Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cf99183718...e4.exe

windows7-x64

10

cf99183718...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 01:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe

  • Size

    248KB

  • MD5

    4ebd3a7b290aef1f54a87a5f73a7b01c

  • SHA1

    71ccf640482c057ac90371f15a612fe1ef96ace3

  • SHA256

    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4

  • SHA512

    64bb356b2b5535b219c7c790175df531c5ab8becc8754cb6c815e99ffe54754b625c91549fc0c521264c328ec0c815cd29888617efbb2a4cd3c578ec43e74b2e

  • SSDEEP

    3072:kOjxevBcDjQdrgUDdCGAX31X7tlcxEHglJsd1/Ab32yZlOsQqO1j99MjJ:SAcdlcX31X7tlMGFTy6sQvm

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    "C:\Users\Admin\AppData\Local\Temp\cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Users\Admin\biokoi.exe
      "C:\Users\Admin\biokoi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1388

Network

  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ns1.musiczipz.com
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musiczipz.com
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.net
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.net
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.net
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.net
    IN A
  • flag-us
    DNS
    ns1.musicmixa.org
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixb.co
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixb.co
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixc.com
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixc.com
    IN A
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    140.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.71.91.104.in-addr.arpa
    IN PTR
    Response
    140.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-140deploystaticakamaitechnologiescom
  • flag-us
    DNS
    58.99.105.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.99.105.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 393346
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D7BFECA84DE6400D90FDF5A5A1F4A1A0 Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:08Z
    date: Sun, 10 Mar 2024 01:12:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 483933
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 798666A0558049F8B78E2D89C78FA689 Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:08Z
    date: Sun, 10 Mar 2024 01:12:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 505215
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 775B18E45E4D440B85F0EBDF0D17084A Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:08Z
    date: Sun, 10 Mar 2024 01:12:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 280365
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1316967A41BE4154B7CB92D444453BD0 Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:08Z
    date: Sun, 10 Mar 2024 01:12:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 469984
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F997884626054035BC6FE15885F1C794 Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:08Z
    date: Sun, 10 Mar 2024 01:12:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 428945
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 38AD0B4FA47D4E1A9D855546FD934550 Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:12:26Z
    date: Sun, 10 Mar 2024 01:12:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 428945
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CFD874A1351B4409955C0C89D2716FAD Ref B: LON04EDGE0820 Ref C: 2024-03-10T01:13:31Z
    date: Sun, 10 Mar 2024 01:13:31 GMT
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
    Response
    32.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
    Response
    134.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-134deploystaticakamaitechnologiescom
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    50.192.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.192.11.51.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.5kB
     17
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.5kB
     17
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    110.3kB
     3.2MB
     2332
    2324

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.5kB
     17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.4kB
     15
    13
  • 8.8.8.8:53
    74.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    ns1.musiczipz.com
    dns
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musiczipz.com

  • 8.8.8.8:53
    ns1.musicmixa.net
    dns
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    126 B
     136 B
     2
    1

    DNS Request

    ns1.musicmixa.net

    DNS Request

    ns1.musicmixa.net

  • 8.8.8.8:53
    ns1.musicmixa.org
    dns
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    63 B
     145 B
     1
    1

    DNS Request

    ns1.musicmixa.org

  • 8.8.8.8:53
    ns1.musicmixb.co
    dns
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    62 B
     127 B
     1
    1

    DNS Request

    ns1.musicmixb.co

  • 8.8.8.8:53
    ns1.musicmixc.com
    dns
    cf991837184e1248074523f2a09c9d1a1ef27139e03bc70850595df7b7bd39e4.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixc.com

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    104.219.191.52.in-addr.arpa

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    140.71.91.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    140.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    58.99.105.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    58.99.105.20.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    32.134.221.88.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    32.134.221.88.in-addr.arpa

    DNS Request

    32.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    134.71.91.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    134.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    50.192.11.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    50.192.11.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\biokoi.exe
    Filesize

    248KB

    MD5

    9ca4eeded2ab41b6d7851ed3498a9452

    SHA1

    95d01926e44d000e9ed96fb0f346b6d937d55f43

    SHA256

    86577fa7851acb6af1c176d08c83b69bf36b5ea6234a9f5860ff542eb95feacd

    SHA512

    aa0c68b50bef10d65500439ff7566c947d1c9f3abe7bf2fb88fe3aff391d1fa0c089fb1d5bea7209eb7a5a1814fbb0d77fb575c39fb8ccfbc326bafd727b4f30

    Download Submit

  • memory/1388-21-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1388-26-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4564-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4564-25-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.