Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-08...er.exe

windows7-x64

7

2024-01-08...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 06:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_678c6ebdf17922d5578d2db3e672347d_cryptolocker.exe

  • Size

    60KB

  • MD5

    678c6ebdf17922d5578d2db3e672347d

  • SHA1

    21255d4c44baa190d094900e8439345f85935438

  • SHA256

    189ff11339724ba04d11c4632624ad00154dbc40f028b7f1665ca30e0dad46c8

  • SHA512

    fe8188d2dfb6b5d2be2af3f0f710a6a3ea00f3ac3c0e1e6c8c8d53946982dbf9890096c814313c0bf5024ba33badbf1a38502d6f63163f45246e01418b8dc4ff

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniDSq:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7H

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_678c6ebdf17922d5578d2db3e672347d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_678c6ebdf17922d5578d2db3e672347d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1604

Network

  • flag-us
    DNS
    gemlttwi.com
    hurok.exe
    Remote address:
    8.8.8.8:53
    Request
    gemlttwi.com
    IN A
    Response
    gemlttwi.com
    IN A
    192.185.35.56
  • flag-us
    DNS
    gemlttwi.com
    hurok.exe
    Remote address:
    8.8.8.8:53
    Request
    gemlttwi.com
    IN A
  • flag-us
    DNS
    6.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://gemlttwi.com/tech/2mr.exe
    hurok.exe
    Remote address:
    192.185.35.56:443
    Request
    GET /tech/2mr.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: gemlttwi.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 09 Jan 2024 07:09:25 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://gemlttwi.com/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.35.185.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.35.185.192.in-addr.arpa
    IN PTR
    Response
    56.35.185.192.in-addr.arpa
    IN PTR
    immacbytescom
  • flag-us
    DNS
    56.35.185.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.35.185.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.38.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.38.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 485755
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CB95DC15FE95423DB04CDABB6D32A3E5 Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:09Z
    date: Tue, 09 Jan 2024 07:10:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301411_15MW0N7QKPVBOUCK9&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301411_15MW0N7QKPVBOUCK9&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 106065
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 501054170D6D4414B5FA18CF87E4D766 Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:09Z
    date: Tue, 09 Jan 2024 07:10:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300978_1LR278M4882TDZIMW&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300978_1LR278M4882TDZIMW&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 122631
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D1B200C5EE024F30902449998B6625B5 Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:09Z
    date: Tue, 09 Jan 2024 07:10:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 543528
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3B67B05655F44AA3BF35D0C4C4FFE72F Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:09Z
    date: Tue, 09 Jan 2024 07:10:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 556472
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2DE6D5D16F4A41D8A5491A030121B335 Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:10Z
    date: Tue, 09 Jan 2024 07:10:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 489903
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 56F48189354B489282C1F453A1B7F070 Ref B: LON04EDGE0721 Ref C: 2024-01-09T07:10:16Z
    date: Tue, 09 Jan 2024 07:10:16 GMT
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    4.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    4.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 52.142.223.178:80
    104 B
     2
  • 192.185.35.56:443
    https://gemlttwi.com/tech/2mr.exe
    tls, http
    hurok.exe
    5.3kB
     110.9kB
     94
    88

    HTTP Request

    GET https://gemlttwi.com/tech/2mr.exe

    HTTP Response

    404
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     9.8kB
     18
    16
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     9.8kB
     18
    16
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    86.2kB
     2.4MB
     1786
    1780

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301411_15MW0N7QKPVBOUCK9&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300978_1LR278M4882TDZIMW&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     9.8kB
     18
    16
  • 8.8.8.8:53
    gemlttwi.com
    dns
    hurok.exe
    116 B
     74 B
     2
    1

    DNS Request

    gemlttwi.com

    DNS Request

    gemlttwi.com

    DNS Response

    192.185.35.56

  • 8.8.8.8:53
    6.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    6.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    146.78.124.51.in-addr.arpa

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    56.35.185.192.in-addr.arpa
    dns
    144 B
     100 B
     2
    1

    DNS Request

    56.35.185.192.in-addr.arpa

    DNS Request

    56.35.185.192.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    233.38.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    233.38.18.104.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    2.136.104.51.in-addr.arpa

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    206.23.85.13.in-addr.arpa

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    88.156.103.20.in-addr.arpa

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    186 B
     173 B
     3
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    22.236.111.52.in-addr.arpa

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    4.173.189.20.in-addr.arpa
    dns
    142 B
     314 B
     2
    2

    DNS Request

    4.173.189.20.in-addr.arpa

    DNS Request

    4.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    60KB

    MD5

    4999da2c68dcb68d93a3ef254d666522

    SHA1

    325985cb624479df33d77cead5df66ea787457b5

    SHA256

    037102d68361d16d2e804f97010d16eb5a258bc1da1570f9bdb5ceb1c765a799

    SHA512

    c5f5245bedcaaaea2500cd7a380d4c89a85de6f9d5275673819722e5e17ec647e331d5da43314149a455e51f6d4c50ae2f63d8604a84bfe67ecfab4f476ce703

    Download Submit

  • memory/1604-22-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5080-0-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5080-1-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5080-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.