arpa
        IN PTR
        Response
        81.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        150.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        150.1.37.23.in-addr.arpa
        IN PTR
        Response
        150.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-150deploystaticakamaitechnologiescom
      • flag-us
        DNS
        11.2.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.2.37.23.in-addr.arpa
        IN PTR
        Response
        11.2.37.23.in-addr.arpa
        IN PTR
        a23-37-2-11deploystaticakamaitechnologiescom
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        134.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.71.91.104.in-addr.arpa
        IN PTR
        Response
        134.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-134deploystaticakamaitechnologiescom
      • flag-us
        DNS
        74.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        74.179.17.96.in-addr.arpa
        IN PTR
        Response
        74.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-74deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        5.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        5.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.181.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        146.78.124.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        146.78.124.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        146.78.124.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        146.78.124.51.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        209.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.178.17.96.in-addr.arpa
        IN PTR
        Response
        209.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-209deploystaticakamaitechnologiescom
      • flag-us
        DNS
        209.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        67.112.168.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.112.168.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        67.112.168.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.112.168.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 456003
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 02CBD56188BE4ACE9862325DD97A9FF0 Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:42Z
        date: Wed, 03 Jan 2024 20:15:41 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301584_1KMA1SYJOHONSUVLP&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301584_1KMA1SYJOHONSUVLP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 385467
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A1EFB69B5CA446288CDBC9055F2695FA Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:42Z
        date: Wed, 03 Jan 2024 20:15:41 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 325965
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2BEE3FF8C1C44F518F08DA7273FAFFAA Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:42Z
        date: Wed, 03 Jan 2024 20:15:42 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 342507
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 475411F9A62C47FB94675D1AB00697F5 Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:43Z
        date: Wed, 03 Jan 2024 20:15:43 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301175_1O75L39KSXK4UQDB6&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301175_1O75L39KSXK4UQDB6&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 470375
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 5DA4DA0675DA422F88BDD8FD917FD775 Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:50Z
        date: Wed, 03 Jan 2024 20:15:49 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 459590
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7A83CD4A0D66493BB21AFEE6BDC95603 Ref B: LON04EDGE0907 Ref C: 2024-01-03T20:15:50Z
        date: Wed, 03 Jan 2024 20:15:50 GMT
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         9.6kB
         17
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         589 B
         10
        8
      • 204.79.197.200:443
        tse1.mm.bing.net
        156 B
         3
      • 204.79.197.200:443
        tse1.mm.bing.net
        156 B
         3
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        90.7kB
         2.6MB
         1862
        1856

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301584_1KMA1SYJOHONSUVLP&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301175_1O75L39KSXK4UQDB6&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200
      • 13.107.21.200:443
        tse1.mm.bing.net
        tls, http2
        1.7kB
         8.8kB
         18
        14
      • 13.107.21.200:443
        tse1.mm.bing.net
        tls, http2
        1.6kB
         8.3kB
         17
        14
      • 8.8.8.8:53
        23.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        81.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        81.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        150.1.37.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        150.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        11.2.37.23.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        11.2.37.23.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        198.187.3.20.in-addr.arpa

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        134.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        134.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        74.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        74.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        43.229.111.52.in-addr.arpa

        DNS Request

        43.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        5.181.190.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        5.181.190.20.in-addr.arpa

        DNS Request

        5.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        146.78.124.51.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        146.78.124.51.in-addr.arpa

        DNS Request

        146.78.124.51.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        2.136.104.51.in-addr.arpa

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        209.178.17.96.in-addr.arpa
        dns
        144 B
         137 B
         2
        1

        DNS Request

        209.178.17.96.in-addr.arpa

        DNS Request

        209.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        142 B
         314 B
         2
        2

        DNS Request

        57.169.31.20.in-addr.arpa

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        67.112.168.52.in-addr.arpa
        dns
        144 B
         146 B
         2
        1

        DNS Request

        67.112.168.52.in-addr.arpa

        DNS Request

        67.112.168.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
         173 B
         2
        1

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        146 B
         212 B
         2
        2

        DNS Request

        200.197.79.204.in-addr.arpa

        DNS Request

        200.197.79.204.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        41B

        MD5

        ba7fbc1af9676442d6da5bdb5afe813c

        SHA1

        151f5f221a3e02f9e51a8cb20495416b79da4c04

        SHA256

        ffac204151edc4de9316c4416df635cd0d68a1d4b33125e6bf32209b0f879816

        SHA512

        94338b36552b9b5f9772b735ebfb8dce8d750ce3c81996f2cd052d0f1e0d9010366d6b711340356506f81d4cd875c8cb0ee71ab0d5c77e22ab9d98893cc70edd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        52B

        MD5

        79f485589be6c5807d897f83641c45f5

        SHA1

        cf89f8962cbb25c0a22949e6956b2f7340680f59

        SHA256

        7ac89c9449bb50e781081d1bee95b39f786553f79ae651638097748f926ff2ec

        SHA512

        409cf520741545b8674b9a2164741a0a1b00057162ee084f02e0752880995df7494ba1cbc8fedb30cae21c42b8d16cb28d9063d915732c967fdacae12b732278

        Download Submit

      • C:\Windows\debug\B831406A9770.dll
        Filesize

        154KB

        MD5

        76a1b33a8596a8817e47bf61727adfa2

        SHA1

        bae46d76c9a70f44bdaa19f8a3bc8dfd477428c6

        SHA256

        36576ad5de7e2361d874173baad78ecf7a0158a8ecd17a57028958590e8cfacf

        SHA512

        64764a1346c79030165731c4b30bdb603e1c11f026576b98256f916d1113f60d40628864eaece5ee6f5bec6359d928a61c566ab99de0957fe77445966bb890b4

        Download Submit

      • memory/804-0-0x0000000000400000-0x000000000043F20C-memory.dmp

        Filesize

        252KB

        Download

      • memory/804-1-0x0000000000400000-0x000000000043F20C-memory.dmp

        Filesize

        252KB

        Download

      • memory/804-4-0x0000000000400000-0x000000000043F20C-memory.dmp

        Filesize

        252KB

        Download

      • memory/804-15-0x0000000000A00000-0x0000000000A2B000-memory.dmp

        Filesize

        172KB

        Download

      • memory/804-18-0x0000000000400000-0x000000000043F20C-memory.dmp

        Filesize

        252KB

        Download

      • memory/804-19-0x0000000000A00000-0x0000000000A2B000-memory.dmp

        Filesize

        172KB

        Download

      • memory/804-20-0x0000000000400000-0x000000000043F20C-memory.dmp

        Filesize

        252KB

        Download

      • memory/804-21-0x0000000000A00000-0x0000000000A2B000-memory.dmp

        Filesize

        172KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.