bitrat | 2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

max time kernel
296s
max time network
309s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 03:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
Size

7.6MB
MD5

9b035bad2b8a21fb2c57fd784c89b8d5
SHA1

ee15fad65f3f22df7f54e218176c45d369ebb70f
SHA256

2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c
SHA512

96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde
SSDEEP

196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score

10^/10

bitrat trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.32

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
dllhost

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

BitRAT payload 2 IoCs

resource	yara_rule
behavioral4/memory/2832-0-0x0000000000400000-0x0000000000BAA000-memory.dmp	family_bitrat
behavioral4/memory/2832-46-0x0000000000400000-0x0000000000BAA000-memory.dmp	family_bitrat

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral4/files/0x000600000002a7d0-18.dat	acprotect
behavioral4/files/0x000100000002a7f3-20.dat	acprotect
behavioral4/files/0x000400000002a7ef-19.dat	acprotect
behavioral4/files/0x000100000002a7f5-30.dat	acprotect
behavioral4/files/0x000100000002a7f2-31.dat	acprotect
behavioral4/files/0x000100000002a7f7-27.dat	acprotect
behavioral4/files/0x000100000002a7f4-25.dat	acprotect

Executes dropped EXE 8 IoCs

pid	Process
4332	dllhost.exe
4840	dllhost.exe
2236	dllhost.exe
2448	dllhost.exe
2100	dllhost.exe
1384	dllhost.exe
1908	dllhost.exe
2580	dllhost.exe

Loads dropped DLL 57 IoCs

pid	Process
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4332	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
4840	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2236	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2448	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
2100	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1384	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
1908	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe
2580	dllhost.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/0x000100000002a7f6-14.dat	upx
behavioral4/files/0x000600000002a7d0-18.dat	upx
behavioral4/memory/4332-21-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/files/0x000100000002a7f3-20.dat	upx
behavioral4/files/0x000400000002a7ef-19.dat	upx
behavioral4/files/0x000100000002a7f5-30.dat	upx
behavioral4/memory/4332-35-0x00000000739E0000-0x0000000073AAE000-memory.dmp	upx
behavioral4/memory/4332-32-0x0000000073B00000-0x0000000073DCF000-memory.dmp	upx
behavioral4/files/0x000100000002a7f2-31.dat	upx
behavioral4/files/0x000100000002a7f7-27.dat	upx
behavioral4/files/0x000100000002a7f4-25.dat	upx
behavioral4/memory/4332-39-0x00000000739B0000-0x00000000739D4000-memory.dmp	upx
behavioral4/memory/4332-40-0x00000000737D0000-0x00000000738DA000-memory.dmp	upx
behavioral4/memory/4332-41-0x0000000073740000-0x00000000737C8000-memory.dmp	upx
behavioral4/memory/4332-43-0x0000000073AB0000-0x0000000073AF9000-memory.dmp	upx
behavioral4/memory/4332-44-0x00000000738E0000-0x00000000739A8000-memory.dmp	upx
behavioral4/memory/4332-47-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-48-0x0000000073B00000-0x0000000073DCF000-memory.dmp	upx
behavioral4/memory/4332-50-0x00000000739E0000-0x0000000073AAE000-memory.dmp	upx
behavioral4/memory/4332-69-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-77-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-92-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-103-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-118-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4332-134-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4840-159-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/4840-161-0x0000000073B00000-0x0000000073DCF000-memory.dmp	upx
behavioral4/memory/4840-162-0x00000000738E0000-0x00000000739A8000-memory.dmp	upx
behavioral4/memory/4840-165-0x0000000073AB0000-0x0000000073AF9000-memory.dmp	upx
behavioral4/memory/4840-164-0x00000000739E0000-0x0000000073AAE000-memory.dmp	upx
behavioral4/memory/4840-168-0x00000000737D0000-0x00000000738DA000-memory.dmp	upx
behavioral4/memory/4840-170-0x0000000073740000-0x00000000737C8000-memory.dmp	upx
behavioral4/memory/4840-166-0x00000000739B0000-0x00000000739D4000-memory.dmp	upx
behavioral4/memory/2236-184-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral4/memory/2236-185-0x00000000733C0000-0x0000000073488000-memory.dmp	upx
behavioral4/memory/2236-186-0x0000000073780000-0x00000000737A4000-memory.dmp	upx
behavioral4/memory/2236-187-0x00000000722E0000-0x00000000723EA000-memory.dmp	upx
behavioral4/memory/2236-194-0x0000000072210000-0x00000000722DE000-memory.dmp	upx
behavioral4/memory/2236-193-0x00000000737B0000-0x00000000737F9000-memory.dmp	upx
behavioral4/memory/2236-188-0x0000000073330000-0x00000000733B8000-memory.dmp	upx
behavioral4/memory/2236-209-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/2236-210-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral4/memory/2236-219-0x00000000733C0000-0x0000000073488000-memory.dmp	upx
behavioral4/memory/2448-253-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/2448-255-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral4/memory/2448-256-0x00000000733C0000-0x0000000073488000-memory.dmp	upx
behavioral4/memory/2448-259-0x0000000072210000-0x00000000722DE000-memory.dmp	upx
behavioral4/memory/2236-261-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/2448-263-0x0000000073780000-0x00000000737A4000-memory.dmp	upx
behavioral4/memory/2448-260-0x00000000737B0000-0x00000000737F9000-memory.dmp	upx
behavioral4/memory/2448-266-0x0000000073330000-0x00000000733B8000-memory.dmp	upx
behavioral4/memory/2448-264-0x00000000722E0000-0x00000000723EA000-memory.dmp	upx
behavioral4/memory/2448-274-0x0000000072210000-0x00000000722DE000-memory.dmp	upx
behavioral4/memory/2448-276-0x0000000073780000-0x00000000737A4000-memory.dmp	upx
behavioral4/memory/2448-275-0x00000000737B0000-0x00000000737F9000-memory.dmp	upx
behavioral4/memory/2448-277-0x00000000722E0000-0x00000000723EA000-memory.dmp	upx
behavioral4/memory/2448-278-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/2448-279-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral4/memory/2448-280-0x00000000733C0000-0x0000000073488000-memory.dmp	upx
behavioral4/memory/2100-290-0x0000000000CD0000-0x00000000010D4000-memory.dmp	upx
behavioral4/memory/2100-294-0x00000000737B0000-0x00000000737F9000-memory.dmp	upx
behavioral4/memory/2100-293-0x00000000733C0000-0x0000000073488000-memory.dmp	upx
behavioral4/memory/2100-297-0x0000000073330000-0x00000000733B8000-memory.dmp	upx
behavioral4/memory/2100-299-0x00000000722E0000-0x00000000723EA000-memory.dmp	upx

Looks up external IP address via web service 7 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	myexternalip.com
40	myexternalip.com
47	myexternalip.com
7	myexternalip.com
13	myexternalip.com
22	myexternalip.com
30	myexternalip.com

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
Token: SeShutdownPrivilege	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4332	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	80
PID 2832 wrote to memory of 4332	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	80
PID 2832 wrote to memory of 4332	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	80
PID 2832 wrote to memory of 4840	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	81
PID 2832 wrote to memory of 4840	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	81
PID 2832 wrote to memory of 4840	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	81
PID 2832 wrote to memory of 2236	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	82
PID 2832 wrote to memory of 2236	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	82
PID 2832 wrote to memory of 2236	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	82
PID 2832 wrote to memory of 2448	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	83
PID 2832 wrote to memory of 2448	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	83
PID 2832 wrote to memory of 2448	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	83
PID 2832 wrote to memory of 2100	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	84
PID 2832 wrote to memory of 2100	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	84
PID 2832 wrote to memory of 2100	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	84
PID 2832 wrote to memory of 1384	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	85
PID 2832 wrote to memory of 1384	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	85
PID 2832 wrote to memory of 1384	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	85
PID 2832 wrote to memory of 1908	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	86
PID 2832 wrote to memory of 1908	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	86
PID 2832 wrote to memory of 1908	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	86
PID 2832 wrote to memory of 2580	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	87
PID 2832 wrote to memory of 2580	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	87
PID 2832 wrote to memory of 2580	2832	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4332
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4840
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2236
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2448
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2100
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1384
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1908
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2580

Network

DNS

38.21.59.86.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.21.59.86.in-addr.arpa

IN PTR

Response

38.21.59.86.in-addr.arpa

IN CNAME

38.32-29.21.59.86.in-addr.arpa

38.32-29.21.59.86.in-addr.arpa

IN PTR

tornoreplyorg
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

187.153.104.109.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.153.104.109.in-addr.arpa

IN PTR

Response
DNS

98.179.111.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.179.111.23.in-addr.arpa

IN PTR

Response

98.179.111.23.in-addr.arpa

IN PTR

23-111-179-98statichvvcus
DNS

myexternalip.com

Remote address:

8.8.8.8:53

Request

myexternalip.com

IN A

Response

myexternalip.com

IN A

34.117.118.44
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.17.197.240

a767.dspw65.akamai.net

IN A

2.17.197.249
DNS

x1.c.lencr.org

Remote address:

8.8.8.8:53

Request

x1.c.lencr.org

IN A

Response

x1.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
DNS

r3.o.lencr.org

Remote address:

8.8.8.8:53

Request

r3.o.lencr.org

IN A

Response

r3.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

23.63.101.171

a1887.dscq.akamai.net

IN A

23.63.101.170
DNS

44.118.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.118.117.34.in-addr.arpa

IN PTR

Response

44.118.117.34.in-addr.arpa

IN PTR

4411811734bcgoogleusercontentcom
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.17.197.240

a767.dspw65.akamai.net

IN A

2.17.197.249
DNS

11.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.97.55.23.in-addr.arpa

IN PTR

Response

11.97.55.23.in-addr.arpa

IN PTR

a23-55-97-11deploystaticakamaitechnologiescom
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.43
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdcus08.centralus.cloudapp.azure.com

onedscolprdcus08.centralus.cloudapp.azure.com

IN A

104.208.16.88
DNS

171.101.63.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.101.63.23.in-addr.arpa

IN PTR

Response

171.101.63.23.in-addr.arpa

IN PTR

a23-63-101-171deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

88.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.16.208.104.in-addr.arpa

IN PTR

Response
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

182.65.177.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.65.177.93.in-addr.arpa

IN PTR

Response

182.65.177.93.in-addr.arpa

IN PTR

tor-entry-001-4363241313opsfinet

80.127.137.19:443

dllhost.exe

260 B
5
127.0.0.1:49768

dllhost.exe
81.7.16.182:443

dllhost.exe

260 B
5
51.38.134.104:443

dllhost.exe

260 B
200 B
5
5
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
86.59.21.38:443

www.lb3sfo2x4ppe2l6a7sakhb.com

tls

dllhost.exe

51.1kB
777.1kB
524
593
109.104.153.187:443

www.s32ickwa.com

tls

dllhost.exe

503.3kB
5.3MB
3299
4011
23.111.179.98:443

www.o23tix.com

tls

dllhost.exe

712.8kB
7.9MB
5547
5810
23.111.179.98:443

www.hox7iachkxehwnd5iwqckq7.com

tls

dllhost.exe

18.1kB
22.1kB
41
55
109.104.153.187:443

www.xdjy3ojxtpmf5j2akz.com

tls

dllhost.exe

31.3kB
35.2kB
73
101
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

984 B
4.4kB
11
9
127.0.0.1:49899

dllhost.exe
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

1.2kB
1.3kB
9
6
127.0.0.1:49940

dllhost.exe
93.177.65.182:443

www.jwxepwb52xwbkkcy2.com

tls

dllhost.exe

3.1kB
6.1kB
13
14
109.104.153.187:443

www.b3vshebdtfllyprfvzvhq.com

tls

dllhost.exe

17.7kB
22.3kB
43
60
23.111.179.98:443

www.jkuf7zg7jbmhbawaie.com

tls

dllhost.exe

17.8kB
22.7kB
44
57
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

1.2kB
1.3kB
9
6
127.0.0.1:50020

dllhost.exe
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

1.2kB
1.3kB
9
6
127.0.0.1:50062

dllhost.exe
199.249.230.64:443

dllhost.exe

260 B
200 B
5
5
109.104.153.187:443

www.a2rxagksmvdy7dduog.com

tls

dllhost.exe

14.8kB
19.2kB
38
50
23.111.179.98:443

www.tm5hcw.com

tls

dllhost.exe

23.1kB
26.1kB
56
75
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

1.2kB
1.3kB
9
6
127.0.0.1:50136

dllhost.exe
127.0.0.1:50164

dllhost.exe
81.7.16.182:443

dllhost.exe

260 B
5
23.111.179.98:443

www.2e53.com

tls

dllhost.exe

20.8kB
26.5kB
52
70
109.104.153.187:443

www.jhak2wov.com

tls

dllhost.exe

13.7kB
18.5kB
36
46
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
34.117.118.44:443

myexternalip.com

tls

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

1.2kB
1.3kB
9
6
127.0.0.1:50231

dllhost.exe
96.253.78.108:443

dllhost.exe

260 B
5
109.104.153.187:443

www.wkbtgu5rzq57ezzvc.com

tls

dllhost.exe

22.3kB
26.9kB
51
68
23.111.179.98:443

www.htuosdcshs5ipskdidclu.com

tls

dllhost.exe

11.9kB
14.0kB
30
35
127.0.0.1:45808

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

8.8.8.8:53

38.21.59.86.in-addr.arpa

dns

674 B
1.5kB
10
10

DNS Request

38.21.59.86.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

187.153.104.109.in-addr.arpa

DNS Request

98.179.111.23.in-addr.arpa

DNS Request

myexternalip.com

DNS Response

34.117.118.44

DNS Request

ctldl.windowsupdate.com

DNS Response

2.17.197.240

2.17.197.249

DNS Request

x1.c.lencr.org

DNS Response

23.55.97.11

DNS Request

r3.o.lencr.org

DNS Response

23.63.101.171

23.63.101.170

DNS Request

44.118.117.34.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

2.17.197.240

2.17.197.249
8.8.8.8:53

11.97.55.23.in-addr.arpa

dns

222 B
471 B
3
3

DNS Request

11.97.55.23.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.43

DNS Request

self.events.data.microsoft.com

DNS Response

104.208.16.88
8.8.8.8:53

171.101.63.23.in-addr.arpa

dns

216 B
441 B
3
3

DNS Request

171.101.63.23.in-addr.arpa

DNS Request

43.229.111.52.in-addr.arpa

DNS Request

88.16.208.104.in-addr.arpa
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

143 B
255 B
2
2

DNS Request

240.197.17.2.in-addr.arpa

DNS Request

182.65.177.93.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs

Filesize
20KB

MD5
176a380414571c82c6f67199097e7eb8

SHA1
c9d45ad936db5e3f836ce855e9dd950f7eb9be90

SHA256
552720cc9077c5db337957417461e8d8df884e3db049b862fc34bbfb3ab6ef7b

SHA512
2ce7caa084350e0955065bcfd3a66d6640ceedb6a6d5b4bf3e368407248731ff3e7663c645723476327aecdbfa53d535ac9dc703c725d2664fbe531d21989006

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus

Filesize
2.6MB

MD5
d4dfff132a935ecda7a5a6a32522a37f

SHA1
339a56e3e87ff64e3d956f1523b40087de3c4910

SHA256
1994d6d7b4f22815ab1b58cd593049f5139e9339de08f38cf152e546b2e329c2

SHA512
9d2aa6ff53076a59855e26076e75bcd802ad14b3791d8c57b9fa715d24d2decf76bd0cdbb0a25dd3616217a4419a12780914cdbf615c90084f86fbcc69ea130f

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs

Filesize
20.4MB

MD5
63fe835924610a7c3ae43245de62d3cb

SHA1
0db34a6f8e6733dfa600e7a6adf5bd9dea52da47

SHA256
4fb047eed229232e39115be2c962848a9e60338cb94b29a702ea7ba92072a9b3

SHA512
af007a02cbddd5d7269d09a6564df698e99f4ef6db73ac0b7b2057cce268b0bad4cb8d852eda5c327749a12edd47aef253dc62360ac9bb4d4749b006fb0fb62f

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
20.4MB

MD5
d6932756589a9ea2e48c42ee5c556a57

SHA1
79d69fac60f510081d8a2bdc583561ac3751541c

SHA256
3e9ab09c1276922ca73f4fc1efbe5b7cb0ca48554bf371c6bf7404c5a0b32dfa

SHA512
cca862865880910fb1b42ba75e6e8fbf9205ce14d6a7db3e94e7a86b81e5129dd3af0df7d337bfc3c28261f6111011a6afb7dbcc2e549899ce7d157c319c827a

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
10.8MB

MD5
edc9d2725fc6f23d734ba73ea5d2ff23

SHA1
d60f52f6c3c900020ed5e7eb5819426d6166a3cf

SHA256
ef750ecc3ee31c60e9bbe0df8b29953253cd44f96b5f63e96467ccfbd68da417

SHA512
6797ade7eb63e10e32133e7337941b38fee06cfd35a27237644dd0434798ccffa435939c773801b7e711e20ca0a86ebc455edc98cbf33f2a5a7bba6098ccd63a

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state

Filesize
6KB

MD5
8e00b5c8c125cb76d20f88ca1b9bf804

SHA1
54e0642fae0bd4e73b15ad4c562c7d3b628b8b5a

SHA256
5f726c68be41c0e86aaaf2efab6ac234c4587bb6694006808eab96f820b698d9

SHA512
83af9856f4d47fcd26f3126605d8bcaee8268263f64816999499ec3a227692b1fb556609c5ba15042dec915f733cb8ac4a217a836a76d5a983fe2d55d227fa1d

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state

Filesize
9KB

MD5
71ad82b39ee06759fbae6a4fca1ceabe

SHA1
04ca4ebf768688348c8a685f2a033ad57802aa9a

SHA256
37dcd19e627411acd9a4602a4be27ef2d76dea670f54cd3ba1385efa26f2ca73

SHA512
dea83f8e80affc393c15964d81ff8ca3eb915f119b6f0a2497836e9aec7bcd3c25501f8acd207589ad3797bfd1b3915f0d2fb3efa4261ac3e798e17cfd5ed7eb

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe

Filesize
973KB

MD5
5cfe61ff895c7daa889708665ef05d7b

SHA1
5e58efe30406243fbd58d4968b0492ddeef145f2

SHA256
f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

SHA512
43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll

Filesize
1.7MB

MD5
2384a02c4a1f7ec481adde3a020607d3

SHA1
7e848d35a10bf9296c8fa41956a3daa777f86365

SHA256
c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

SHA512
1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll

Filesize
366KB

MD5
099983c13bade9554a3c17484e5481f1

SHA1
a84e69ad9722f999252d59d0ed9a99901a60e564

SHA256
b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

SHA512
89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll

Filesize
286KB

MD5
b0d98f7157d972190fe0759d4368d320

SHA1
5715a533621a2b642aad9616e603c6907d80efc4

SHA256
2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

SHA512
41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll

Filesize
439KB

MD5
c88826ac4bb879622e43ead5bdb95aeb

SHA1
87d29853649a86f0463bfd9ad887b85eedc21723

SHA256
c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

SHA512
f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll

Filesize
88KB

MD5
2c916456f503075f746c6ea649cf9539

SHA1
fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

SHA256
cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

SHA512
1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll

Filesize
188KB

MD5
d407cc6d79a08039a6f4b50539e560b8

SHA1
21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

SHA256
92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

SHA512
378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc

Filesize
139B

MD5
dbd537e3da06f7d7aeaf58f4decc0c94

SHA1
7e740ea6dcf8545710f99519014e9bb029028a84

SHA256
349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

SHA512
a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll

Filesize
52KB

MD5
add33041af894b67fe34e1dc819b7eb6

SHA1
6db46eb021855a587c95479422adcc774a272eeb

SHA256
8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

SHA512
bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

Download Submit
memory/1384-360-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/1384-358-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/1384-362-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2100-295-0x0000000073780000-0x00000000737A4000-memory.dmp

Filesize
144KB

Download
memory/2100-323-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2100-299-0x00000000722E0000-0x00000000723EA000-memory.dmp

Filesize
1.0MB

Download
memory/2100-300-0x0000000072210000-0x00000000722DE000-memory.dmp

Filesize
824KB

Download
memory/2100-297-0x0000000073330000-0x00000000733B8000-memory.dmp

Filesize
544KB

Download
memory/2100-293-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2100-301-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2100-294-0x00000000737B0000-0x00000000737F9000-memory.dmp

Filesize
292KB

Download
memory/2100-322-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2100-290-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2100-325-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2100-324-0x0000000072210000-0x00000000722DE000-memory.dmp

Filesize
824KB

Download
memory/2236-219-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2236-209-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2236-210-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2236-188-0x0000000073330000-0x00000000733B8000-memory.dmp

Filesize
544KB

Download
memory/2236-193-0x00000000737B0000-0x00000000737F9000-memory.dmp

Filesize
292KB

Download
memory/2236-194-0x0000000072210000-0x00000000722DE000-memory.dmp

Filesize
824KB

Download
memory/2236-184-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2236-261-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2236-187-0x00000000722E0000-0x00000000723EA000-memory.dmp

Filesize
1.0MB

Download
memory/2236-186-0x0000000073780000-0x00000000737A4000-memory.dmp

Filesize
144KB

Download
memory/2236-185-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2448-277-0x00000000722E0000-0x00000000723EA000-memory.dmp

Filesize
1.0MB

Download
memory/2448-253-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2448-280-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2448-279-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2448-278-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/2448-275-0x00000000737B0000-0x00000000737F9000-memory.dmp

Filesize
292KB

Download
memory/2448-276-0x0000000073780000-0x00000000737A4000-memory.dmp

Filesize
144KB

Download
memory/2448-274-0x0000000072210000-0x00000000722DE000-memory.dmp

Filesize
824KB

Download
memory/2448-264-0x00000000722E0000-0x00000000723EA000-memory.dmp

Filesize
1.0MB

Download
memory/2448-266-0x0000000073330000-0x00000000733B8000-memory.dmp

Filesize
544KB

Download
memory/2448-260-0x00000000737B0000-0x00000000737F9000-memory.dmp

Filesize
292KB

Download
memory/2448-263-0x0000000073780000-0x00000000737A4000-memory.dmp

Filesize
144KB

Download
memory/2448-259-0x0000000072210000-0x00000000722DE000-memory.dmp

Filesize
824KB

Download
memory/2448-256-0x00000000733C0000-0x0000000073488000-memory.dmp

Filesize
800KB

Download
memory/2448-255-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2832-45-0x0000000073410000-0x000000007344C000-memory.dmp

Filesize
240KB

Download
memory/2832-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

Filesize
7.7MB

Download
memory/2832-1-0x00000000747B0000-0x00000000747EC000-memory.dmp

Filesize
240KB

Download
memory/2832-117-0x0000000074780000-0x00000000747BC000-memory.dmp

Filesize
240KB

Download
memory/2832-326-0x0000000073410000-0x000000007344C000-memory.dmp

Filesize
240KB

Download
memory/2832-313-0x00000000747B0000-0x00000000747EC000-memory.dmp

Filesize
240KB

Download
memory/2832-172-0x0000000073BB0000-0x0000000073BEC000-memory.dmp

Filesize
240KB

Download
memory/2832-46-0x0000000000400000-0x0000000000BAA000-memory.dmp

Filesize
7.7MB

Download
memory/4332-42-0x0000000001860000-0x00000000018E8000-memory.dmp

Filesize
544KB

Download
memory/4332-69-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-103-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-21-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-35-0x00000000739E0000-0x0000000073AAE000-memory.dmp

Filesize
824KB

Download
memory/4332-91-0x0000000001860000-0x00000000018E8000-memory.dmp

Filesize
544KB

Download
memory/4332-32-0x0000000073B00000-0x0000000073DCF000-memory.dmp

Filesize
2.8MB

Download
memory/4332-39-0x00000000739B0000-0x00000000739D4000-memory.dmp

Filesize
144KB

Download
memory/4332-77-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-41-0x0000000073740000-0x00000000737C8000-memory.dmp

Filesize
544KB

Download
memory/4332-50-0x00000000739E0000-0x0000000073AAE000-memory.dmp

Filesize
824KB

Download
memory/4332-48-0x0000000073B00000-0x0000000073DCF000-memory.dmp

Filesize
2.8MB

Download
memory/4332-47-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-40-0x00000000737D0000-0x00000000738DA000-memory.dmp

Filesize
1.0MB

Download
memory/4332-134-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-44-0x00000000738E0000-0x00000000739A8000-memory.dmp

Filesize
800KB

Download
memory/4332-43-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

Filesize
292KB

Download
memory/4332-92-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4332-118-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4840-166-0x00000000739B0000-0x00000000739D4000-memory.dmp

Filesize
144KB

Download
memory/4840-159-0x0000000000CD0000-0x00000000010D4000-memory.dmp

Filesize
4.0MB

Download
memory/4840-162-0x00000000738E0000-0x00000000739A8000-memory.dmp

Filesize
800KB

Download
memory/4840-170-0x0000000073740000-0x00000000737C8000-memory.dmp

Filesize
544KB

Download
memory/4840-168-0x00000000737D0000-0x00000000738DA000-memory.dmp

Filesize
1.0MB

Download
memory/4840-161-0x0000000073B00000-0x0000000073DCF000-memory.dmp

Filesize
2.8MB

Download
memory/4840-164-0x00000000739E0000-0x0000000073AAE000-memory.dmp

Filesize
824KB

Download
memory/4840-165-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

Filesize
292KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.