Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 17:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe

  • Size

    416KB

  • MD5

    c8928d640f43c6e34112bbee5c4481ee

  • SHA1

    8a048319b0b144ceafffb19490e35d3151f92ec8

  • SHA256

    6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1

  • SHA512

    0f3aa2217b09b039fbd73cbdb895b9a795cc4118082bd7612c6a2e79a1becb2bdf4540bfe2bd1c26a2fb671f512e6d56dd049e0daf5ab65bf998b1c9d461bc9f

  • SSDEEP

    6144:qqKLndbWy6XGIR8BwEZKjuOR5auTzvtdbaA3VvYAXESYzGsXA:qqKzdbWyqLSEuuaEp9j3WAXTYSK

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://stronggemateraislw.shop/api

https://distincttangyflippan.shop/api

https://macabrecondfucews.shop/api

https://greentastellesqwm.shop/api

https://stickyyummyskiwffe.shop/api

https://sturdyregularrmsnhw.shop/api

https://lamentablegapingkwaq.shop/api

https://innerverdanytiresw.shop/api

https://standingcomperewhitwo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
    "C:\Users\Admin\AppData\Local\Temp\6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe"
    1⤵
      PID:2524
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 1140
        2⤵
        • Program crash
        PID:768
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2524 -ip 2524
      1⤵
        PID:3184

      Network

      • flag-us
        DNS
        stronggemateraislw.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        stronggemateraislw.shop
        IN A
        Response
        stronggemateraislw.shop
        IN A
        172.67.134.230
        stronggemateraislw.shop
        IN A
        104.21.6.148
      • flag-us
        POST
        https://stronggemateraislw.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        172.67.134.230:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: stronggemateraislw.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:34 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=dens383dbm3qd98dg1o9488aoq; expires=Sat, 28-Sep-2024 11:43:13 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7qqrNS5Yo0fAX4tkmL2dvEu3MEX8hzeuNB2VyQ3DGf72qX6XP0GjK%2B5c9A3BbfItgGszbbsTWMJsYnomqLuXwxdMxRUM%2BTbAGsgRe0w1vPhRW0r7c6d%2Fs1VUQNOAE1%2BJPWc2BNwCyneGw%3D%3D"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cce07bfc23dd-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        distincttangyflippan.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        distincttangyflippan.shop
        IN A
        Response
        distincttangyflippan.shop
        IN A
        104.21.75.100
        distincttangyflippan.shop
        IN A
        172.67.221.10
      • flag-us
        POST
        https://distincttangyflippan.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.75.100:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: distincttangyflippan.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:34 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=pvhv1rejpf5bjg0af1sanukjea; expires=Sat, 28-Sep-2024 11:43:13 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fFCBEcSIJhjvlLeZ2D1M%2F5RNORDz1JV7ihuUDlZZwwyIuU1RUt7Xq8mPHu9%2BlYtmBhwGLplsj8Tt4LakMaJdFZg1fB%2FBFq5yW3ouAOY9iyjKu57BCDRM9Q3CMrc3QnzhR5OwfaQ6YwNEhObp"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cce39e6e60ef-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        macabrecondfucews.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        macabrecondfucews.shop
        IN A
        Response
        macabrecondfucews.shop
        IN A
        172.67.151.223
        macabrecondfucews.shop
        IN A
        104.21.1.23
      • flag-us
        DNS
        230.134.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        230.134.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        100.75.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        100.75.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        POST
        https://macabrecondfucews.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        172.67.151.223:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: macabrecondfucews.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:35 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=gt3sd5p9ou74ikut2u882dep15; expires=Sat, 28-Sep-2024 11:43:14 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAq%2BEPxSFi2kUF6TU1GqUGkjFn30A7ObhqAcYRDqK%2Bj2iUV8Vky1HfjJkxU4Hhnz1E9b4Bz4%2BXpqJOBC32gaVSXPo5mSMk95zJFZ7%2BC6k%2BmiF%2FLIuhu4Nobwva3ze%2Fr5RbP0uFVqcxFW"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cce649af94ed-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        greentastellesqwm.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        greentastellesqwm.shop
        IN A
        Response
        greentastellesqwm.shop
        IN A
        104.21.30.167
        greentastellesqwm.shop
        IN A
        172.67.173.64
      • flag-us
        POST
        https://greentastellesqwm.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.30.167:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: greentastellesqwm.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:35 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=h4o74va3e0felt218jjldl5jfp; expires=Sat, 28-Sep-2024 11:43:14 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2Fs9hzjDkow7NtCGSda5aO4O5ws5pawhtVm9dlmzK7LY%2BTK4Yvwcdgtn1zgOLmf938dsw%2F72Xk8U5PnVokkzOtOtpQMjwzK%2FeR7KN6fTWERTb5sT9IBZ2VtElGQR8zpHSufG9zUTZoa%2B"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cce8ad96d17c-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        stickyyummyskiwffe.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        stickyyummyskiwffe.shop
        IN A
        Response
        stickyyummyskiwffe.shop
        IN A
        104.21.76.185
        stickyyummyskiwffe.shop
        IN A
        172.67.198.233
      • flag-us
        POST
        https://stickyyummyskiwffe.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.76.185:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: stickyyummyskiwffe.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:35 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=f87315pfj0g6plhmfs9fqsim3u; expires=Sat, 28-Sep-2024 11:43:14 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQmm3A%2F2gC6UbAFx87RdwLvjflL0C0dpIDcw29HV2OHuFKzJCjER31ZOxjecsBONXhWRXBspSxraMxcY6tkfA5CUPjfwDacz%2FNFNczyTlzpNUIag7DAzkJMuFGjIPprNtl5KnjDTCbwAUA%3D%3D"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cceb0b796582-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        23.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        223.151.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        223.151.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        sturdyregularrmsnhw.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        sturdyregularrmsnhw.shop
        IN A
        Response
        sturdyregularrmsnhw.shop
        IN A
        104.21.52.210
        sturdyregularrmsnhw.shop
        IN A
        172.67.204.23
      • flag-us
        POST
        https://sturdyregularrmsnhw.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.52.210:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: sturdyregularrmsnhw.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:36 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=fkft701mio7gmm1dda20d1mro9; expires=Sat, 28-Sep-2024 11:43:15 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=al2VJessBkW6HUNkVAyt9c5KD5v2SZhraS4HZi1Cc%2B6W7THpMJ9fCJKJYN8T8YkZLnAf5QVmWJ07uZlQHQT6lO1yBoccXqwjIGBn04yyrq4hy%2F%2FgaRicFVFxNyu5tGtmLcv1msazW4uEEMw%3D"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9cced8ebc2508-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        lamentablegapingkwaq.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        lamentablegapingkwaq.shop
        IN A
        Response
        lamentablegapingkwaq.shop
        IN A
        104.21.10.78
        lamentablegapingkwaq.shop
        IN A
        172.67.144.236
      • flag-us
        DNS
        lamentablegapingkwaq.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        lamentablegapingkwaq.shop
        IN A
      • flag-us
        DNS
        210.52.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.52.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        167.30.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        167.30.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        185.76.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.76.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        POST
        https://lamentablegapingkwaq.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.10.78:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: lamentablegapingkwaq.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:37 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=ujp1jdp284ka56nuqhkipdovml; expires=Sat, 28-Sep-2024 11:43:16 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtdX6SnFmoNNb7gTjAMd2pywtvleq0GAnDLsvcnHwZGGN4ouYz9ZdSp5eUFDt6jKc%2BHZoj54BPW17nLML2f%2BvPTtwChJJphEwNJiLf13HWmrayyXZYvGDbX6ze%2FY4RFW9Gkurs%2Fq8UGG2n7h"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9ccf64853369a-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        innerverdanytiresw.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        innerverdanytiresw.shop
        IN A
        Response
        innerverdanytiresw.shop
        IN A
        104.21.79.21
        innerverdanytiresw.shop
        IN A
        172.67.168.179
      • flag-us
        DNS
        78.10.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        78.10.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        POST
        https://innerverdanytiresw.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        104.21.79.21:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: innerverdanytiresw.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:38 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=ourcqkr55uflunjot0l4h1afon; expires=Sat, 28-Sep-2024 11:43:16 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHYYAq7F2W%2BEHmdKUajLxo7YTKC6pA9eGPoFFpHmBcl%2FtFaopq4VdCNzXDwXCT7iPyBAXET6joUAsAVISf43tAZRXDpk8skHTVbKmhT9ZHUD6JAGT2jQIbIf8GECB3FftnzttVv4hv1IOg%3D%3D"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9ccf8d86b53a4-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        standingcomperewhitwo.shop
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        8.8.8.8:53
        Request
        standingcomperewhitwo.shop
        IN A
        Response
        standingcomperewhitwo.shop
        IN A
        172.67.141.50
        standingcomperewhitwo.shop
        IN A
        104.21.9.31
      • flag-us
        POST
        https://standingcomperewhitwo.shop/api
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        Remote address:
        172.67.141.50:443
        Request
        POST /api HTTP/1.1
        Connection: Keep-Alive
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Content-Length: 8
        Host: standingcomperewhitwo.shop
        Response
        HTTP/1.1 200 OK
        Date: Tue, 04 Jun 2024 17:56:38 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: keep-alive
        Set-Cookie: PHPSESSID=2ll5tk3tka1bvi541jos343g3b; expires=Sat, 28-Sep-2024 11:43:17 GMT; Max-Age=9999999; path=/
        Expires: Thu, 19 Nov 1981 08:52:00 GMT
        Cache-Control: no-store, no-cache, must-revalidate
        Pragma: no-cache
        CF-Cache-Status: DYNAMIC
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4lOx8gq84fJWK3Fumoxt%2F%2FPAIQ2SkDowCP%2Fr1momOsipMJaYt2HBSnK7SY0UxkXoZJRCPmeC1lgKVHH9%2BV1Oh7zcNEx9w1rGYYOPps3pADrTEI0UhLN%2FnuurkxU2znkyfY3%2FhVToDbDO3TKyzw%3D%3D"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 88e9ccfb2959639b-LHR
        alt-svc: h3=":443"; ma=86400
      • flag-us
        DNS
        21.79.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.79.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.141.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.141.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        131.83.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        131.83.221.88.in-addr.arpa
        IN PTR
        Response
        131.83.221.88.in-addr.arpa
        IN PTR
        a88-221-83-131deploystaticakamaitechnologiescom
      • flag-us
        DNS
        29.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.243.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        29.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.243.111.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        105.83.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.83.221.88.in-addr.arpa
        IN PTR
        Response
        105.83.221.88.in-addr.arpa
        IN PTR
        a88-221-83-105deploystaticakamaitechnologiescom
      • 172.67.134.230:443
        https://stronggemateraislw.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         11
        10

        HTTP Request

        POST https://stronggemateraislw.shop/api

        HTTP Response

        200
      • 104.21.75.100:443
        https://distincttangyflippan.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.3kB
         10
        10

        HTTP Request

        POST https://distincttangyflippan.shop/api

        HTTP Response

        200
      • 172.67.151.223:443
        https://macabrecondfucews.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         10
        10

        HTTP Request

        POST https://macabrecondfucews.shop/api

        HTTP Response

        200
      • 104.21.30.167:443
        https://greentastellesqwm.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         10
        10

        HTTP Request

        POST https://greentastellesqwm.shop/api

        HTTP Response

        200
      • 104.21.76.185:443
        https://stickyyummyskiwffe.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.3kB
         10
        10

        HTTP Request

        POST https://stickyyummyskiwffe.shop/api

        HTTP Response

        200
      • 104.21.52.210:443
        https://sturdyregularrmsnhw.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         10
        10

        HTTP Request

        POST https://sturdyregularrmsnhw.shop/api

        HTTP Response

        200
      • 104.21.10.78:443
        https://lamentablegapingkwaq.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         10
        10

        HTTP Request

        POST https://lamentablegapingkwaq.shop/api

        HTTP Response

        200
      • 104.21.79.21:443
        https://innerverdanytiresw.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.3kB
         10
        10

        HTTP Request

        POST https://innerverdanytiresw.shop/api

        HTTP Response

        200
      • 172.67.141.50:443
        https://standingcomperewhitwo.shop/api
        tls, http
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        1.1kB
         6.7kB
         10
        10

        HTTP Request

        POST https://standingcomperewhitwo.shop/api

        HTTP Response

        200
      • 8.8.8.8:53
        stronggemateraislw.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        69 B
         101 B
         1
        1

        DNS Request

        stronggemateraislw.shop

        DNS Response

        172.67.134.230
        104.21.6.148

      • 8.8.8.8:53
        distincttangyflippan.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        71 B
         103 B
         1
        1

        DNS Request

        distincttangyflippan.shop

        DNS Response

        104.21.75.100
        172.67.221.10

      • 8.8.8.8:53
        macabrecondfucews.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        68 B
         100 B
         1
        1

        DNS Request

        macabrecondfucews.shop

        DNS Response

        172.67.151.223
        104.21.1.23

      • 8.8.8.8:53
        230.134.67.172.in-addr.arpa
        dns
        73 B
         135 B
         1
        1

        DNS Request

        230.134.67.172.in-addr.arpa

      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        100.75.21.104.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        100.75.21.104.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        greentastellesqwm.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        68 B
         100 B
         1
        1

        DNS Request

        greentastellesqwm.shop

        DNS Response

        104.21.30.167
        172.67.173.64

      • 8.8.8.8:53
        stickyyummyskiwffe.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        69 B
         101 B
         1
        1

        DNS Request

        stickyyummyskiwffe.shop

        DNS Response

        104.21.76.185
        172.67.198.233

      • 8.8.8.8:53
        23.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        223.151.67.172.in-addr.arpa
        dns
        73 B
         135 B
         1
        1

        DNS Request

        223.151.67.172.in-addr.arpa

      • 8.8.8.8:53
        sturdyregularrmsnhw.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        70 B
         102 B
         1
        1

        DNS Request

        sturdyregularrmsnhw.shop

        DNS Response

        104.21.52.210
        172.67.204.23

      • 8.8.8.8:53
        lamentablegapingkwaq.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        142 B
         103 B
         2
        1

        DNS Request

        lamentablegapingkwaq.shop

        DNS Request

        lamentablegapingkwaq.shop

        DNS Response

        104.21.10.78
        172.67.144.236

      • 8.8.8.8:53
        210.52.21.104.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        210.52.21.104.in-addr.arpa

      • 8.8.8.8:53
        167.30.21.104.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        167.30.21.104.in-addr.arpa

      • 8.8.8.8:53
        185.76.21.104.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        185.76.21.104.in-addr.arpa

      • 8.8.8.8:53
        innerverdanytiresw.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        69 B
         101 B
         1
        1

        DNS Request

        innerverdanytiresw.shop

        DNS Response

        104.21.79.21
        172.67.168.179

      • 8.8.8.8:53
        78.10.21.104.in-addr.arpa
        dns
        71 B
         133 B
         1
        1

        DNS Request

        78.10.21.104.in-addr.arpa

      • 8.8.8.8:53
        standingcomperewhitwo.shop
        dns
        6620661feaf88242e42633f4b7d34d20fa2f0fca9e4270c2870e05ad664d01d1.exe
        72 B
         104 B
         1
        1

        DNS Request

        standingcomperewhitwo.shop

        DNS Response

        172.67.141.50
        104.21.9.31

      • 8.8.8.8:53
        21.79.21.104.in-addr.arpa
        dns
        71 B
         133 B
         1
        1

        DNS Request

        21.79.21.104.in-addr.arpa

      • 8.8.8.8:53
        50.141.67.172.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        50.141.67.172.in-addr.arpa

      • 8.8.8.8:53
        241.150.49.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.150.49.20.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        131.83.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        131.83.221.88.in-addr.arpa

      • 8.8.8.8:53
        29.243.111.52.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        29.243.111.52.in-addr.arpa

        DNS Request

        29.243.111.52.in-addr.arpa

      • 8.8.8.8:53
        105.83.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        105.83.221.88.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2524-2-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2524-1-0x0000000001F60000-0x0000000002060000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2524-3-0x0000000000400000-0x0000000001BE3000-memory.dmp

        Filesize

        23.9MB

        Download

      • memory/2524-4-0x0000000000400000-0x0000000001BE3000-memory.dmp

        Filesize

        23.9MB

        Download

      • memory/2524-5-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.