Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 15:27 UTC

General

  • Target

    2024-03-08_13eaf2f3080d0b45d0e204dac6866f79_cryptolocker.exe

  • Size

    45KB

  • MD5

    13eaf2f3080d0b45d0e204dac6866f79

  • SHA1

    30d93273e8554782d243655eb396ec5ae248bc04

  • SHA256

    00f35eb22416ab9f126697c7227c857155c4645e474f00584f5b2abd2a97a3e5

  • SHA512

    986146905c3f79de2622aba6b38ab8e4b376429da974f78f606b6560c7a023315b5d0f39668af7d2488628db7f096c6659bf4c6901fdb1983039732cc5217f1b

  • SSDEEP

    768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8z2iaSIO/WZrEu/d+qmsUHQ1wsk:ZzFbxmLPWQMOtEvwDpj386Sj/WprqQ12

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-08_13eaf2f3080d0b45d0e204dac6866f79_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-08_13eaf2f3080d0b45d0e204dac6866f79_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:4132

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
  • flag-us
    DNS
    149.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    186.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    186.178.17.96.in-addr.arpa
    IN PTR
    Response
    186.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-186deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0896FD7D78CE63451D2DE941797562A6; domain=.bing.com; expires=Wed, 02-Apr-2025 15:27:32 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E467A3CC5F73461DBDD8EB956C548820 Ref B: LON04EDGE0821 Ref C: 2024-03-08T15:27:32Z
    date: Fri, 08 Mar 2024 15:27:32 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0896FD7D78CE63451D2DE941797562A6
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=u9CyJXNtf8kPYPDOCJZ7UBp8cyBKzZrLKcq_hP3vjkM; domain=.bing.com; expires=Wed, 02-Apr-2025 15:27:32 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 520851B511EA4A008760C01FB7507108 Ref B: LON04EDGE0821 Ref C: 2024-03-08T15:27:32Z
    date: Fri, 08 Mar 2024 15:27:32 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0896FD7D78CE63451D2DE941797562A6; MSPTC=u9CyJXNtf8kPYPDOCJZ7UBp8cyBKzZrLKcq_hP3vjkM
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A11A52221B274B1E8AC78BDA506C3C3C Ref B: LON04EDGE0821 Ref C: 2024-03-08T15:27:32Z
    date: Fri, 08 Mar 2024 15:27:32 GMT
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
    Response
    nexusrules.officeapps.live.com
    IN CNAME
    prod.nexusrules.live.com.akadns.net
    prod.nexusrules.live.com.akadns.net
    IN A
    52.111.236.21
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
    Response
    134.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-134deploystaticakamaitechnologiescom
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301187_1ZYFA7XNBG4NK6SSZ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301187_1ZYFA7XNBG4NK6SSZ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 212146
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 41735C4F3A50485EA92835034410863F Ref B: LON04EDGE0709 Ref C: 2024-03-08T15:29:09Z
    date: Fri, 08 Mar 2024 15:29:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 246785
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DC4034C9D988424E939CF57A8BA1CC6A Ref B: LON04EDGE0709 Ref C: 2024-03-08T15:29:09Z
    date: Fri, 08 Mar 2024 15:29:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301596_1DG6BQP8IZK93D1X4&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301596_1DG6BQP8IZK93D1X4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 457945
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BEA87CFC34734CBF877133EA81CDCDED Ref B: LON04EDGE0709 Ref C: 2024-03-08T15:29:09Z
    date: Fri, 08 Mar 2024 15:29:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 519937
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 46FE0663F19E4994A5BECC282FA0C13D Ref B: LON04EDGE0709 Ref C: 2024-03-08T15:29:10Z
    date: Fri, 08 Mar 2024 15:29:09 GMT
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    tls, http2
    2.0kB
    9.2kB
    21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=684ce62eb7f746d1ab63e13bbc2b4cb6&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 52.111.236.23:443
    322 B
    7
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    55.6kB
    1.5MB
    1096
    1088

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301187_1ZYFA7XNBG4NK6SSZ&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301596_1DG6BQP8IZK93D1X4&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    8.4kB
    18
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.6kB
    8.1kB
    18
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    9.9kB
    14
    9
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    260 B
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    52 B
    1
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    114 B
    73 B
    2
    1

    DNS Request

    bestccc.com

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

  • 8.8.8.8:53
    149.177.190.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    149.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    186.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    186.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    158 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    224 B
    299 B
    3
    2

    DNS Request

    171.39.242.20.in-addr.arpa

    DNS Request

    nexusrules.officeapps.live.com

    DNS Request

    nexusrules.officeapps.live.com

    DNS Response

    52.111.236.21

  • 8.8.8.8:53
    134.71.91.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    134.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    45KB

    MD5

    396c3dfcf7d13988bea46e7c0bf0b9ff

    SHA1

    00aad7fc3d2e094b50ab135bad221b9f6ff70b2a

    SHA256

    552c57f0f8fa7fb90cfdfd1095cd3e9cf0f854578679f64dc518a84f609912c2

    SHA512

    644f4c60bef44730c8dc050c52a56830a33d3e27c7f2252746a9196d712475667d2d569d53f34d86134433d8ee623783556e93f230f8c18ea226e443d6cc07e8

  • memory/4132-17-0x0000000000460000-0x0000000000470000-memory.dmp

    Filesize

    64KB

  • memory/4132-20-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

  • memory/4132-21-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

  • memory/4132-27-0x0000000000460000-0x0000000000470000-memory.dmp

    Filesize

    64KB

  • memory/4756-0-0x0000000000450000-0x0000000000453000-memory.dmp

    Filesize

    12KB

  • memory/4756-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/4756-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/4756-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

  • memory/4756-18-0x0000000000450000-0x0000000000453000-memory.dmp

    Filesize

    12KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.