Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-24...er.exe

windows7-x64

9

2024-05-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 12:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_7db4e2ff9ea52819c02d2c2bf683d0c2_cryptolocker.exe

  • Size

    42KB

  • MD5

    7db4e2ff9ea52819c02d2c2bf683d0c2

  • SHA1

    a9573fbbbd5b5e5961d12d245c335fbc51a43755

  • SHA256

    53b7b9109147dc5771f4556aea304f52fb7dff5e6126cbeb8118bb153628deea

  • SHA512

    6874f74eae99cf0d99ca32621ebf1a92d620f12d64764bb364a4ccfcfcef229f85e5e8a390728ff717910e4b3e22eb94cc19c9e9fb9b71acfdc5343003c4f507

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAqtm:bCDOw9aMDooc+vAqtm

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_7db4e2ff9ea52819c02d2c2bf683d0c2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_7db4e2ff9ea52819c02d2c2bf683d0c2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4764

Network

  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    30.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 621794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7BD45E6F56074DBE86EABC57C7904588 Ref B: LON04EDGE0609 Ref C: 2024-05-24T12:43:40Z
    date: Fri, 24 May 2024 12:43:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 792794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DDC4AE1B636E4C97887878281234113E Ref B: LON04EDGE0609 Ref C: 2024-05-24T12:43:40Z
    date: Fri, 24 May 2024 12:43:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 659775
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F585FDDDE6D14A2CBAD95F3E5C673779 Ref B: LON04EDGE0609 Ref C: 2024-05-24T12:43:40Z
    date: Fri, 24 May 2024 12:43:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 627437
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 466AE4EB4E004D0485AA2A23F872082A Ref B: LON04EDGE0609 Ref C: 2024-05-24T12:43:40Z
    date: Fri, 24 May 2024 12:43:39 GMT
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.129:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Fri, 24 May 2024 12:43:40 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.7d3d3e17.1716554620.220fe593
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    129.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    129.61.62.23.in-addr.arpa
    IN PTR
    Response
    129.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-129deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    96.1kB
     2.8MB
     2037
    2032

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 23.62.61.129:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.5kB
     6.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    146 B
     159 B
     2
    1

    DNS Request

    183.142.211.20.in-addr.arpa

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    30.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    30.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    142 B
     314 B
     2
    2

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     346 B
     2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    129.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    129.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    42KB

    MD5

    23681a75eff1d28adb06fd9babac7346

    SHA1

    5fb1dee3a6c826c30f21d573cd3428aa79826c33

    SHA256

    3738c03862a999059114c585972e77f7e0e90726f766fadae41d636ffde9c828

    SHA512

    f29b8e7b8f2031a14b4d5f3948b7bf3f3c49d8c1f7969b197c59ff7a71f1b41bdb2acddbb118a252a1b1490d4190609cedb6c184f7fa79c8add138c7524febf6

    Download Submit

  • memory/2724-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2724-1-0x0000000001F00000-0x0000000001F06000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2724-2-0x0000000001F70000-0x0000000001F76000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2724-9-0x0000000001F00000-0x0000000001F06000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2724-17-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4764-18-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4764-21-0x0000000001FE0000-0x0000000001FE6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4764-26-0x0000000001FC0000-0x0000000001FC6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4764-27-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.