Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

SecuriteIn...92.exe

windows7-x64

10

SecuriteIn...92.exe

windows10-1703-x64

10

SecuriteIn...92.exe

windows10-2004-x64

7

SecuriteIn...92.exe

windows11-21h2-x64

10

Resubmissions

18/04/2024, 08:49 UTC

240418-krfthagd74 10

18/04/2024, 08:48 UTC

240418-kqsrnsgd65 10

18/04/2024, 08:48 UTC

240418-kqr55shg3z 10

18/04/2024, 08:48 UTC

240418-kqmwesgd62 10

18/04/2024, 08:48 UTC

240418-kqmknahg3w 10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/04/2024, 14:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.BackDoor.Rat.281.18292.exe

  • Size

    1.4MB

  • MD5

    793707365df26450bc8642f518a540f0

  • SHA1

    66649127ad784288c393992971a197c10f86a8eb

  • SHA256

    7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217

  • SHA512

    550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695

  • SSDEEP

    24576:8Ec46GnhPe4h/N5m8loOoYJ/HRz1IgRizQJYiEH0YSXHZTNbf86:8EBQ2xrVEcXfbf86

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\ipconfig.exe
      "C:\Windows\system32\ipconfig.exe"
      2⤵
      • Loads dropped DLL
      • Gathers network information
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Users\Admin\AppData\Local\Temp\cmd.exe
        "C:\Users\Admin\AppData\Local\Temp\cmd.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2956
        • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
          "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
          4⤵
          • Executes dropped EXE
          PID:1976

Network

  • flag-us
    DNS
    i.imgur.com
    ipconfig.exe
    Remote address:
    8.8.8.8:53
    Request
    i.imgur.com
    IN A
    Response
    i.imgur.com
    IN CNAME
    ipv4.imgur.map.fastly.net
    ipv4.imgur.map.fastly.net
    IN A
    146.75.72.193
  • flag-gb
    HEAD
    https://i.imgur.com/qOLD3Td.png
    Remote address:
    146.75.72.193:443
    Request
    HEAD /qOLD3Td.png HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    User-Agent: Microsoft BITS/7.5
    Host: i.imgur.com
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 767151
    Content-Type: image/png
    Last-Modified: Tue, 08 Sep 2020 14:29:05 GMT
    ETag: "82e6e5b2ea74d00d29c9193720d0ea21"
    x-amz-storage-class: STANDARD_IA
    X-Amz-Cf-Pop: IAD12-P2
    X-Amz-Cf-Id: dLaPIYgSCXhAANHl2Cjeu4KUCexoYzg_VyAhPhqe8pMjeyC_9E5cqw==
    cache-control: public, max-age=31536000
    Accept-Ranges: bytes
    Date: Sun, 14 Apr 2024 14:35:22 GMT
    Age: 3
    X-Served-By: cache-iad-kjyo7100060-IAD, cache-lcy-eglc8600073-LCY
    X-Cache: Miss from cloudfront, MISS, HIT
    X-Cache-Hits: 0, 1
    X-Timer: S1713105322.240187,VS0,VE3
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
    X-Content-Type-Options: nosniff
  • flag-gb
    GET
    https://i.imgur.com/qOLD3Td.png
    Remote address:
    146.75.72.193:443
    Request
    GET /qOLD3Td.png HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Tue, 08 Sep 2020 14:29:05 GMT
    Range: bytes=0-5124
    User-Agent: Microsoft BITS/7.5
    Host: i.imgur.com
    Response
    HTTP/1.1 206 Partial Content
    Connection: keep-alive
    Content-Length: 5125
    Content-Type: image/png
    Last-Modified: Tue, 08 Sep 2020 14:29:05 GMT
    ETag: "82e6e5b2ea74d00d29c9193720d0ea21"
    x-amz-storage-class: STANDARD_IA
    X-Amz-Cf-Pop: IAD12-P2
    X-Amz-Cf-Id: dLaPIYgSCXhAANHl2Cjeu4KUCexoYzg_VyAhPhqe8pMjeyC_9E5cqw==
    cache-control: public, max-age=31536000
    Accept-Ranges: bytes
    Date: Sun, 14 Apr 2024 14:35:27 GMT
    Age: 8
    X-Served-By: cache-iad-kjyo7100060-IAD, cache-lcy-eglc8600073-LCY
    X-Cache: Miss from cloudfront, MISS, HIT
    X-Cache-Hits: 0, 2
    X-Timer: S1713105327.362291,VS0,VE0
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
    X-Content-Type-Options: nosniff
    Content-Range: bytes 0-5124/767151
  • flag-gb
    GET
    https://i.imgur.com/qOLD3Td.png
    ipconfig.exe
    Remote address:
    146.75.72.193:443
    Request
    GET /qOLD3Td.png HTTP/1.1
    Host: i.imgur.com
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 767151
    Content-Type: image/png
    Last-Modified: Tue, 08 Sep 2020 14:29:05 GMT
    ETag: "82e6e5b2ea74d00d29c9193720d0ea21"
    x-amz-storage-class: STANDARD_IA
    X-Amz-Cf-Pop: IAD12-P2
    X-Amz-Cf-Id: dLaPIYgSCXhAANHl2Cjeu4KUCexoYzg_VyAhPhqe8pMjeyC_9E5cqw==
    cache-control: public, max-age=31536000
    Accept-Ranges: bytes
    Date: Sun, 14 Apr 2024 14:35:29 GMT
    Age: 10
    X-Served-By: cache-iad-kjyo7100060-IAD, cache-lcy-eglc8600058-LCY
    X-Cache: Miss from cloudfront, MISS, HIT
    X-Cache-Hits: 0, 1
    X-Timer: S1713105330.947003,VS0,VE3
    Strict-Transport-Security: max-age=300
    Access-Control-Allow-Methods: GET, OPTIONS
    Access-Control-Allow-Origin: *
    Server: cat factory 1.0
    X-Content-Type-Options: nosniff
  • flag-de
    GET
    http://131.188.40.189/tor/status-vote/current/consensus
    cmd.exe
    Remote address:
    131.188.40.189:80
    Request
    GET /tor/status-vote/current/consensus HTTP/1.0
    Host: 131.188.40.189
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:35:53 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Sun, 14 Apr 2024 15:00:00 GMT
    Vary: X-Or-Diff-From-Consensus
  • flag-us
    DNS
    api.ipify.org
    cmd.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN A
    104.26.12.205
    api.ipify.org
    IN A
    172.67.74.152
    api.ipify.org
    IN A
    104.26.13.205
  • flag-at
    GET
    http://217.196.147.77/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889
    cmd.exe
    Remote address:
    217.196.147.77:80
    Request
    GET /tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889 HTTP/1.0
    Host: 217.196.147.77
    Response
    HTTP/1.0 404 Servers unavailable
    Date: Sun, 14 Apr 2024 14:35:54 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889
    cmd.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:35:54 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:35:54 GMT
  • flag-us
    DNS
    time-a.nist.gov
    cmd.exe
    Remote address:
    8.8.8.8:53
    Request
    time-a.nist.gov
    IN A
    Response
    time-a.nist.gov
    IN CNAME
    time-a-g.nist.gov
    time-a-g.nist.gov
    IN A
    129.6.15.28
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/ed006ec7df8a5c72f9313d0bf70851166ca7f6dd
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/ed006ec7df8a5c72f9313d0bf70851166ca7f6dd HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:24 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:24 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/886d0fc34920b53cd7ab0fed693dab595dda52a1
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/886d0fc34920b53cd7ab0fed693dab595dda52a1 HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:55 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:55 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/294fdcd176278234f17a44fad6bb8a5e220ad97b
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/294fdcd176278234f17a44fad6bb8a5e220ad97b HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:56 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:56 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/5e224061f0e4721429027a130db607f4fdd0dfe5
    cmd.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/5e224061f0e4721429027a130db607f4fdd0dfe5 HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:56 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:56 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/ec4f16459bcdbd84c70db245cbc3d8993296681f
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/ec4f16459bcdbd84c70db245cbc3d8993296681f HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:57 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:57 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/ec9621433df2c996de55a7063baafb2b71c3c01b
    cmd.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/ec9621433df2c996de55a7063baafb2b71c3c01b HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:58 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:58 GMT
  • flag-at
    GET
    http://217.196.147.77/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e
    cmd.exe
    Remote address:
    217.196.147.77:80
    Request
    GET /tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e HTTP/1.0
    Host: 217.196.147.77
    Response
    HTTP/1.0 404 Servers unavailable
    Date: Sun, 14 Apr 2024 14:36:58 GMT
  • flag-us
    GET
    http://216.218.219.41/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e
    cmd.exe
    Remote address:
    216.218.219.41:80
    Request
    GET /tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e HTTP/1.0
    Host: 216.218.219.41
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:59 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:59 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/1ca44f9cb7d1040efc78a600ee538b79d609b037
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/1ca44f9cb7d1040efc78a600ee538b79d609b037 HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:36:59 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:36:59 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/1cc7363e81050066b9778950273b7af89e714b9f
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/1cc7363e81050066b9778950273b7af89e714b9f HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:37:00 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:37:00 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/1cd86e55b4a707863105ab108a99f307c11892ba
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/1cd86e55b4a707863105ab108a99f307c11892ba HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:37:00 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:37:00 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/de4f7a7b2df8689b1f8d23aba9e320d17638eafd
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/de4f7a7b2df8689b1f8d23aba9e320d17638eafd HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:37:01 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:37:01 GMT
  • flag-nl
    GET
    http://45.66.35.11/tor/server/fp/7b842fb48cff19898c8336a11caa3f425c90f9b5
    cmd.exe
    Remote address:
    45.66.35.11:80
    Request
    GET /tor/server/fp/7b842fb48cff19898c8336a11caa3f425c90f9b5 HTTP/1.0
    Host: 45.66.35.11
    Response
    HTTP/1.0 200 OK
    Date: Sun, 14 Apr 2024 14:37:32 GMT
    Content-Type: text/plain
    X-Your-Address-Is: 191.101.209.39
    Content-Encoding: identity
    Expires: Tue, 16 Apr 2024 14:37:32 GMT
  • 146.75.72.193:443
    https://i.imgur.com/qOLD3Td.png
    tls, http
    1.3kB
     14.2kB
     14
    19

    HTTP Request

    HEAD https://i.imgur.com/qOLD3Td.png

    HTTP Response

    200

    HTTP Request

    GET https://i.imgur.com/qOLD3Td.png

    HTTP Response

    206
  • 146.75.72.193:443
    https://i.imgur.com/qOLD3Td.png
    tls, http
    ipconfig.exe
    14.7kB
     800.6kB
     309
    592

    HTTP Request

    GET https://i.imgur.com/qOLD3Td.png

    HTTP Response

    200
  • 193.23.244.244:80
    cmd.exe
    152 B
     120 B
     3
    3
  • 131.188.40.189:80
    http://131.188.40.189/tor/status-vote/current/consensus
    http
    cmd.exe
    70.7kB
     3.3MB
     1469
    2387

    HTTP Request

    GET http://131.188.40.189/tor/status-vote/current/consensus

    HTTP Response

    200
  • 104.26.12.205:443
    api.ipify.org
    tls
    cmd.exe
    394 B
     259 B
     6
    6
  • 217.196.147.77:80
    http://217.196.147.77/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889
    http
    cmd.exe
    325 B
     285 B
     5
    5

    HTTP Request

    GET http://217.196.147.77/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889

    HTTP Response

    404
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889
    http
    cmd.exe
    371 B
     3.9kB
     6
    7

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/8ca16e878293d11f0e0803e5fc09f93a5c666889

    HTTP Response

    200
  • 178.17.174.198:443
    tls
    cmd.exe
    372 B
     259 B
     6
    6
  • 129.6.15.28:13
    time-a.nist.gov
    cmd.exe
    190 B
     223 B
     4
    4
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/ed006ec7df8a5c72f9313d0bf70851166ca7f6dd
    http
    cmd.exe
    368 B
     2.7kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/ed006ec7df8a5c72f9313d0bf70851166ca7f6dd

    HTTP Response

    200
  • 170.64.218.3:443
    tls
    cmd.exe
    372 B
     259 B
     6
    6
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/886d0fc34920b53cd7ab0fed693dab595dda52a1
    http
    cmd.exe
    368 B
     2.7kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/886d0fc34920b53cd7ab0fed693dab595dda52a1

    HTTP Response

    200
  • 213.52.128.167:443
    tls, https
    cmd.exe
    21.4kB
     25.5kB
     47
    69
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/294fdcd176278234f17a44fad6bb8a5e220ad97b
    http
    cmd.exe
    368 B
     2.9kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/294fdcd176278234f17a44fad6bb8a5e220ad97b

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/5e224061f0e4721429027a130db607f4fdd0dfe5
    http
    cmd.exe
    417 B
     7.1kB
     7
    9

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/5e224061f0e4721429027a130db607f4fdd0dfe5

    HTTP Response

    200
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/ec4f16459bcdbd84c70db245cbc3d8993296681f
    http
    cmd.exe
    598 B
     16.0kB
     11
    15

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/ec4f16459bcdbd84c70db245cbc3d8993296681f

    HTTP Response

    200
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/ec9621433df2c996de55a7063baafb2b71c3c01b
    http
    cmd.exe
    371 B
     2.8kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/ec9621433df2c996de55a7063baafb2b71c3c01b

    HTTP Response

    200
  • 217.196.147.77:80
    http://217.196.147.77/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e
    http
    cmd.exe
    325 B
     285 B
     5
    5

    HTTP Request

    GET http://217.196.147.77/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e

    HTTP Response

    404
  • 216.218.219.41:80
    http://216.218.219.41/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e
    http
    cmd.exe
    371 B
     2.8kB
     6
    6

    HTTP Request

    GET http://216.218.219.41/tor/server/fp/ecaa097324262b60394fe6f3cd446a66a331956e

    HTTP Response

    200
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/1ca44f9cb7d1040efc78a600ee538b79d609b037
    http
    cmd.exe
    368 B
     2.7kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/1ca44f9cb7d1040efc78a600ee538b79d609b037

    HTTP Response

    200
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/1cc7363e81050066b9778950273b7af89e714b9f
    http
    cmd.exe
    368 B
     2.8kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/1cc7363e81050066b9778950273b7af89e714b9f

    HTTP Response

    200
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/1cd86e55b4a707863105ab108a99f307c11892ba
    http
    cmd.exe
    368 B
     2.7kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/1cd86e55b4a707863105ab108a99f307c11892ba

    HTTP Response

    200
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/de4f7a7b2df8689b1f8d23aba9e320d17638eafd
    http
    cmd.exe
    414 B
     7.8kB
     7
    9

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/de4f7a7b2df8689b1f8d23aba9e320d17638eafd

    HTTP Response

    200
  • 199.249.230.151:443
    tls
    cmd.exe
    372 B
     259 B
     6
    6
  • 45.66.35.11:80
    http://45.66.35.11/tor/server/fp/7b842fb48cff19898c8336a11caa3f425c90f9b5
    http
    cmd.exe
    368 B
     2.7kB
     6
    6

    HTTP Request

    GET http://45.66.35.11/tor/server/fp/7b842fb48cff19898c8336a11caa3f425c90f9b5

    HTTP Response

    200
  • 88.151.194.118:443
    tls
    cmd.exe
    279 B
     175 B
     4
    4
  • 8.8.8.8:53
    i.imgur.com
    dns
    ipconfig.exe
    57 B
     112 B
     1
    1

    DNS Request

    i.imgur.com

    DNS Response

    146.75.72.193

  • 8.8.8.8:53
    api.ipify.org
    dns
    cmd.exe
    59 B
     107 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    104.26.12.205
    172.67.74.152
    104.26.13.205

  • 8.8.8.8:53
    time-a.nist.gov
    dns
    cmd.exe
    61 B
     100 B
     1
    1

    DNS Request

    time-a.nist.gov

    DNS Response

    129.6.15.28

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    Filesize

    3KB

    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\x64btit.txt
    Filesize

    28B

    MD5

    e10d4a41e2cf5f61a93953c258fac4c2

    SHA1

    9f74d27b556e0ce02ebc782392d68daa5026d6e7

    SHA256

    00854b9529c4455024d39081d659655f2da411ee8862f88d4dd13a2bac1da927

    SHA512

    25bfca76766a62f80dc6e6c19f97c94afc121c52c4fa2001a310bb9b488ac6af35a3f774d8b3ca432265773891b6b7be4ad547f8128f9616248e5df7087775d5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cmd.exe
    Filesize

    295KB

    MD5

    ad7b9c14083b52bc532fba5948342b98

    SHA1

    ee8cbf12d87c4d388f09b4f69bed2e91682920b5

    SHA256

    17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae

    SHA512

    e12aad20c824187b39edb3c7943709290b5ddbf1b4032988db46f2e86da3cf7e7783f78c82e4dc5da232f666b8f9799a260a1f8e2694eb4d0cdaf78da710fde1

    Download Submit

  • memory/2512-31-0x00000000003E0000-0x00000000003E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2512-24-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-3-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2512-1-0x00000000003E0000-0x00000000003E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2512-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2624-22-0x0000000000500000-0x0000000000508000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2624-23-0x0000000004440000-0x00000000044C2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2624-25-0x0000000077480000-0x0000000077629000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2624-41-0x0000000004440000-0x00000000044C2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2624-2-0x00000000000D0000-0x00000000000D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2956-45-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-57-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2956-44-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-35-0x0000000000190000-0x0000000000197000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2956-46-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-47-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-34-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-49-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-59-0x0000000000510000-0x000000000052F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2956-36-0x0000000077480000-0x0000000077629000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2956-33-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-61-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-62-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-63-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-64-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-66-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-68-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-70-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-72-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.