Overview

overview

10

Static

static

10

2024-03-06...ab.exe

windows7-x64

6

2024-03-06...ab.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 05:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

  • Size

    73KB

  • MD5

    1cce0adc37ad9e9fc510053ce65dec2d

  • SHA1

    c2ea5482845bd51bcf25bd120d5e166ed8aadf83

  • SHA256

    4003bb541fc45f13644bf52c0d94c938877c4445a6c27c8f15dd785910bdd0f9

  • SHA512

    8189e2fd698888baa8e6deb770879666be2d7f5986b5b10a73ae483b83300ffab098d9928b853747466779af6da3eca8f0b44b0206053db702f76334a67a10ee

  • SSDEEP

    1536:x55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:5MSjOnrmBTMqqDL2/mr3IdE8we0Avu5F

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\nslookup.exe
      nslookup nomoreransom.bit dns1.soprodns.ru
      2⤵
        PID:2624
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup emsisoft.bit dns1.soprodns.ru
        2⤵
          PID:2428
        • C:\Windows\SysWOW64\nslookup.exe
          nslookup gandcrab.bit dns1.soprodns.ru
          2⤵
            PID:2436
          • C:\Windows\SysWOW64\nslookup.exe
            nslookup nomoreransom.bit dns1.soprodns.ru
            2⤵
              PID:1144
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              2⤵
                PID:1236
              • C:\Windows\SysWOW64\nslookup.exe
                nslookup gandcrab.bit dns1.soprodns.ru
                2⤵
                  PID:2820
                • C:\Windows\SysWOW64\nslookup.exe
                  nslookup nomoreransom.bit dns1.soprodns.ru
                  2⤵
                    PID:2316
                  • C:\Windows\SysWOW64\nslookup.exe
                    nslookup emsisoft.bit dns1.soprodns.ru
                    2⤵
                      PID:1056
                    • C:\Windows\SysWOW64\nslookup.exe
                      nslookup gandcrab.bit dns1.soprodns.ru
                      2⤵
                        PID:2724
                      • C:\Windows\SysWOW64\nslookup.exe
                        nslookup nomoreransom.bit dns1.soprodns.ru
                        2⤵
                          PID:1876
                        • C:\Windows\SysWOW64\nslookup.exe
                          nslookup emsisoft.bit dns1.soprodns.ru
                          2⤵
                            PID:240
                          • C:\Windows\SysWOW64\nslookup.exe
                            nslookup gandcrab.bit dns1.soprodns.ru
                            2⤵
                              PID:2268
                            • C:\Windows\SysWOW64\nslookup.exe
                              nslookup nomoreransom.bit dns1.soprodns.ru
                              2⤵
                                PID:620

                            Network

                            • flag-us
                              DNS
                              ipv4bot.whatismyipaddress.com
                              2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              ipv4bot.whatismyipaddress.com
                              IN A
                              Response
                            • flag-us
                              DNS
                              dns1.soprodns.ru
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              dns1.soprodns.ru
                              IN A
                              Response
                            • flag-us
                              DNS
                              dns1.soprodns.ru
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              dns1.soprodns.ru
                              IN A
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              Response
                              8.8.8.8.in-addr.arpa
                              IN PTR
                              dnsgoogle
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              emsisoft.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              emsisoft.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              gandcrab.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gandcrab.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN A
                              Response
                            • flag-us
                              DNS
                              nomoreransom.bit
                              nslookup.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              nomoreransom.bit
                              IN AAAA
                              Response
                            No results found
                            • 8.8.8.8:53
                              ipv4bot.whatismyipaddress.com
                              dns
                              2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
                              75 B
                               134 B
                               1
                              1

                              DNS Request

                              ipv4bot.whatismyipaddress.com

                            • 8.8.8.8:53
                              dns1.soprodns.ru
                              dns
                              nslookup.exe
                              124 B
                               123 B
                               2
                              1

                              DNS Request

                              dns1.soprodns.ru

                              DNS Request

                              dns1.soprodns.ru

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               90 B
                               1
                              1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              emsisoft.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              emsisoft.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              gandcrab.bit
                              dns
                              nslookup.exe
                              58 B
                               133 B
                               1
                              1

                              DNS Request

                              gandcrab.bit

                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              nslookup.exe
                              66 B
                               1

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            • 8.8.8.8:53
                              nomoreransom.bit
                              dns
                              nslookup.exe
                              62 B
                               137 B
                               1
                              1

                              DNS Request

                              nomoreransom.bit

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.