Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c2a770ca66...f7.exe

windows7-x64

10

c2a770ca66...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 06:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2a770ca66e4ee54f078afe8a2eb27f7.exe

  • Size

    944KB

  • MD5

    c2a770ca66e4ee54f078afe8a2eb27f7

  • SHA1

    6a7432afeeb9367febf8331fe63ffbd44a284b77

  • SHA256

    547bf6d6ed5ae181513ed653109514c73e5f50c3ea3a094bcd382fbd3c4b4bb0

  • SHA512

    571bd2d0d8267071af48525daa5b9a6aba42a14a51e3a85320135da48c0c995f34dcb2adb8440ce585554a4e6e2a17a84290de02db20f166fe6521894477b487

  • SSDEEP

    24576:0XzSYN91YjU3GJSDaBc8WNzELdGfetUG3ixJUkKEl0Ke0:wOYN91Yjk2ZLsGtUGKJUkKEl0Ke0

Score
10/10
azorultoskiraccoonc81fb6015c832710f869f6911e1aec18747e0184infostealerspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
1
$Z2s`ten\@bE9vzR
rc4.plain
1
c8a85e1185e210f4c647f2b27686f0e2

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

hsagoi.ac.ug

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2a770ca66e4ee54f078afe8a2eb27f7.exe
    "C:\Users\Admin\AppData\Local\Temp\c2a770ca66e4ee54f078afe8a2eb27f7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\GFsewerhgccbv.exe
      "C:\Users\Admin\AppData\Local\Temp\GFsewerhgccbv.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1456
      • C:\Users\Admin\AppData\Local\Temp\GFsewerhgccbv.exe
        "C:\Users\Admin\AppData\Local\Temp\GFsewerhgccbv.exe"
        3⤵
        • Executes dropped EXE
        PID:2644
    • C:\Users\Admin\AppData\Local\Temp\GFytrnvbas.exe
      "C:\Users\Admin\AppData\Local\Temp\GFytrnvbas.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Users\Admin\AppData\Local\Temp\GFytrnvbas.exe
        "C:\Users\Admin\AppData\Local\Temp\GFytrnvbas.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 768
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2812
    • C:\Users\Admin\AppData\Local\Temp\c2a770ca66e4ee54f078afe8a2eb27f7.exe
      "C:\Users\Admin\AppData\Local\Temp\c2a770ca66e4ee54f078afe8a2eb27f7.exe"
      2⤵
      • Modifies system certificate store
      PID:2528

Network

  • flag-us
    DNS
    telete.in
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    185.53.177.54
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:12 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:17 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:22 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:28 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:33 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:38 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:43 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:48 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:53 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:15:58 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:03 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:08 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:13 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:18 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:23 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:28 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:34 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:39 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:44 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:49 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:54 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:16:59 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:04 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:09 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:14 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:19 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:25 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:30 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:35 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/brikitiki
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /brikitiki HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 12 Mar 2024 06:17:40 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-us
    DNS
    gordons.ac.ug
    GFsewerhgccbv.exe
    Remote address:
    8.8.8.8:53
    Request
    gordons.ac.ug
    IN A
    Response
  • flag-us
    DNS
    hsagoi.ac.ug
    GFytrnvbas.exe
    Remote address:
    8.8.8.8:53
    Request
    hsagoi.ac.ug
    IN A
    Response
  • flag-us
    DNS
    gordons.ac.ug
    GFsewerhgccbv.exe
    Remote address:
    8.8.8.8:53
    Request
    gordons.ac.ug
    IN A
    Response
  • 185.53.177.54:443
    https://telete.in/brikitiki
    tls, http
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    9.0kB
     11.3kB
     68
    41

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/brikitiki

    HTTP Response

    410
  • 8.8.8.8:53
    telete.in
    dns
    c2a770ca66e4ee54f078afe8a2eb27f7.exe
    55 B
     71 B
     1
    1

    DNS Request

    telete.in

    DNS Response

    185.53.177.54

  • 8.8.8.8:53
    gordons.ac.ug
    dns
    GFsewerhgccbv.exe
    59 B
     123 B
     1
    1

    DNS Request

    gordons.ac.ug

  • 8.8.8.8:53
    hsagoi.ac.ug
    dns
    GFytrnvbas.exe
    58 B
     122 B
     1
    1

    DNS Request

    hsagoi.ac.ug

  • 8.8.8.8:53
    gordons.ac.ug
    dns
    GFsewerhgccbv.exe
    59 B
     123 B
     1
    1

    DNS Request

    gordons.ac.ug

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GFytrnvbas.exe
    Filesize

    240KB

    MD5

    b9924928f4b29aeefeae44164fcb572a

    SHA1

    a8e5d7154f5692ecb437970fa13b10d5f6459a93

    SHA256

    8a820fde18a110966a32716f5ebc4ca9a991bce2e08a58620f266d5372575bcd

    SHA512

    16b2450977d174bf43e8ea344b251469b60d4b5c7bd194637dd6418686766925cf382fdda2db4c57e060ad77b1a4b8d29b3500a07dd2e6ceb6a92b01f54ef5b9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GFsewerhgccbv.exe
    Filesize

    192KB

    MD5

    1f52ea06bdd59969bfa0f74cbe3d36e1

    SHA1

    4ed0c4495a502830c46715fdef20033f29df51f8

    SHA256

    e6bd46f02b26c3670dbe7af7baa83411c793f7765994bf40ada869a81a4d340a

    SHA512

    48c7f339498ee5e07be238cf4ab059639557b27ff98f0d69752047ab83cf512ea13373fd7783e2aa9fd7a6a14ae861baceaa4614500f0647cff07255d892d672

    Download Submit

  • memory/1284-23-0x00000000027D0000-0x00000000027D7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1284-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-42-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-24-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2528-57-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2528-36-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/2528-49-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2644-29-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2644-47-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2644-48-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2644-33-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2724-43-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2724-45-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2724-46-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-37-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2724-50-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2724-59-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2724-60-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.