Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

aadb6ae3b0...83.exe

windows7-x64

1

aadb6ae3b0...83.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 04:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83.exe

  • Size

    4.4MB

  • MD5

    69ecbfa6b6a24ab5e16bcdd899e1617f

  • SHA1

    41d9cd4b611d5983a37c12a777d1497181c42cf6

  • SHA256

    aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83

  • SHA512

    8819984e11d3b3afab5d49ee96de480254b13101da8e74e09c8a499778e8aee54f01b18faa887f5b3131da5f52b2c8497dd4f3c8c412ef37ecbaeea722d3f5a7

  • SSDEEP

    49152:rOCxSImaFXmyp7U5OK91KLQBeAnUJN5pdeBv9MyoDCwYc:vUAFXmyxe1KLQBeivKy2CwJ

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83.exe
    "C:\Users\Admin\AppData\Local\Temp\aadb6ae3b04b8940f2cc2c65152d9b602bc3f7f8f7809985593149f6e3c7cc83.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Windows\SysWOW64\ctfmon.exe
      "C:\Windows\SysWOW64\ctfmon.exe -p 1234"
      2⤵
        PID:4012

    Network

    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      68.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      https://23.226.138.143:2083/api/apps.permissions.users.request
      ctfmon.exe
      Remote address:
      23.226.138.143:2083
      Request
      POST /api/apps.permissions.users.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 23.226.138.143:2083
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:36:57 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://23.226.138.143:2083/api/admin.teams.settings.setName
      ctfmon.exe
      Remote address:
      23.226.138.143:2083
      Request
      POST /api/admin.teams.settings.setName HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 23.226.138.143:2083
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:46 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://23.226.138.143:2083/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      23.226.138.143:2083
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 23.226.138.143:2083
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:37 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      143.138.226.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      143.138.226.23.in-addr.arpa
      IN PTR
      Response
      143.138.226.23.in-addr.arpa
      IN PTR
      23226138143static quadranetcom
    • flag-us
      POST
      https://86.38.225.105:13721/api/apps.permissions.users.request
      ctfmon.exe
      Remote address:
      86.38.225.105:13721
      Request
      POST /api/apps.permissions.users.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.105:13721
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:36:59 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://86.38.225.105:13721/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      86.38.225.105:13721
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.105:13721
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:51 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://86.38.225.105:13721/api/admin.teams.settings.setName
      ctfmon.exe
      Remote address:
      86.38.225.105:13721
      Request
      POST /api/admin.teams.settings.setName HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.105:13721
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:39 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      105.225.38.86.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.225.38.86.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      https://86.38.225.106:2221/api/apps.permissions.request
      ctfmon.exe
      Remote address:
      86.38.225.106:2221
      Request
      POST /api/apps.permissions.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.106:2221
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:02 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://86.38.225.106:2221/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      86.38.225.106:2221
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.106:2221
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:59 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://86.38.225.106:2221/api/apps.permissions.request
      ctfmon.exe
      Remote address:
      86.38.225.106:2221
      Request
      POST /api/apps.permissions.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 86.38.225.106:2221
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:43 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      106.225.38.86.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.225.38.86.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-de
      POST
      https://178.18.246.136:2078/api/admin.teams.settings.setName
      ctfmon.exe
      Remote address:
      178.18.246.136:2078
      Request
      POST /api/admin.teams.settings.setName HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 178.18.246.136:2078
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:05 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-de
      POST
      https://178.18.246.136:2078/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      178.18.246.136:2078
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 178.18.246.136:2078
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:01 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-de
      POST
      https://178.18.246.136:2078/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      178.18.246.136:2078
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 178.18.246.136:2078
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:46 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.246.18.178.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.246.18.178.in-addr.arpa
      IN PTR
      Response
      136.246.18.178.in-addr.arpa
      IN PTR
      vmd129681 contaboservernet
    • flag-de
      POST
      https://37.60.242.85:9785/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      37.60.242.85:9785
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 37.60.242.85:9785
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:30 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-de
      POST
      https://37.60.242.85:9785/api/admin.teams.settings.info
      ctfmon.exe
      Remote address:
      37.60.242.85:9785
      Request
      POST /api/admin.teams.settings.info HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 37.60.242.85:9785
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:25 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      85.242.60.37.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      85.242.60.37.in-addr.arpa
      IN PTR
      Response
      85.242.60.37.in-addr.arpa
      IN PTR
      vmd129090 contaboservernet
    • flag-us
      POST
      https://23.226.138.161:5242/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      23.226.138.161:5242
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 23.226.138.161:5242
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:37 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://23.226.138.161:5242/api/apps.permissions.users.request
      ctfmon.exe
      Remote address:
      23.226.138.161:5242
      Request
      POST /api/apps.permissions.users.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 23.226.138.161:5242
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:30 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      161.138.226.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.138.226.23.in-addr.arpa
      IN PTR
      Response
      161.138.226.23.in-addr.arpa
      IN PTR
      23226138161static quadranetcom
    • flag-de
      POST
      https://37.60.242.86:2967/api/admin.teams.settings.setName
      ctfmon.exe
      Remote address:
      37.60.242.86:2967
      Request
      POST /api/admin.teams.settings.setName HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 37.60.242.86:2967
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:38 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-de
      POST
      https://37.60.242.86:2967/api/admin.teams.admins.list
      ctfmon.exe
      Remote address:
      37.60.242.86:2967
      Request
      POST /api/admin.teams.admins.list HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 37.60.242.86:2967
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:30 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      86.242.60.37.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.242.60.37.in-addr.arpa
      IN PTR
      Response
      86.242.60.37.in-addr.arpa
      IN PTR
      vmd129091 contaboservernet
    • flag-us
      POST
      https://85.239.243.155:5000/api/apps.permissions.request
      ctfmon.exe
      Remote address:
      85.239.243.155:5000
      Request
      POST /api/apps.permissions.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 85.239.243.155:5000
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:37:41 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      POST
      https://85.239.243.155:5000/api/apps.permissions.request
      ctfmon.exe
      Remote address:
      85.239.243.155:5000
      Request
      POST /api/apps.permissions.request HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      Accept-Language: en-US,en;q=0.8
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; A7F; BRI/2; Tablet PC 2.0; wbx 1.0.0; Microsoft Outlook 14.0.7233; ms-office;
      Content-Length: 5366
      Host: 85.239.243.155:5000
      Response
      HTTP/1.1 502 Bad Gateway
      Server: nginx
      Date: Tue, 13 Feb 2024 04:38:33 GMT
      Content-Type: text/html
      Content-Length: 552
      Connection: keep-alive
    • flag-us
      DNS
      155.243.239.85.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      155.243.239.85.in-addr.arpa
      IN PTR
      Response
      155.243.239.85.in-addr.arpa
      IN PTR
      vmd129057 contaboservernet
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • 23.226.138.143:2083
      https://23.226.138.143:2083/api/admin.teams.admins.list
      tls, http
      ctfmon.exe
      19.1kB
       5.3kB
       24
      17

      HTTP Request

      POST https://23.226.138.143:2083/api/apps.permissions.users.request

      HTTP Response

      502

      HTTP Request

      POST https://23.226.138.143:2083/api/admin.teams.settings.setName

      HTTP Response

      502

      HTTP Request

      POST https://23.226.138.143:2083/api/admin.teams.admins.list

      HTTP Response

      502
    • 86.38.225.105:13721
      https://86.38.225.105:13721/api/admin.teams.settings.setName
      tls, http
      ctfmon.exe
      28.8kB
       5.4kB
       30
      17

      HTTP Request

      POST https://86.38.225.105:13721/api/apps.permissions.users.request

      HTTP Response

      502

      HTTP Request

      POST https://86.38.225.105:13721/api/admin.teams.admins.list

      HTTP Response

      502

      HTTP Request

      POST https://86.38.225.105:13721/api/admin.teams.settings.setName

      HTTP Response

      502
    • 86.38.225.106:2221
      https://86.38.225.106:2221/api/apps.permissions.request
      tls, http
      ctfmon.exe
      32.8kB
       5.4kB
       33
      18

      HTTP Request

      POST https://86.38.225.106:2221/api/apps.permissions.request

      HTTP Response

      502

      HTTP Request

      POST https://86.38.225.106:2221/api/admin.teams.admins.list

      HTTP Response

      502

      HTTP Request

      POST https://86.38.225.106:2221/api/apps.permissions.request

      HTTP Response

      502
    • 178.18.246.136:2078
      https://178.18.246.136:2078/api/admin.teams.admins.list
      tls, http
      ctfmon.exe
      19.0kB
       5.2kB
       23
      14

      HTTP Request

      POST https://178.18.246.136:2078/api/admin.teams.settings.setName

      HTTP Response

      502

      HTTP Request

      POST https://178.18.246.136:2078/api/admin.teams.admins.list

      HTTP Response

      502

      HTTP Request

      POST https://178.18.246.136:2078/api/admin.teams.admins.list

      HTTP Response

      502
    • 86.38.225.108:2226
      ctfmon.exe
      260 B
       5
    • 37.60.242.85:9785
      https://37.60.242.85:9785/api/admin.teams.settings.info
      tls, http
      ctfmon.exe
      12.8kB
       4.3kB
       17
      11

      HTTP Request

      POST https://37.60.242.85:9785/api/admin.teams.admins.list

      HTTP Response

      502

      HTTP Request

      POST https://37.60.242.85:9785/api/admin.teams.settings.info

      HTTP Response

      502
    • 23.226.138.161:5242
      https://23.226.138.161:5242/api/apps.permissions.users.request
      tls, http
      ctfmon.exe
      12.9kB
       5.2kB
       19
      14

      HTTP Request

      POST https://23.226.138.161:5242/api/admin.teams.admins.list

      HTTP Response

      502

      HTTP Request

      POST https://23.226.138.161:5242/api/apps.permissions.users.request

      HTTP Response

      502
    • 37.60.242.86:2967
      https://37.60.242.86:2967/api/admin.teams.admins.list
      tls, http
      ctfmon.exe
      12.8kB
       4.3kB
       17
      10

      HTTP Request

      POST https://37.60.242.86:2967/api/admin.teams.settings.setName

      HTTP Response

      502

      HTTP Request

      POST https://37.60.242.86:2967/api/admin.teams.admins.list

      HTTP Response

      502
    • 85.239.243.155:5000
      https://85.239.243.155:5000/api/apps.permissions.request
      tls, http
      ctfmon.exe
      12.8kB
       4.4kB
       17
      12

      HTTP Request

      POST https://85.239.243.155:5000/api/apps.permissions.request

      HTTP Response

      502

      HTTP Request

      POST https://85.239.243.155:5000/api/apps.permissions.request

      HTTP Response

      502
    • 86.38.225.108:2226
      ctfmon.exe
      260 B
       5
    • 86.38.225.108:2226
      ctfmon.exe
      208 B
       4
    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      68.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      68.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      143.138.226.23.in-addr.arpa
      dns
      73 B
       122 B
       1
      1

      DNS Request

      143.138.226.23.in-addr.arpa

    • 8.8.8.8:53
      105.225.38.86.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      105.225.38.86.in-addr.arpa

    • 8.8.8.8:53
      106.225.38.86.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      106.225.38.86.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      136.246.18.178.in-addr.arpa
      dns
      73 B
       114 B
       1
      1

      DNS Request

      136.246.18.178.in-addr.arpa

    • 8.8.8.8:53
      85.242.60.37.in-addr.arpa
      dns
      71 B
       112 B
       1
      1

      DNS Request

      85.242.60.37.in-addr.arpa

    • 8.8.8.8:53
      161.138.226.23.in-addr.arpa
      dns
      73 B
       122 B
       1
      1

      DNS Request

      161.138.226.23.in-addr.arpa

    • 8.8.8.8:53
      86.242.60.37.in-addr.arpa
      dns
      71 B
       112 B
       1
      1

      DNS Request

      86.242.60.37.in-addr.arpa

    • 8.8.8.8:53
      155.243.239.85.in-addr.arpa
      dns
      73 B
       114 B
       1
      1

      DNS Request

      155.243.239.85.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3224-0-0x0000000005220000-0x0000000005255000-memory.dmp

      Filesize

      212KB

      Download

    • memory/3224-4-0x0000000005220000-0x0000000005255000-memory.dmp

      Filesize

      212KB

      Download

    • memory/4012-7-0x0000000000FD0000-0x0000000000FE8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4012-1-0x0000000000FD0000-0x0000000000FE8000-memory.dmp

      Filesize

      96KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.