Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

77adef81b9...18.dll

windows7-x64

10

77adef81b9...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 02:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77adef81b91f5f3a660e5e4ad78db29b_JaffaCakes118.dll

  • Size

    5.0MB

  • MD5

    77adef81b91f5f3a660e5e4ad78db29b

  • SHA1

    4cf6f088fa42c825193eab2987d6252ac9fd0e69

  • SHA256

    f9c019ff5ea8cc534b8d9500e75bfd4e05f477222bbf2e7ece8b8ff24c4a4870

  • SHA512

    d5d4a66ba8d2bbe3ae0d4297ebbf8d98ee89a12ce1082da964cbf36eced56ff269c5c2c832bac04ef645d39abee63f68289ed3f0ac534e2da8ea9e4820989d8c

  • SSDEEP

    98304:+DqPoBhz1aRlSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPe1Clxk3ZAEUadzR8yc4H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3231) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\77adef81b91f5f3a660e5e4ad78db29b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\77adef81b91f5f3a660e5e4ad78db29b_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\WINDOWS\mssecsvc.exe
        C:\WINDOWS\mssecsvc.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2180
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          PID:2624
  • C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2084

Network

  • flag-us
    DNS
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    mssecsvc.exe
    Remote address:
    8.8.8.8:53
    Request
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    Response
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.166.228
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.167.228
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.166.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Mon, 27 May 2024 02:54:14 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 88a2b81bd9172404-LHR
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.166.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Mon, 27 May 2024 02:54:14 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 88a2b81d6b7e60f7-LHR
  • 104.16.166.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    330 B
     990 B
     5
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 104.16.166.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    330 B
     990 B
     5
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 184.192.68.241:445
    mssecsvc.exe
    52 B
     1
  • 10.127.0.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.1.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.2.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.3.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.4.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.5.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.6.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.7.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.8.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.9.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.10.1:445
    mssecsvc.exe
    52 B
     1
  • 65.161.185.199:445
    mssecsvc.exe
    52 B
     1
  • 10.127.12.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.15.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.14.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.11.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.16.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.20.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.13.1:445
    mssecsvc.exe
    52 B
     1
  • 57.229.26.163:445
    mssecsvc.exe
    52 B
     1
  • 10.127.17.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.18.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.19.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.21.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.22.1:445
    mssecsvc.exe
    52 B
     1
  • 153.158.57.96:445
    mssecsvc.exe
    52 B
     1
  • 10.127.23.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.24.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.25.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.26.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.27.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.28.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.29.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.31.1:445
    mssecsvc.exe
    52 B
     1
  • 23.106.213.35:445
    mssecsvc.exe
    52 B
     1
  • 10.127.30.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.32.1:445
    mssecsvc.exe
    52 B
     1
  • 116.116.227.176:445
    mssecsvc.exe
    52 B
     1
  • 10.127.36.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.35.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.34.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.38.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.41.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.33.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.37.1:445
    mssecsvc.exe
    52 B
     1
  • 77.2.170.179:445
    mssecsvc.exe
    52 B
     1
  • 10.127.39.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.40.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.42.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.43.1:445
    mssecsvc.exe
    52 B
     1
  • 106.227.252.117:445
    mssecsvc.exe
    52 B
     1
  • 10.127.44.1:445
    mssecsvc.exe
    52 B
     1
  • 69.202.155.96:445
    mssecsvc.exe
    52 B
     1
  • 10.127.45.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.46.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.47.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.48.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.49.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.53.1:445
    mssecsvc.exe
    52 B
     1
  • 172.173.148.119:445
    mssecsvc.exe
    52 B
     1
  • 10.127.52.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.54.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.50.1:445
    mssecsvc.exe
    52 B
     1
  • 9.246.144.166:445
    mssecsvc.exe
    52 B
     1
  • 177.227.94.197:445
    mssecsvc.exe
    52 B
     1
  • 10.127.51.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.56.1:445
    mssecsvc.exe
    52 B
     1
  • 11.220.115.111:445
    mssecsvc.exe
    52 B
     1
  • 10.127.58.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.59.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.57.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.64.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.55.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.60.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.61.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.62.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.63.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.65.1:445
    mssecsvc.exe
    52 B
     1
  • 92.119.221.178:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 95.89.92.88:445
    mssecsvc.exe
    52 B
     1
  • 197.218.245.20:445
    mssecsvc.exe
    52 B
     1
  • 10.127.66.1:445
    mssecsvc.exe
    52 B
     1
  • 197.116.28.182:445
    mssecsvc.exe
    52 B
     1
  • 10.127.70.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.69.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.67.1:445
    mssecsvc.exe
    52 B
     1
  • 37.87.161.209:445
    mssecsvc.exe
    52 B
     1
  • 10.127.68.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.72.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.76.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.71.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.73.1:445
    mssecsvc.exe
    52 B
     1
  • 146.248.121.93:445
    mssecsvc.exe
    52 B
     1
  • 10.127.74.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.75.1:445
    mssecsvc.exe
    52 B
     1
  • 101.179.124.94:445
    mssecsvc.exe
    52 B
     1
  • 10.127.77.1:445
    mssecsvc.exe
    52 B
     1
  • 44.140.162.242:445
    mssecsvc.exe
    52 B
     1
  • 10.127.80.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.78.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.79.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.81.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.82.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.83.1:445
    mssecsvc.exe
    52 B
     1
  • 197.9.72.132:445
    mssecsvc.exe
    52 B
     1
  • 10.127.84.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.85.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.86.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.87.1:445
    mssecsvc.exe
    52 B
     1
  • 146.132.236.173:445
    mssecsvc.exe
    52 B
     1
  • 201.164.242.79:445
    mssecsvc.exe
    52 B
     1
  • 10.127.88.1:445
    mssecsvc.exe
    52 B
     1
  • 47.235.137.216:445
    mssecsvc.exe
    52 B
     1
  • 87.229.56.10:445
    mssecsvc.exe
    52 B
     1
  • 10.127.89.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.91.1:445
    mssecsvc.exe
    52 B
     1
  • 88.166.199.185:445
    mssecsvc.exe
    52 B
     1
  • 10.127.90.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.95.1:445
    mssecsvc.exe
    52 B
     1
  • 107.148.227.231:445
    mssecsvc.exe
    52 B
     1
  • 10.127.92.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.97.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.98.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.94.1:445
    mssecsvc.exe
    52 B
     1
  • 10.6.216.97:445
    mssecsvc.exe
    52 B
     1
  • 10.127.93.1:445
    mssecsvc.exe
    52 B
     1
  • 212.224.179.254:445
    mssecsvc.exe
    52 B
     1
  • 10.127.96.1:445
    mssecsvc.exe
    52 B
     1
  • 64.254.184.217:445
    mssecsvc.exe
    52 B
     1
  • 46.156.252.3:445
    mssecsvc.exe
    52 B
     1
  • 10.127.99.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.100.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.101.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.102.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.103.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.104.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.105.1:445
    mssecsvc.exe
    52 B
     1
  • 199.203.139.214:445
    mssecsvc.exe
    52 B
     1
  • 10.127.106.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.107.1:445
    mssecsvc.exe
    52 B
     1
  • 126.216.238.188:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 167.60.145.38:445
    mssecsvc.exe
    52 B
     1
  • 17.146.198.188:445
    mssecsvc.exe
    52 B
     1
  • 10.127.111.1:445
    mssecsvc.exe
    52 B
     1
  • 136.162.109.120:445
    mssecsvc.exe
    52 B
     1
  • 10.127.110.1:445
    mssecsvc.exe
    52 B
     1
  • 205.251.151.95:445
    mssecsvc.exe
    52 B
     1
  • 149.124.161.211:445
    mssecsvc.exe
    52 B
     1
  • 10.127.119.1:445
    mssecsvc.exe
    52 B
     1
  • 89.126.200.131:445
    mssecsvc.exe
    52 B
     1
  • 15.243.161.34:445
    mssecsvc.exe
    52 B
     1
  • 10.127.120.1:445
    mssecsvc.exe
    52 B
     1
  • 68.68.95.230:445
    mssecsvc.exe
    52 B
     1
  • 10.127.114.1:445
    mssecsvc.exe
    52 B
     1
  • 83.192.113.82:445
    mssecsvc.exe
    52 B
     1
  • 153.102.139.143:445
    mssecsvc.exe
    52 B
     1
  • 10.127.108.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.109.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.112.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.113.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.115.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.116.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.117.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.118.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.121.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.122.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.123.1:445
    mssecsvc.exe
    52 B
     1
  • 69.28.67.49:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.124.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.125.1:445
    mssecsvc.exe
    52 B
     1
  • 135.224.92.253:445
    mssecsvc.exe
    52 B
     1
  • 10.127.126.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.131.1:445
    mssecsvc.exe
    52 B
     1
  • 43.194.238.172:445
    mssecsvc.exe
    52 B
     1
  • 10.127.129.1:445
    mssecsvc.exe
    52 B
     1
  • 122.138.62.93:445
    mssecsvc.exe
    52 B
     1
  • 10.127.130.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.127.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.128.1:445
    mssecsvc.exe
    52 B
     1
  • 210.132.98.54:445
    mssecsvc.exe
    52 B
     1
  • 67.154.170.31:445
    mssecsvc.exe
    52 B
     1
  • 41.159.111.214:445
    mssecsvc.exe
    52 B
     1
  • 10.127.132.1:445
    mssecsvc.exe
    52 B
     1
  • 51.8.249.154:445
    mssecsvc.exe
    52 B
     1
  • 10.127.136.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.133.1:445
    mssecsvc.exe
    52 B
     1
  • 47.142.7.140:445
    mssecsvc.exe
    52 B
     1
  • 177.216.217.124:445
    mssecsvc.exe
    52 B
     1
  • 10.127.134.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.137.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.138.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.140.1:445
    mssecsvc.exe
    52 B
     1
  • 56.161.136.41:445
    mssecsvc.exe
    52 B
     1
  • 97.97.125.121:445
    mssecsvc.exe
    52 B
     1
  • 10.127.135.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.139.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.141.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.142.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.143.1:445
    mssecsvc.exe
    52 B
     1
  • 176.191.3.212:445
    mssecsvc.exe
    52 B
     1
  • 10.127.144.1:445
    mssecsvc.exe
    52 B
     1
  • 216.28.60.73:445
    mssecsvc.exe
    52 B
     1
  • 1.83.85.33:445
    mssecsvc.exe
    52 B
     1
  • 10.127.148.1:445
    mssecsvc.exe
    52 B
     1
  • 76.158.253.238:445
    mssecsvc.exe
    52 B
     1
  • 10.127.145.1:445
    mssecsvc.exe
    52 B
     1
  • 205.180.140.123:445
    mssecsvc.exe
    52 B
     1
  • 164.152.233.209:445
    mssecsvc.exe
    52 B
     1
  • 10.127.149.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.147.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.146.1:445
    mssecsvc.exe
    52 B
     1
  • 192.28.207.206:445
    mssecsvc.exe
    52 B
     1
  • 203.133.129.156:445
    mssecsvc.exe
    52 B
     1
  • 10.127.151.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.153.1:445
    mssecsvc.exe
    52 B
     1
  • 190.86.3.134:445
    mssecsvc.exe
    52 B
     1
  • 10.127.152.1:445
    mssecsvc.exe
    52 B
     1
  • 137.74.180.30:445
    mssecsvc.exe
    52 B
     1
  • 10.127.150.1:445
    mssecsvc.exe
    52 B
     1
  • 40.253.181.28:445
    mssecsvc.exe
    52 B
     1
  • 10.127.157.1:445
    mssecsvc.exe
    52 B
     1
  • 69.52.142.89:445
    mssecsvc.exe
    52 B
     1
  • 150.174.229.211:445
    mssecsvc.exe
    52 B
     1
  • 10.127.161.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.154.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.156.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.158.1:445
    mssecsvc.exe
    52 B
     1
  • 18.69.20.188:445
    mssecsvc.exe
    52 B
     1
  • 69.250.89.179:445
    mssecsvc.exe
    52 B
     1
  • 10.127.159.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.163.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.155.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.160.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.162.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.164.1:445
    mssecsvc.exe
    52 B
     1
  • 197.174.36.133:445
    mssecsvc.exe
    52 B
     1
  • 182.252.175.37:445
    mssecsvc.exe
    52 B
     1
  • 88.22.175.107:445
    mssecsvc.exe
    52 B
     1
  • 53.213.155.218:445
    mssecsvc.exe
    52 B
     1
  • 10.127.167.1:445
    mssecsvc.exe
    52 B
     1
  • 210.172.99.67:445
    mssecsvc.exe
    52 B
     1
  • 82.130.186.176:445
    mssecsvc.exe
    52 B
     1
  • 3.7.69.72:445
    mssecsvc.exe
    52 B
     1
  • 10.127.166.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.169.1:445
    mssecsvc.exe
    52 B
     1
  • 146.98.203.11:445
    mssecsvc.exe
    52 B
     1
  • 196.228.52.85:445
    mssecsvc.exe
    52 B
     1
  • 10.127.165.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.168.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.171.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.170.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.175.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.172.1:445
    mssecsvc.exe
    52 B
     1
  • 151.220.238.0:445
    mssecsvc.exe
    52 B
     1
  • 103.191.234.245:445
    mssecsvc.exe
    52 B
     1
  • 21.181.148.73:445
    mssecsvc.exe
    52 B
     1
  • 94.66.215.44:445
    mssecsvc.exe
    52 B
     1
  • 10.127.173.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.174.1:445
    mssecsvc.exe
    52 B
     1
  • 68.11.220.192:445
    mssecsvc.exe
    52 B
     1
  • 108.247.200.238:445
    mssecsvc.exe
    52 B
     1
  • 212.19.173.194:445
    mssecsvc.exe
    52 B
     1
  • 10.127.181.1:445
    mssecsvc.exe
    52 B
     1
  • 38.243.181.71:445
    mssecsvc.exe
    52 B
     1
  • 10.127.182.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.176.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.177.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.178.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.179.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.180.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.183.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.184.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.185.1:445
    mssecsvc.exe
    52 B
     1
  • 108.30.153.69:445
    mssecsvc.exe
    52 B
     1
  • 10.127.186.1:445
    mssecsvc.exe
    52 B
     1
  • 57.88.111.213:445
    mssecsvc.exe
    52 B
     1
  • 159.85.232.141:445
    mssecsvc.exe
    52 B
     1
  • 130.70.122.92:445
    mssecsvc.exe
    52 B
     1
  • 56.6.119.216:445
    mssecsvc.exe
    52 B
     1
  • 104.10.88.67:445
    mssecsvc.exe
    52 B
     1
  • 18.102.97.60:445
    mssecsvc.exe
    52 B
     1
  • 191.137.231.66:445
    mssecsvc.exe
    52 B
     1
  • 43.12.95.4:445
    mssecsvc.exe
    52 B
     1
  • 10.127.190.1:445
    mssecsvc.exe
    52 B
     1
  • 211.143.122.153:445
    mssecsvc.exe
    52 B
     1
  • 10.127.189.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.187.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.191.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.195.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.188.1:445
    mssecsvc.exe
    52 B
     1
  • 6.180.50.191:445
    mssecsvc.exe
    52 B
     1
  • 222.62.74.226:445
    mssecsvc.exe
    52 B
     1
  • 23.47.5.160:445
    mssecsvc.exe
    52 B
     1
  • 206.110.224.117:445
    mssecsvc.exe
    52 B
     1
  • 10.127.196.1:445
    mssecsvc.exe
    52 B
     1
  • 8.221.178.71:445
    mssecsvc.exe
    52 B
     1
  • 214.134.159.86:445
    mssecsvc.exe
    52 B
     1
  • 10.127.197.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.192.1:445
    mssecsvc.exe
    52 B
     1
  • 26.71.186.29:445
    mssecsvc.exe
    52 B
     1
  • 10.127.194.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.193.1:445
    mssecsvc.exe
    52 B
     1
  • 97.156.118.207:445
    mssecsvc.exe
    52 B
     1
  • 157.120.170.63:445
    mssecsvc.exe
    52 B
     1
  • 10.127.199.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.198.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.200.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.201.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.202.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.203.1:445
    mssecsvc.exe
    52 B
     1
  • 104.71.120.33:445
    mssecsvc.exe
    52 B
     1
  • 10.127.204.1:445
    mssecsvc.exe
    52 B
     1
  • 181.183.192.169:445
    mssecsvc.exe
    52 B
     1
  • 10.127.205.1:445
    mssecsvc.exe
    52 B
     1
  • 112.59.191.100:445
    mssecsvc.exe
    52 B
     1
  • 10.127.207.1:445
    mssecsvc.exe
    52 B
     1
  • 48.127.20.237:445
    mssecsvc.exe
    52 B
     1
  • 10.127.208.1:445
    mssecsvc.exe
    52 B
     1
  • 187.75.31.158:445
    mssecsvc.exe
    52 B
     1
  • 14.101.166.84:445
    mssecsvc.exe
    52 B
     1
  • 69.136.139.221:445
    mssecsvc.exe
    52 B
     1
  • 67.94.159.116:445
    mssecsvc.exe
    52 B
     1
  • 203.229.98.60:445
    mssecsvc.exe
    52 B
     1
  • 10.127.206.1:445
    mssecsvc.exe
    52 B
     1
  • 53.249.251.212:445
    mssecsvc.exe
    52 B
     1
  • 97.223.81.158:445
    mssecsvc.exe
    52 B
     1
  • 10.127.210.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.211.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.212.1:445
    mssecsvc.exe
    52 B
     1
  • 169.162.189.154:445
    mssecsvc.exe
    52 B
     1
  • 90.244.153.137:445
    mssecsvc.exe
    52 B
     1
  • 10.127.209.1:445
    mssecsvc.exe
    52 B
     1
  • 56.199.63.118:445
    mssecsvc.exe
    52 B
     1
  • 10.127.213.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.216.1:445
    mssecsvc.exe
    52 B
     1
  • 181.74.31.120:445
    mssecsvc.exe
    52 B
     1
  • 10.127.214.1:445
    mssecsvc.exe
    52 B
     1
  • 158.42.177.93:445
    mssecsvc.exe
    52 B
     1
  • 11.25.25.185:445
    mssecsvc.exe
    52 B
     1
  • 114.13.163.19:445
    mssecsvc.exe
    52 B
     1
  • 10.127.215.1:445
    mssecsvc.exe
    52 B
     1
  • 56.63.213.222:445
    mssecsvc.exe
    52 B
     1
  • 66.154.163.251:445
    mssecsvc.exe
    52 B
     1
  • 71.159.128.174:445
    mssecsvc.exe
    52 B
     1
  • 10.127.219.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.217.1:445
    mssecsvc.exe
    52 B
     1
  • 107.80.159.85:445
    mssecsvc.exe
    52 B
     1
  • 10.127.218.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.220.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.221.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.222.1:445
    mssecsvc.exe
    52 B
     1
  • 26.152.89.101:445
    mssecsvc.exe
    52 B
     1
  • 92.159.166.118:445
    mssecsvc.exe
    52 B
     1
  • 23.238.71.43:445
    mssecsvc.exe
    52 B
     1
  • 10.127.227.1:445
    mssecsvc.exe
    52 B
     1
  • 147.219.73.35:445
    mssecsvc.exe
    52 B
     1
  • 5.227.184.140:445
    mssecsvc.exe
    52 B
     1
  • 51.203.126.85:445
    mssecsvc.exe
    52 B
     1
  • 193.172.113.30:445
    mssecsvc.exe
    52 B
     1
  • 220.10.145.235:445
    mssecsvc.exe
    52 B
     1
  • 10.127.223.1:445
    mssecsvc.exe
    52 B
     1
  • 154.211.70.62:445
    mssecsvc.exe
    52 B
     1
  • 10.127.231.1:445
    mssecsvc.exe
    52 B
     1
  • 212.252.4.179:445
    mssecsvc.exe
    52 B
     1
  • 7.129.207.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.224.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.225.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.226.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.228.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.229.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.230.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.232.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.233.1:445
    mssecsvc.exe
    52 B
     1
  • 92.158.36.202:445
    mssecsvc.exe
    52 B
     1
  • 202.130.245.24:445
    mssecsvc.exe
    52 B
     1
  • 10.127.234.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.235.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.236.1:445
    mssecsvc.exe
    52 B
     1
  • 13.120.14.55:445
    mssecsvc.exe
    52 B
     1
  • 10.127.237.1:445
    mssecsvc.exe
    52 B
     1
  • 88.150.177.53:445
    mssecsvc.exe
    52 B
     1
  • 10.127.238.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.239.1:445
    mssecsvc.exe
    52 B
     1
  • 103.117.163.122:445
    mssecsvc.exe
    52 B
     1
  • 10.127.240.1:445
    mssecsvc.exe
    52 B
     1
  • 64.240.93.30:445
    mssecsvc.exe
    52 B
     1
  • 10.127.241.1:445
    mssecsvc.exe
    52 B
     1
  • 30.52.238.170:445
    mssecsvc.exe
    52 B
     1
  • 144.226.78.103:445
    mssecsvc.exe
    52 B
     1
  • 25.168.120.253:445
    mssecsvc.exe
    52 B
     1
  • 77.54.229.248:445
    mssecsvc.exe
    52 B
     1
  • 10.127.242.1:445
    mssecsvc.exe
    52 B
     1
  • 179.84.5.133:445
    mssecsvc.exe
    52 B
     1
  • 162.218.68.74:445
    mssecsvc.exe
    52 B
     1
  • 81.73.243.223:445
    mssecsvc.exe
    52 B
     1
  • 161.68.43.127:445
    mssecsvc.exe
    52 B
     1
  • 193.105.144.234:445
    mssecsvc.exe
    52 B
     1
  • 10.127.243.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.247.1:445
    mssecsvc.exe
    52 B
     1
  • 16.121.253.0:445
    mssecsvc.exe
    52 B
     1
  • 135.44.124.161:445
    mssecsvc.exe
    52 B
     1
  • 10.127.244.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.248.1:445
    mssecsvc.exe
    52 B
     1
  • 150.107.82.189:445
    mssecsvc.exe
    52 B
     1
  • 51.112.127.35:445
    mssecsvc.exe
    52 B
     1
  • 206.46.184.147:445
    mssecsvc.exe
    52 B
     1
  • 10.127.245.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.249.1:445
    mssecsvc.exe
    52 B
     1
  • 207.94.84.71:445
    mssecsvc.exe
    52 B
     1
  • 159.10.223.140:445
    mssecsvc.exe
    52 B
     1
  • 166.3.100.235:445
    mssecsvc.exe
    52 B
     1
  • 10.127.246.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.250.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.251.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.252.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.253.1:445
    mssecsvc.exe
    52 B
     1
  • 190.177.151.43:445
    mssecsvc.exe
    52 B
     1
  • 67.189.97.199:445
    mssecsvc.exe
    52 B
     1
  • 10.127.254.1:445
    mssecsvc.exe
    52 B
     1
  • 195.178.63.216:445
    mssecsvc.exe
    52 B
     1
  • 10.127.255.1:445
    mssecsvc.exe
    52 B
     1
  • 82.65.114.180:445
    mssecsvc.exe
    52 B
     1
  • 37.104.192.169:445
    mssecsvc.exe
    52 B
     1
  • 10.127.0.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.1.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.2.2:445
    mssecsvc.exe
    52 B
     1
  • 73.8.239.6:445
    mssecsvc.exe
    52 B
     1
  • 24.237.30.210:445
    mssecsvc.exe
    52 B
     1
  • 10.127.3.2:445
    mssecsvc.exe
    52 B
     1
  • 4.222.180.221:445
    mssecsvc.exe
    52 B
     1
  • 10.127.4.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.5.2:445
    mssecsvc.exe
    52 B
     1
  • 94.236.204.29:445
    mssecsvc.exe
    52 B
     1
  • 10.127.6.2:445
    mssecsvc.exe
    52 B
     1
  • 165.12.6.244:445
    mssecsvc.exe
    52 B
     1
  • 10.127.7.2:445
    mssecsvc.exe
    52 B
     1
  • 160.197.202.110:445
    mssecsvc.exe
    52 B
     1
  • 45.34.13.184:445
    mssecsvc.exe
    52 B
     1
  • 6.45.149.199:445
    mssecsvc.exe
    52 B
     1
  • 146.216.131.55:445
    mssecsvc.exe
    52 B
     1
  • 188.45.187.65:445
    mssecsvc.exe
    52 B
     1
  • 45.112.205.119:445
    mssecsvc.exe
    52 B
     1
  • 219.125.74.216:445
    mssecsvc.exe
    52 B
     1
  • 114.170.142.171:445
    mssecsvc.exe
    52 B
     1
  • 64.104.174.191:445
    mssecsvc.exe
    52 B
     1
  • 10.127.10.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.9.2:445
    mssecsvc.exe
    52 B
     1
  • 45.39.20.79:445
    mssecsvc.exe
    52 B
     1
  • 87.21.52.69:445
    mssecsvc.exe
    52 B
     1
  • 72.229.59.104:445
    mssecsvc.exe
    52 B
     1
  • 34.11.61.205:445
    mssecsvc.exe
    52 B
     1
  • 10.127.16.2:445
    mssecsvc.exe
    52 B
     1
  • 7.74.209.223:445
    mssecsvc.exe
    52 B
     1
  • 10.127.13.2:445
    mssecsvc.exe
    52 B
     1
  • 17.64.103.56:445
    mssecsvc.exe
    52 B
     1
  • 10.127.8.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.14.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.11.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.12.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.15.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.17.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.18.2:445
    mssecsvc.exe
    52 B
     1
  • 148.45.219.130:445
    mssecsvc.exe
    52 B
     1
  • 176.9.168.206:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 120.171.4.6:445
    mssecsvc.exe
    52 B
     1
  • 10.127.19.2:445
    mssecsvc.exe
    52 B
     1
  • 181.123.201.53:445
    mssecsvc.exe
    52 B
     1
  • 201.231.201.47:445
    mssecsvc.exe
    52 B
     1
  • 10.127.20.2:445
    mssecsvc.exe
    52 B
     1
  • 125.93.203.222:445
    mssecsvc.exe
    52 B
     1
  • 94.64.118.71:445
    mssecsvc.exe
    52 B
     1
  • 10.127.21.2:445
    mssecsvc.exe
    52 B
     1
  • 211.124.97.40:445
    mssecsvc.exe
    52 B
     1
  • 186.233.173.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.22.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.23.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.24.2:445
    mssecsvc.exe
    52 B
     1
  • 169.153.23.152:445
    mssecsvc.exe
    52 B
     1
  • 9.85.217.122:445
    mssecsvc.exe
    52 B
     1
  • 10.127.25.2:445
    mssecsvc.exe
    52 B
     1
  • 179.0.30.27:445
    mssecsvc.exe
    52 B
     1
  • 10.127.26.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.27.2:445
    mssecsvc.exe
    52 B
     1
  • 98.219.215.52:445
    mssecsvc.exe
    52 B
     1
  • 111.18.84.73:445
    mssecsvc.exe
    52 B
     1
  • 10.127.28.2:445
    mssecsvc.exe
    52 B
     1
  • 160.138.103.86:445
    mssecsvc.exe
    52 B
     1
  • 10.127.29.2:445
    mssecsvc.exe
    52 B
     1
  • 25.44.62.150:445
    mssecsvc.exe
    52 B
     1
  • 122.84.207.67:445
    mssecsvc.exe
    52 B
     1
  • 162.149.67.94:445
    mssecsvc.exe
    52 B
     1
  • 2.13.146.215:445
    mssecsvc.exe
    52 B
     1
  • 90.81.90.44:445
    mssecsvc.exe
    52 B
     1
  • 133.233.14.126:445
    mssecsvc.exe
    52 B
     1
  • 215.49.222.49:445
    mssecsvc.exe
    52 B
     1
  • 97.198.40.246:445
    mssecsvc.exe
    52 B
     1
  • 8.8.8.8:53
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    dns
    mssecsvc.exe
    95 B
     127 B
     1
    1

    DNS Request

    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

    DNS Response

    104.16.166.228
    104.16.167.228

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvc.exe
    Filesize

    3.6MB

    MD5

    ffe4f9452ccc8a14ea59e67286d32e45

    SHA1

    3338ba18e939fcc070203d92587cd4712abac1b4

    SHA256

    53757ebf3600724db8187cbb4ec0d1a92c03f95d774d1d3d0fb249fdae664034

    SHA512

    6d4296c890dfce14b39a0e77252aa43bb3da5df04cf6771ca4f342a2ab018aa54c6843d5398b4403f74bd837ea26260ccccc85a813cf496c5b5ca45b106c9d14

    Download Submit

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    e89700b6f79644dd0305ab5d062303e6

    SHA1

    117e3dfc5cf32cde6259a80c020e221fa46d867c

    SHA256

    7266f885014af6e279bf8c7f27896497e6e3ca8fcdd77e414ecf7b27b325ae04

    SHA512

    5a2241ba77e4313e64cc76a2ff18e2e369748a659a5a5f0a50a3eb8b57b8cf892c859882622eec75e9a2aed0fcddc2b83656b126a300bdd9f7c0c96de2a3c784

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.