Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 05:22 UTC

General

  • Target

    98949a479e481213c2b747263ad7501d.exe

  • Size

    489KB

  • MD5

    98949a479e481213c2b747263ad7501d

  • SHA1

    21013b2c7d0efd7c4f065855ef7e646257a775a7

  • SHA256

    24ca1ccadea86789ecfa651686910b20bd61a1ae775969b3cbf904d963df778c

  • SHA512

    58496db0a59d886f15214270538fe05370fe2e4513ac864a8dbcd5d644573af624ff8d4b10d6c13ffde1b5062b591995eda2e7e6b92d710d149125707384087e

  • SSDEEP

    12288:heuo6R5cmgutOGrBtHLdB1+3E5zdWLCr+d6iv9su3uXEl:Iju56pGl/B1Cir+d6i2ukEl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe
    "C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\98949a479e481213c2b747263ad7501d.exe
      C:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\98949a479e481213c2b747263ad7501d.exe /path="C:\Users\Admin\AppData\Local\Temp\98949a479e481213c2b747263ad7501d.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    dtrack.secdls.com
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.secdls.com
    IN A
    Response
  • flag-us
    DNS
    api.updatevideos.com
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    8.8.8.8:53
    Request
    api.updatevideos.com
    IN A
    Response
    api.updatevideos.com
    IN A
    13.248.169.48
    api.updatevideos.com
    IN A
    76.223.54.146
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:29 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:30 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:31 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    GET
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /index.php/api/151/Setup/502/568/English.xml HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Host: api.updatevideos.com
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:31 GMT
    Content-Type: text/html
    Content-Length: 315
    Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
    Connection: keep-alive
    ETag: "65b834cc-13b"
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OtpAYnZB9wYnmyRjc0uegeWNIEcVUxcfSG4m8mxSCplpo49ac3NCPTZXKysmo8PgOXlHFXW99IpfO5rPFgaJEg
    Cache-Control: no-cache
    X-Content-Type-Options: nosniff
    Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
    Set-Cookie: country=RO;Path=/;Max-Age=86400;
    Set-Cookie: city="";Path=/;Max-Age=86400;
    Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
    Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
    Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
    Accept-Ranges: bytes
  • flag-us
    DNS
    48.169.248.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.169.248.13.in-addr.arpa
    IN PTR
    Response
    48.169.248.13.in-addr.arpa
    IN PTR
    a904c694c05102f30awsglobalacceleratorcom
  • flag-us
    DNS
    dtrack.secdls.com
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.secdls.com
    IN A
    Response
  • flag-us
    DNS
    track.updatevideos.com
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    8.8.8.8:53
    Request
    track.updatevideos.com
    IN A
    Response
    track.updatevideos.com
    IN A
    13.248.169.48
    track.updatevideos.com
    IN A
    76.223.54.146
  • flag-us
    POST
    http://track.updatevideos.com/index.php/trackLocal/sendQueue
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    POST /index.php/trackLocal/sendQueue HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: track.updatevideos.com
    Content-Length: 379
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:34 GMT
    Content-Type: text/plain
    Content-Length: 0
    Connection: keep-alive
    ETag: "65ca405c-0"
  • flag-us
    POST
    http://track.updatevideos.com/index.php/trackLocal/sendQueue
    98949a479e481213c2b747263ad7501d.exe
    Remote address:
    13.248.169.48:80
    Request
    POST /index.php/trackLocal/sendQueue HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: track.updatevideos.com
    Content-Length: 379
    Expect: 100-continue
    Response
    HTTP/1.1 403 Forbidden
    Server: openresty
    Date: Tue, 13 Feb 2024 05:23:34 GMT
    Content-Type: text/plain
    Content-Length: 0
    Connection: keep-alive
    ETag: "65ca405c-0"
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • 138.91.171.81:80
    104 B
    2
  • 13.248.169.48:80
    http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml
    http
    98949a479e481213c2b747263ad7501d.exe
    3.7kB
    15.3kB
    17
    25

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200

    HTTP Request

    GET http://api.updatevideos.com/index.php/api/151/Setup/502/568/English.xml

    HTTP Response

    200
  • 13.248.169.48:80
    http://track.updatevideos.com/index.php/trackLocal/sendQueue
    http
    98949a479e481213c2b747263ad7501d.exe
    1.4kB
    634 B
    7
    7

    HTTP Request

    POST http://track.updatevideos.com/index.php/trackLocal/sendQueue

    HTTP Response

    403

    HTTP Request

    POST http://track.updatevideos.com/index.php/trackLocal/sendQueue

    HTTP Response

    403
  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    dtrack.secdls.com
    dns
    98949a479e481213c2b747263ad7501d.exe
    63 B
    136 B
    1
    1

    DNS Request

    dtrack.secdls.com

  • 8.8.8.8:53
    api.updatevideos.com
    dns
    98949a479e481213c2b747263ad7501d.exe
    66 B
    98 B
    1
    1

    DNS Request

    api.updatevideos.com

    DNS Response

    13.248.169.48
    76.223.54.146

  • 8.8.8.8:53
    48.169.248.13.in-addr.arpa
    dns
    72 B
    128 B
    1
    1

    DNS Request

    48.169.248.13.in-addr.arpa

  • 8.8.8.8:53
    dtrack.secdls.com
    dns
    98949a479e481213c2b747263ad7501d.exe
    63 B
    136 B
    1
    1

    DNS Request

    dtrack.secdls.com

  • 8.8.8.8:53
    track.updatevideos.com
    dns
    98949a479e481213c2b747263ad7501d.exe
    68 B
    100 B
    1
    1

    DNS Request

    track.updatevideos.com

    DNS Response

    13.248.169.48
    76.223.54.146

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\DomaIQ10.exe

    Filesize

    361KB

    MD5

    d50392c6002950c8e2fc7ea0c7af4a05

    SHA1

    8cd8fd41bbb9fdb2376b1623af9f2e850ef142ce

    SHA256

    bfe0338d37e9cb6ceb5b47742f400f06345c713e2743947afb0db19da9428787

    SHA512

    5e6a2ad58c24eacba09c197ed5d07e6b37c1a897cfde0fc27743087c0d6a47ee14204497c5c6af8696999ced668eb0d858ebe711d14c3f236a2eac5f3cb5addf

  • C:\Users\Admin\AppData\Local\Temp\DM\wPjFzmb276fZhZ3\installer.exe

    Filesize

    489KB

    MD5

    98949a479e481213c2b747263ad7501d

    SHA1

    21013b2c7d0efd7c4f065855ef7e646257a775a7

    SHA256

    24ca1ccadea86789ecfa651686910b20bd61a1ae775969b3cbf904d963df778c

    SHA512

    58496db0a59d886f15214270538fe05370fe2e4513ac864a8dbcd5d644573af624ff8d4b10d6c13ffde1b5062b591995eda2e7e6b92d710d149125707384087e

  • C:\Users\Admin\AppData\Local\Temp\nsw64D6.tmp\pwgen.dll

    Filesize

    16KB

    MD5

    a555472395178ac8c733d90928e05017

    SHA1

    f44b192d66473f01a6540aaec4b6c9ac4c611d35

    SHA256

    82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

    SHA512

    e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

  • memory/2684-30-0x0000000000B10000-0x0000000000B18000-memory.dmp

    Filesize

    32KB

  • memory/2684-32-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-27-0x00007FF948B00000-0x00007FF9494A1000-memory.dmp

    Filesize

    9.6MB

  • memory/2684-28-0x000000001B7C0000-0x000000001BC8E000-memory.dmp

    Filesize

    4.8MB

  • memory/2684-29-0x000000001B490000-0x000000001B52C000-memory.dmp

    Filesize

    624KB

  • memory/2684-25-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-31-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-26-0x0000000000AE0000-0x0000000000AEE000-memory.dmp

    Filesize

    56KB

  • memory/2684-33-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-34-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-35-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

    Filesize

    64KB

  • memory/2684-24-0x00007FF948B00000-0x00007FF9494A1000-memory.dmp

    Filesize

    9.6MB

  • memory/2684-38-0x00000000200E0000-0x0000000020142000-memory.dmp

    Filesize

    392KB

  • memory/2684-40-0x00007FF948B00000-0x00007FF9494A1000-memory.dmp

    Filesize

    9.6MB

  • memory/2684-43-0x00007FF948B00000-0x00007FF9494A1000-memory.dmp

    Filesize

    9.6MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.