207e43c0ef3d0b9f2363c7240af61d36d50bf6cf43a695c27b212b4c889d1729

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 12:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1daa61c59c7c505d8f9040ed2f70e69.exe
Size

224KB
MD5

a1daa61c59c7c505d8f9040ed2f70e69
SHA1

c786ac2c7ead93c9706e7f91efc366b4b1325b41
SHA256

207e43c0ef3d0b9f2363c7240af61d36d50bf6cf43a695c27b212b4c889d1729
SHA512

9e776f88afabe4ede780b7083e141c3ce4265b9d2735a075da4a54e0d8c32c6b8fcebe6ae730067cbf331165e376a169e97cc2290dbff9154b7f97fd494815e6
SSDEEP

3072:xIb1bW8HfeSnNXlaHjcUWOSvyDbf57bwyiO26w+cHHerrHtYI11pe6oAAahyW:ybWWBUWOS6D17bel6w+cHHCpIahyW

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\DragonCard.job	a1daa61c59c7c505d8f9040ed2f70e69.exe

C:\Users\Admin\AppData\Local\Temp\a1daa61c59c7c505d8f9040ed2f70e69.exe
"C:\Users\Admin\AppData\Local\Temp\a1daa61c59c7c505d8f9040ed2f70e69.exe"
1⤵
- Drops file in Windows directory
PID:4584

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

allmodel-pro.com

a1daa61c59c7c505d8f9040ed2f70e69.exe

Remote address:

8.8.8.8:53

Request

allmodel-pro.com

IN A

Response

allmodel-pro.com

IN A

204.11.56.48
DNS

first-usapro.info

a1daa61c59c7c505d8f9040ed2f70e69.exe

Remote address:

8.8.8.8:53

Request

first-usapro.info

IN A

Response
DNS

groupmodel.biz

a1daa61c59c7c505d8f9040ed2f70e69.exe

Remote address:

8.8.8.8:53

Request

groupmodel.biz

IN A

Response

groupmodel.biz

IN A

3.141.96.53

groupmodel.biz

IN A

3.20.137.44
GET

http://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

a1daa61c59c7c505d8f9040ed2f70e69.exe

Remote address:

3.141.96.53:80

Request

GET /?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: groupmodel.biz

Response

HTTP/1.1 301 Moved Permanently

location: https://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA
transfer-encoding: chunked
date: Sat, 24 Feb 2024 12:20:28 GMT
GET

https://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

a1daa61c59c7c505d8f9040ed2f70e69.exe

Remote address:

3.141.96.53:443

Request

GET /?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: groupmodel.biz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Sat, 24 Feb 2024 12:20:31 GMT
content-type: text/html; charset=utf-8
content-length: 2202
x-request-id: 78562bee-c06c-459d-baca-06e530c806cb
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_N7vCucKzJbnz99cnNSUFSGcaaJHrsSSchTZW0/AcalwGr4AQoQtEdlGd617yRXh/ltyTUuXB0OeaNrCsUQjktg==
set-cookie: parking_session=78562bee-c06c-459d-baca-06e530c806cb; expires=Sat, 24 Feb 2024 12:35:32 GMT; path=/
connection: close
DNS

84.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.177.190.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=35A7FE4CF63D6B2C3088EA63F7DD6A65; domain=.bing.com; expires=Thu, 20-Mar-2025 12:20:29 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 11D0AD5A9EE14987A1CAFC5462D4EFF3 Ref B: LON04EDGE1019 Ref C: 2024-02-24T12:20:29Z
date: Sat, 24 Feb 2024 12:20:28 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35A7FE4CF63D6B2C3088EA63F7DD6A65

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=xLPGnSelG0yzKxHxx2p_gUpcPjt16X79Q1-kyoDHxlA; domain=.bing.com; expires=Thu, 20-Mar-2025 12:20:29 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BCCF921563B4D23A8D7A3C454348D27 Ref B: LON04EDGE1019 Ref C: 2024-02-24T12:20:29Z
date: Sat, 24 Feb 2024 12:20:28 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35A7FE4CF63D6B2C3088EA63F7DD6A65; MSPTC=xLPGnSelG0yzKxHxx2p_gUpcPjt16X79Q1-kyoDHxlA

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 69B6B52A1BFD4C918899D40F77CFFD3D Ref B: LON04EDGE1019 Ref C: 2024-02-24T12:20:29Z
date: Sat, 24 Feb 2024 12:20:28 GMT
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

53.96.141.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.96.141.3.in-addr.arpa

IN PTR

Response

53.96.141.3.in-addr.arpa

IN PTR

ec2-3-141-96-53 us-east-2compute amazonawscom
DNS

32.169.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.169.19.2.in-addr.arpa

IN PTR

Response

32.169.19.2.in-addr.arpa

IN PTR

a2-19-169-32deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom

204.11.56.48:80

allmodel-pro.com

a1daa61c59c7c505d8f9040ed2f70e69.exe

156 B
3
3.141.96.53:80

http://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

http

a1daa61c59c7c505d8f9040ed2f70e69.exe

831 B
776 B
6
5

HTTP Request

GET http://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

HTTP Response

301
3.141.96.53:443

https://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

tls, http

a1daa61c59c7c505d8f9040ed2f70e69.exe

1.7kB
8.1kB
17
14

HTTP Request

GET https://groupmodel.biz/?q=J4dSUxBWvWggHBQvqoVXyfrw%2Fb4aAw6dWdA8xv8vJTX3g%2Bz7JswN6Eh8SlAA2WENfqezc4OxpAgDQkD3xu8%2Fb%2FKe39gEI4syommNRRgLAO8xr2796DaacTKQYJYZUpzSRVCp5Fmjl6dnit%2BC6XBek0VU9GQsrcttKLDu32UYEEKs3WC7jE11qwMYQpe2d1zlY89B0Ni6xMQFuqsH%2BNx7FdGEl4Kw0blP0mTYPI48rL1ICZQ0elLm4FswQaygoEJCO3%2FqbdhITOojfxVVOeRmSzWBpI7xKSvxLfq4QRiJ13xs%2Fn5LRQsZpljhVD2tLvohu%2BCIkvfcWajiZy63s4K2dfRWBCh3y5%2B6ZPLTEcs7IxfmTgbGUa0mb0I8cblzkbix%2FOvxraa%2FKwfhkHIqk7GHPA

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=77536650c8f04a1a9b448563f779781d&localId=w:DE85FF22-0C12-E266-9673-0EBC171C1C82&deviceId=6825825694848287&anid=

HTTP Response

204

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

allmodel-pro.com

dns

a1daa61c59c7c505d8f9040ed2f70e69.exe

62 B
78 B
1
1

DNS Request

allmodel-pro.com

DNS Response

204.11.56.48
8.8.8.8:53

first-usapro.info

dns

a1daa61c59c7c505d8f9040ed2f70e69.exe

63 B
142 B
1
1

DNS Request

first-usapro.info
8.8.8.8:53

groupmodel.biz

dns

a1daa61c59c7c505d8f9040ed2f70e69.exe

60 B
159 B
1
1

DNS Request

groupmodel.biz

DNS Response

3.141.96.53

3.20.137.44
8.8.8.8:53

84.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

84.177.190.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

53.96.141.3.in-addr.arpa

dns

70 B
131 B
1
1

DNS Request

53.96.141.3.in-addr.arpa
8.8.8.8:53

32.169.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

32.169.19.2.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4584-0-0x0000000001950000-0x0000000001960000-memory.dmp

Filesize
64KB

Download
memory/4584-1-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/4584-2-0x0000000001510000-0x0000000001530000-memory.dmp

Filesize
128KB

Download
memory/4584-3-0x0000000001650000-0x000000000167F000-memory.dmp

Filesize
188KB

Download
memory/4584-7-0x0000000001510000-0x0000000001530000-memory.dmp

Filesize
128KB

Download
memory/4584-18-0x0000000001510000-0x0000000001530000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.