Analysis

  • max time kernel
    9s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 06:56

General

  • Target

    d9e824ace2947698fb586c7348f660c986e642a05f7fbef46e9f5a8f6d663ef4.exe

  • Size

    276KB

  • MD5

    2b9fd36ce5bc5df7ff7a597eae7acd01

  • SHA1

    f9dc9b46a8055dcc91821dad72460dca228a9989

  • SHA256

    d9e824ace2947698fb586c7348f660c986e642a05f7fbef46e9f5a8f6d663ef4

  • SHA512

    a705f59abedb1f0ee3a5935113d0735e97e38d3aa2f5f9f8187ebd7cdda0c4a597d1203f7ef980595f6ec72d490b3d24e55da17600b201f947bc5fd3fd5f0741

  • SSDEEP

    3072:xwcPM9Vv08oewxwcP78/k9T028qqcVz5fzsTl4dsOc6v2vTzwU+Pho86meq+FaSj:HPiZ08WHPEcT93PiY+Fa7BdvG

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9e824ace2947698fb586c7348f660c986e642a05f7fbef46e9f5a8f6d663ef4.exe
    "C:\Users\Admin\AppData\Local\Temp\d9e824ace2947698fb586c7348f660c986e642a05f7fbef46e9f5a8f6d663ef4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Local\Temp\tmp259398166.exe
      C:\Users\Admin\AppData\Local\Temp\tmp259398166.exe
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      PID:2364
    • C:\Users\Admin\AppData\Local\Temp\tmp259398197.exe
      C:\Users\Admin\AppData\Local\Temp\tmp259398197.exe
      2⤵
      • Executes dropped EXE
      PID:2112

Network

  • flag-us
    DNS
    uk.undernet.org
    tmp259398166.exe
    Remote address:
    8.8.8.8:53
    Request
    uk.undernet.org
    IN A
    Response
  • 192.169.154.207:139
    tmp259398166.exe
    152 B
    3
  • 125.115.53.34:139
    tmp259398166.exe
    152 B
    3
  • 178.75.183.202:139
    tmp259398166.exe
    152 B
    3
  • 156.84.19.241:139
    tmp259398166.exe
    152 B
    3
  • 68.207.123.63:139
    tmp259398166.exe
    152 B
    3
  • 99.155.141.202:139
    tmp259398166.exe
    152 B
    3
  • 164.34.156.52:139
    tmp259398166.exe
    152 B
    3
  • 21.187.87.81:139
    tmp259398166.exe
    152 B
    3
  • 92.61.37.87:139
    tmp259398166.exe
    152 B
    3
  • 128.91.30.104:139
    tmp259398166.exe
    152 B
    3
  • 117.134.196.125:139
    tmp259398166.exe
    152 B
    3
  • 70.218.76.238:139
    tmp259398166.exe
    152 B
    3
  • 18.77.82.250:139
    tmp259398166.exe
    152 B
    3
  • 101.197.127.157:139
    tmp259398166.exe
    152 B
    3
  • 206.16.72.69:139
    tmp259398166.exe
    152 B
    3
  • 169.134.140.131:139
    tmp259398166.exe
    152 B
    3
  • 96.182.133.174:139
    tmp259398166.exe
    152 B
    3
  • 138.161.28.128:139
    tmp259398166.exe
    152 B
    3
  • 114.206.80.169:139
    tmp259398166.exe
    152 B
    3
  • 95.45.8.152:139
    tmp259398166.exe
    152 B
    3
  • 86.128.111.239:139
    tmp259398166.exe
    152 B
    3
  • 153.27.100.222:139
    tmp259398166.exe
    152 B
    3
  • 70.83.93.237:139
    tmp259398166.exe
    152 B
    3
  • 19.30.240.2:139
    tmp259398166.exe
    152 B
    3
  • 216.95.29.20:139
    tmp259398166.exe
    152 B
    3
  • 79.71.76.91:139
    tmp259398166.exe
    152 B
    3
  • 122.249.171.20:139
    tmp259398166.exe
    152 B
    3
  • 47.172.224.107:139
    tmp259398166.exe
    152 B
    3
  • 45.162.184.37:139
    tmp259398166.exe
    152 B
    3
  • 5.4.228.181:139
    tmp259398166.exe
    152 B
    3
  • 56.214.226.157:139
    tmp259398166.exe
    152 B
    3
  • 137.96.71.146:139
    tmp259398166.exe
    152 B
    3
  • 170.143.83.87:139
    tmp259398166.exe
    152 B
    3
  • 184.234.242.192:139
    tmp259398166.exe
    152 B
    3
  • 116.168.103.142:139
    tmp259398166.exe
    152 B
    3
  • 124.50.177.43:139
    tmp259398166.exe
    152 B
    3
  • 12.86.163.248:139
    tmp259398166.exe
    152 B
    3
  • 143.7.163.252:139
    tmp259398166.exe
    152 B
    3
  • 55.249.160.152:139
    tmp259398166.exe
    152 B
    3
  • 29.244.71.8:139
    tmp259398166.exe
    152 B
    3
  • 90.47.151.176:139
    tmp259398166.exe
    152 B
    3
  • 206.174.116.110:139
    tmp259398166.exe
    152 B
    3
  • 177.217.15.14:139
    tmp259398166.exe
    152 B
    3
  • 221.147.63.136:139
    tmp259398166.exe
    152 B
    3
  • 202.165.55.229:139
    tmp259398166.exe
    152 B
    3
  • 139.85.26.160:139
    tmp259398166.exe
    152 B
    3
  • 78.78.93.7:139
    tmp259398166.exe
    152 B
    3
  • 79.99.18.10:139
    tmp259398166.exe
    152 B
    3
  • 52.179.103.78:139
    tmp259398166.exe
    152 B
    3
  • 92.54.19.137:139
    tmp259398166.exe
    152 B
    3
  • 161.86.65.12:139
    tmp259398166.exe
    152 B
    3
  • 191.88.49.81:139
    tmp259398166.exe
    152 B
    3
  • 41.204.101.124:139
    tmp259398166.exe
    152 B
    3
  • 112.67.94.164:139
    tmp259398166.exe
    152 B
    3
  • 20.107.29.244:139
    tmp259398166.exe
    152 B
    3
  • 85.39.69.235:139
    tmp259398166.exe
    152 B
    3
  • 22.81.109.156:139
    tmp259398166.exe
    152 B
    3
  • 113.200.177.188:139
    tmp259398166.exe
    152 B
    3
  • 182.13.131.51:139
    tmp259398166.exe
    152 B
    3
  • 176.141.130.143:139
    tmp259398166.exe
    152 B
    3
  • 177.69.15.251:139
    tmp259398166.exe
    152 B
    3
  • 119.149.151.227:139
    tmp259398166.exe
    152 B
    3
  • 14.109.49.21:139
    tmp259398166.exe
    152 B
    3
  • 131.31.81.34:139
    tmp259398166.exe
    152 B
    3
  • 128.163.11.117:139
    tmp259398166.exe
    152 B
    3
  • 15.76.99.225:139
    tmp259398166.exe
    152 B
    3
  • 51.25.67.88:139
    tmp259398166.exe
    152 B
    3
  • 82.5.84.130:139
    tmp259398166.exe
    152 B
    3
  • 137.53.127.223:139
    tmp259398166.exe
    152 B
    3
  • 37.7.76.40:139
    tmp259398166.exe
    152 B
    3
  • 90.29.165.124:139
    tmp259398166.exe
    152 B
    3
  • 163.218.100.242:139
    tmp259398166.exe
    152 B
    3
  • 11.166.215.168:139
    tmp259398166.exe
    152 B
    3
  • 73.98.69.234:139
    tmp259398166.exe
    152 B
    3
  • 147.2.202.171:139
    tmp259398166.exe
    152 B
    3
  • 176.57.137.234:139
    tmp259398166.exe
    152 B
    3
  • 96.44.145.116:139
    tmp259398166.exe
    152 B
    3
  • 197.81.58.202:139
    tmp259398166.exe
    152 B
    3
  • 187.235.124.229:139
    tmp259398166.exe
    152 B
    3
  • 122.201.249.177:139
    tmp259398166.exe
    152 B
    3
  • 19.153.77.1:139
    tmp259398166.exe
    152 B
    3
  • 91.24.178.83:139
    tmp259398166.exe
    152 B
    3
  • 93.83.235.187:139
    tmp259398166.exe
    152 B
    3
  • 114.91.123.95:139
    tmp259398166.exe
    152 B
    3
  • 81.29.131.105:139
    tmp259398166.exe
    152 B
    3
  • 202.69.4.134:139
    tmp259398166.exe
    152 B
    3
  • 179.102.45.28:139
    tmp259398166.exe
    152 B
    3
  • 174.194.8.214:139
    tmp259398166.exe
    152 B
    3
  • 152.103.178.103:139
    tmp259398166.exe
    152 B
    3
  • 34.134.220.89:139
    tmp259398166.exe
    152 B
    3
  • 45.69.96.113:139
    tmp259398166.exe
    152 B
    3
  • 32.82.5.11:139
    tmp259398166.exe
    152 B
    3
  • 142.16.222.72:139
    tmp259398166.exe
    152 B
    3
  • 181.30.210.34:139
    tmp259398166.exe
    152 B
    3
  • 157.139.39.150:139
    tmp259398166.exe
    152 B
    3
  • 118.7.45.161:139
    tmp259398166.exe
    152 B
    3
  • 115.162.67.165:139
    tmp259398166.exe
    152 B
    3
  • 214.237.201.225:139
    tmp259398166.exe
    152 B
    3
  • 127.99.247.250:139
    tmp259398166.exe
  • 127.91.32.64:139
    tmp259398166.exe
  • 127.99.247.250:445
    tmp259398166.exe
  • 127.91.32.64:445
    tmp259398166.exe
  • 81.230.170.94:139
    tmp259398166.exe
    152 B
    3
  • 148.133.75.235:139
    tmp259398166.exe
    152 B
    3
  • 206.16.72.69:445
    152 B
    3
  • 156.84.19.241:445
    152 B
    3
  • 95.45.8.152:445
    152 B
    3
  • 86.128.111.239:445
    152 B
    3
  • 137.96.71.146:445
    152 B
    3
  • 164.34.156.52:445
    152 B
    3
  • 206.174.116.110:445
    152 B
    3
  • 176.141.130.143:445
    152 B
    3
  • 119.149.151.227:445
    152 B
    3
  • 14.109.49.21:445
    152 B
    3
  • 163.218.100.242:445
    152 B
    3
  • 21.187.87.81:445
    152 B
    3
  • 73.98.69.234:445
    152 B
    3
  • 45.69.96.113:445
    152 B
    3
  • 137.53.127.223:445
    152 B
    3
  • 18.77.82.250:445
    152 B
    3
  • 96.44.145.116:445
    152 B
    3
  • 114.91.123.95:445
    152 B
    3
  • 81.29.131.105:445
    152 B
    3
  • 29.244.71.8:445
    152 B
    3
  • 202.69.4.134:445
    152 B
    3
  • 192.169.154.207:445
    152 B
    3
  • 19.30.240.2:445
    152 B
    3
  • 216.95.29.20:445
    152 B
    3
  • 47.172.224.107:445
    152 B
    3
  • 45.162.184.37:445
    152 B
    3
  • 85.39.69.235:445
    152 B
    3
  • 56.214.226.157:445
    152 B
    3
  • 90.47.151.176:445
    152 B
    3
  • 177.217.15.14:445
    152 B
    3
  • 221.147.63.136:445
    152 B
    3
  • 32.82.5.11:445
    152 B
    3
  • 79.99.18.10:445
    152 B
    3
  • 177.69.15.251:445
    152 B
    3
  • 11.166.215.168:445
    152 B
    3
  • 90.29.165.124:445
    152 B
    3
  • 181.30.210.34:445
    152 B
    3
  • 179.102.45.28:445
    152 B
    3
  • 174.194.8.214:445
    152 B
    3
  • 157.139.39.150:445
    152 B
    3
  • 118.7.45.161:445
    152 B
    3
  • 214.237.201.225:445
    152 B
    3
  • 187.235.124.229:445
    152 B
    3
  • 125.115.53.34:445
    152 B
    3
  • 178.75.183.202:445
    152 B
    3
  • 68.207.123.63:445
    152 B
    3
  • 99.155.141.202:445
    152 B
    3
  • 92.61.37.87:445
    152 B
    3
  • 70.218.76.238:445
    152 B
    3
  • 96.182.133.174:445
    152 B
    3
  • 114.206.80.169:445
    152 B
    3
  • 143.7.163.252:445
    152 B
    3
  • 55.249.160.152:445
    152 B
    3
  • 52.179.103.78:445
    152 B
    3
  • 161.86.65.12:445
    152 B
    3
  • 22.81.109.156:445
    152 B
    3
  • 113.200.177.188:445
    152 B
    3
  • 128.163.11.117:445
    152 B
    3
  • 91.24.178.83:445
    152 B
    3
  • 93.83.235.187:445
    152 B
    3
  • 128.91.30.104:445
    152 B
    3
  • 117.134.196.125:445
    152 B
    3
  • 101.197.127.157:445
    152 B
    3
  • 79.71.76.91:445
    152 B
    3
  • 5.4.228.181:445
    152 B
    3
  • 78.78.93.7:445
    152 B
    3
  • 202.165.55.229:445
    152 B
    3
  • 139.85.26.160:445
    152 B
    3
  • 82.5.84.130:445
    152 B
    3
  • 37.7.76.40:445
    152 B
    3
  • 191.88.49.81:445
    152 B
    3
  • 152.103.178.103:445
    152 B
    3
  • 153.27.100.222:445
    152 B
    3
  • 70.83.93.237:445
    152 B
    3
  • 112.67.94.164:445
    152 B
    3
  • 122.249.171.20:445
    152 B
    3
  • 170.143.83.87:445
    152 B
    3
  • 184.234.242.192:445
    152 B
    3
  • 20.107.29.244:445
    152 B
    3
  • 116.168.103.142:445
    152 B
    3
  • 131.31.81.34:445
    152 B
    3
  • 15.76.99.225:445
    152 B
    3
  • 51.25.67.88:445
    152 B
    3
  • 34.134.220.89:445
    152 B
    3
  • 142.16.222.72:445
    152 B
    3
  • 115.162.67.165:445
    152 B
    3
  • 176.57.137.234:445
    152 B
    3
  • 19.153.77.1:445
    152 B
    3
  • 169.134.140.131:445
    152 B
    3
  • 138.161.28.128:445
    152 B
    3
  • 124.50.177.43:445
    152 B
    3
  • 12.86.163.248:445
    152 B
    3
  • 92.54.19.137:445
    152 B
    3
  • 41.204.101.124:445
    152 B
    3
  • 182.13.131.51:445
    152 B
    3
  • 147.2.202.171:445
    152 B
    3
  • 197.81.58.202:445
    152 B
    3
  • 122.201.249.177:445
    152 B
    3
  • 148.133.75.235:445
    152 B
    3
  • 81.230.170.94:445
    152 B
    3
  • 110.158.254.130:139
    152 B
    3
  • 70.22.223.17:139
    152 B
    3
  • 199.138.17.119:139
    152 B
    3
  • 163.128.205.126:139
    152 B
    3
  • 76.102.213.167:139
    152 B
    3
  • 115.45.215.146:139
    152 B
    3
  • 83.22.125.210:139
    152 B
    3
  • 146.140.207.38:139
    152 B
    3
  • 182.187.248.99:139
    152 B
    3
  • 13.39.38.52:139
    152 B
    3
  • 193.185.167.30:139
    152 B
    3
  • 160.25.66.228:139
    152 B
    3
  • 141.172.119.135:139
    152 B
    3
  • 174.133.47.162:139
    152 B
    3
  • 75.61.249.55:139
    152 B
    3
  • 221.19.152.94:139
    152 B
    3
  • 89.231.171.33:139
    152 B
    3
  • 192.4.165.17:139
    152 B
    3
  • 145.175.191.137:139
    152 B
    3
  • 124.164.250.174:139
    152 B
    3
  • 116.131.245.112:139
    152 B
    3
  • 87.26.65.65:139
    152 B
    3
  • 40.27.67.108:139
    152 B
    3
  • 96.106.222.56:139
    152 B
    3
  • 131.66.82.61:139
    152 B
    3
  • 82.182.18.162:139
    152 B
    3
  • 146.120.155.44:139
    152 B
    3
  • 87.192.125.58:139
    152 B
    3
  • 87.219.6.62:139
    152 B
    3
  • 39.186.95.56:139
    152 B
    3
  • 38.105.25.55:139
    152 B
    120 B
    3
    3
  • 200.116.70.5:139
    152 B
    3
  • 7.134.197.103:139
    152 B
    3
  • 78.203.96.169:139
    152 B
    3
  • 15.227.182.80:139
    152 B
    3
  • 11.116.82.37:139
    152 B
    3
  • 186.165.48.21:139
    152 B
    3
  • 114.13.167.120:139
    152 B
    3
  • 110.130.204.153:139
    152 B
    3
  • 198.227.137.187:139
    152 B
    3
  • 69.120.47.65:139
    152 B
    3
  • 74.200.152.42:139
    152 B
    3
  • 74.26.50.116:139
    152 B
    3
  • 85.221.106.254:139
    152 B
    3
  • 98.35.210.126:139
    152 B
    3
  • 14.203.112.174:139
    152 B
    3
  • 38.155.72.84:139
    152 B
    3
  • 69.250.211.194:139
    152 B
    3
  • 168.171.213.32:139
    152 B
    3
  • 83.200.166.155:139
    152 B
    3
  • 192.169.63.46:139
    152 B
    3
  • 23.80.11.15:139
    152 B
    3
  • 197.125.130.162:139
    152 B
    3
  • 111.62.30.242:139
    152 B
    3
  • 147.139.121.91:139
    152 B
    3
  • 31.64.123.137:139
    152 B
    3
  • 38.14.7.125:139
    152 B
    3
  • 217.187.135.168:139
    152 B
    3
  • 78.232.154.33:139
    152 B
    3
  • 24.142.132.1:139
    152 B
    120 B
    3
    3
  • 174.162.203.196:139
    152 B
    3
  • 144.36.33.47:139
    152 B
    3
  • 40.28.26.165:139
    152 B
    3
  • 198.194.94.81:139
    152 B
    3
  • 168.199.95.42:139
    152 B
    3
  • 87.117.214.226:139
    152 B
    120 B
    3
    3
  • 162.223.31.166:139
    152 B
    3
  • 118.40.253.9:139
    152 B
    3
  • 115.245.225.89:139
    152 B
    120 B
    3
    3
  • 58.241.192.188:139
    152 B
    3
  • 192.17.106.27:139
    152 B
    3
  • 68.192.2.165:139
    152 B
    3
  • 143.243.11.19:139
    152 B
    3
  • 82.19.106.80:139
    152 B
    3
  • 167.8.236.149:139
    152 B
    3
  • 139.5.223.191:139
    152 B
    3
  • 195.126.191.100:139
    152 B
    3
  • 7.16.249.155:139
    152 B
    3
  • 125.122.129.212:139
    152 B
    3
  • 75.109.232.178:139
    152 B
    3
  • 150.29.10.93:139
    152 B
    3
  • 168.10.28.52:139
    152 B
    3
  • 85.178.224.245:139
    152 B
    3
  • 9.229.207.33:139
    152 B
    3
  • 175.13.98.238:139
    152 B
    3
  • 148.54.238.242:139
    152 B
    3
  • 143.189.150.41:139
    152 B
    3
  • 71.190.38.235:139
    152 B
    3
  • 191.181.23.80:139
    152 B
    3
  • 207.22.248.170:139
    152 B
    3
  • 129.155.235.93:139
    152 B
    3
  • 66.169.251.34:139
    152 B
    3
  • 180.3.139.113:139
    152 B
    3
  • 51.155.17.206:139
    152 B
    3
  • 143.109.219.244:139
    152 B
    3
  • 68.106.175.75:139
    152 B
    3
  • 221.26.77.18:139
    152 B
    3
  • 35.103.82.41:139
    152 B
    3
  • 87.117.214.226:445
    152 B
    120 B
    3
    3
  • 24.142.132.1:445
    152 B
    120 B
    3
    3
  • 212.169.2.115:139
    152 B
    3
  • 73.4.215.31:139
    152 B
    3
  • 38.105.25.55:445
    152 B
    120 B
    3
    3
  • 115.245.225.89:445
    152 B
    120 B
    3
    3
  • 146.141.2.100:139
    152 B
    3
  • 153.234.15.136:139
    152 B
    120 B
    3
    3
  • 164.74.135.45:139
    152 B
    3
  • 94.231.58.50:139
    152 B
    3
  • 153.234.15.136:445
    152 B
    120 B
    3
    3
  • 79.138.85.201:139
    152 B
    3
  • 13.39.38.52:445
    152 B
    3
  • 199.138.17.119:445
    152 B
    3
  • 76.102.213.167:445
    152 B
    3
  • 40.27.67.108:445
    152 B
    3
  • 146.140.207.38:445
    152 B
    3
  • 141.172.119.135:445
    152 B
    3
  • 39.186.95.56:445
    152 B
    3
  • 145.175.191.137:445
    152 B
    3
  • 78.203.96.169:445
    152 B
    3
  • 15.227.182.80:445
    152 B
    3
  • 11.116.82.37:445
    152 B
    3
  • 114.13.167.120:445
    152 B
    3
  • 82.182.18.162:445
    152 B
    3
  • 146.120.155.44:445
    152 B
    3
  • 87.192.125.58:445
    152 B
    3
  • 7.134.197.103:445
    152 B
    3
  • 110.130.204.153:445
    152 B
    3
  • 38.155.72.84:445
    152 B
    3
  • 83.200.166.155:445
    152 B
    3
  • 192.169.63.46:445
    152 B
    3
  • 111.62.30.242:445
    152 B
    3
  • 174.162.203.196:445
    152 B
    3
  • 192.17.106.27:445
    152 B
    3
  • 82.19.106.80:445
    152 B
    3
  • 198.227.137.187:445
    152 B
    3
  • 38.14.7.125:445
    152 B
    3
  • 198.194.94.81:445
    152 B
    3
  • 168.199.95.42:445
    152 B
    3
  • 68.192.2.165:445
    152 B
    3
  • 139.5.223.191:445
    152 B
    3
  • 7.16.249.155:445
    152 B
    3
  • 125.122.129.212:445
    152 B
    3
  • 150.29.10.93:445
    152 B
    3
  • 14.203.112.174:445
    152 B
    3
  • 168.171.213.32:445
    152 B
    3
  • 147.139.121.91:445
    152 B
    3
  • 75.109.232.178:445
    152 B
    3
  • 85.178.224.245:445
    152 B
    3
  • 175.13.98.238:445
    152 B
    3
  • 191.181.23.80:445
    152 B
    3
  • 207.22.248.170:445
    152 B
    3
  • 168.10.28.52:445
    152 B
    3
  • 9.229.207.33:445
    152 B
    3
  • 71.190.38.235:445
    152 B
    3
  • 143.109.219.244:445
    152 B
    3
  • 180.3.139.113:445
    152 B
    3
  • 51.155.17.206:445
    152 B
    3
  • 68.106.175.75:445
    152 B
    3
  • 110.158.254.130:445
    152 B
    3
  • 163.128.205.126:445
    152 B
    3
  • 116.131.245.112:445
    152 B
    3
  • 115.45.215.146:445
    152 B
    3
  • 193.185.167.30:445
    152 B
    3
  • 96.106.222.56:445
    152 B
    3
  • 174.133.47.162:445
    152 B
    3
  • 75.61.249.55:445
    152 B
    3
  • 221.19.152.94:445
    152 B
    3
  • 89.231.171.33:445
    152 B
    3
  • 192.4.165.17:445
    152 B
    3
  • 69.120.47.65:445
    152 B
    3
  • 131.66.82.61:445
    152 B
    3
  • 74.26.50.116:445
    152 B
    3
  • 217.187.135.168:445
    152 B
    3
  • 70.22.223.17:445
    152 B
    3
  • 182.187.248.99:445
    152 B
    3
  • 160.25.66.228:445
    152 B
    3
  • 124.164.250.174:445
    152 B
    3
  • 87.219.6.62:445
    152 B
    3
  • 85.221.106.254:445
    152 B
    3
  • 98.35.210.126:445
    152 B
    3
  • 69.250.211.194:445
    152 B
    3
  • 197.125.130.162:445
    152 B
    3
  • 31.64.123.137:445
    152 B
    3
  • 144.36.33.47:445
    152 B
    3
  • 200.116.70.5:445
    152 B
    3
  • 162.223.31.166:445
    152 B
    3
  • 118.40.253.9:445
    152 B
    3
  • 58.241.192.188:445
    152 B
    3
  • 167.8.236.149:445
    152 B
    3
  • 23.80.11.15:445
    152 B
    3
  • 148.54.238.242:445
    152 B
    3
  • 66.169.251.34:445
    152 B
    3
  • 83.22.125.210:445
    152 B
    3
  • 87.26.65.65:445
    152 B
    3
  • 186.165.48.21:445
    152 B
    3
  • 74.200.152.42:445
    152 B
    3
  • 78.232.154.33:445
    152 B
    3
  • 40.28.26.165:445
    152 B
    3
  • 143.243.11.19:445
    152 B
    3
  • 195.126.191.100:445
    152 B
    3
  • 143.189.150.41:445
    152 B
    3
  • 129.155.235.93:445
    152 B
    3
  • 221.26.77.18:445
    152 B
    3
  • 35.103.82.41:445
    152 B
    3
  • 73.4.215.31:445
    152 B
    3
  • 212.169.2.115:445
    152 B
    3
  • 146.141.2.100:445
    152 B
    3
  • 164.74.135.45:445
    152 B
    3
  • 94.231.58.50:445
    152 B
    3
  • 79.138.85.201:445
    152 B
    3
  • 168.251.27.244:139
    152 B
    3
  • 131.162.186.115:139
    152 B
    3
  • 42.40.182.163:139
    152 B
    3
  • 93.9.237.121:139
    152 B
    3
  • 196.65.223.209:139
    152 B
    3
  • 167.80.212.212:139
    152 B
    3
  • 40.162.61.212:139
    152 B
    3
  • 81.251.90.53:139
    152 B
    3
  • 195.230.53.180:139
    152 B
    3
  • 59.223.12.165:139
    152 B
    3
  • 76.57.179.16:139
    152 B
    3
  • 75.132.254.246:139
    152 B
    3
  • 123.49.191.175:139
    152 B
    3
  • 32.169.5.12:139
    152 B
    3
  • 104.248.241.62:139
    152 B
    3
  • 126.27.13.162:139
    152 B
    3
  • 27.171.98.45:139
    152 B
    3
  • 138.82.170.149:139
    152 B
    3
  • 188.239.80.148:139
    152 B
    3
  • 175.196.104.181:139
    152 B
    3
  • 192.169.3.183:139
    152 B
    3
  • 80.75.171.66:139
    152 B
    3
  • 140.246.250.6:139
    152 B
    3
  • 27.203.211.209:139
    152 B
    3
  • 76.252.148.63:139
    152 B
    3
  • 101.144.69.126:139
    152 B
    3
  • 55.62.74.64:139
    152 B
    3
  • 203.219.24.17:139
    152 B
    3
  • 192.38.188.105:139
    152 B
    3
  • 18.236.52.187:139
    152 B
    3
  • 52.171.132.132:139
    152 B
    3
  • 198.153.163.122:139
    152 B
    3
  • 179.169.144.97:139
    152 B
    3
  • 144.178.232.192:139
    152 B
    3
  • 184.225.127.34:139
    152 B
    3
  • 133.71.47.26:139
    152 B
    3
  • 218.214.198.122:139
    152 B
    3
  • 118.51.102.168:139
    152 B
    3
  • 22.230.20.166:139
    152 B
    3
  • 180.198.122.166:139
    152 B
    3
  • 136.254.187.14:139
    152 B
    3
  • 213.30.144.14:139
    152 B
    3
  • 129.51.57.75:139
    152 B
    3
  • 78.174.246.52:139
    152 B
    3
  • 150.191.22.242:139
    152 B
    3
  • 222.56.163.55:139
    152 B
    3
  • 56.86.121.36:139
    152 B
    3
  • 90.236.55.51:139
    152 B
    3
  • 100.6.161.77:139
    152 B
    3
  • 101.187.52.224:139
    152 B
    3
  • 96.178.100.78:139
    152 B
    3
  • 123.61.173.171:139
    152 B
    3
  • 180.124.196.136:139
    152 B
    3
  • 84.137.73.142:139
    152 B
    3
  • 166.39.247.40:139
    152 B
    3
  • 187.82.43.213:139
    152 B
    3
  • 45.178.233.94:139
    152 B
    3
  • 15.186.24.115:139
    152 B
    3
  • 101.146.56.114:139
    152 B
    3
  • 190.225.198.127:139
    152 B
    3
  • 97.77.219.9:139
    152 B
    3
  • 68.146.9.180:139
    152 B
    3
  • 202.188.155.210:139
    152 B
    3
  • 116.214.212.167:139
    152 B
    3
  • 69.131.153.17:139
    152 B
    3
  • 94.88.246.148:139
    152 B
    3
  • 212.116.140.181:139
    152 B
    3
  • 193.29.189.158:139
    152 B
    3
  • 91.63.146.160:139
    152 B
    3
  • 186.34.17.197:139
    152 B
    3
  • 191.192.1.1:139
    152 B
    3
  • 201.136.180.226:139
    152 B
    3
  • 94.87.98.76:139
    152 B
    3
  • 197.231.69.42:139
    152 B
    3
  • 70.222.31.197:139
    152 B
    3
  • 95.15.183.69:139
    152 B
    3
  • 185.183.104.67:139
    152 B
    3
  • 173.227.227.188:139
    152 B
    3
  • 93.12.194.180:139
    152 B
    3
  • 142.165.135.49:139
    152 B
    3
  • 177.111.22.146:139
    152 B
    3
  • 15.100.226.98:139
    152 B
    3
  • 30.206.78.7:139
    152 B
    3
  • 100.223.229.12:139
    152 B
    3
  • 70.174.148.237:139
    152 B
    3
  • 8.8.8.8:53
    uk.undernet.org
    dns
    tmp259398166.exe
    61 B
    124 B
    1
    1

    DNS Request

    uk.undernet.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.exe

    Filesize

    606KB

    MD5

    e437fcaf41acd150f913f72135acb53e

    SHA1

    7526b5daa35bebc04500c8d1431725ba3e7b7812

    SHA256

    b978bd0dbd2a26f00fbb44b7ca2834dee7129b302bbb894ead494e247326f1a8

    SHA512

    95874f0a78e839d69670625e314697fbdb64f0a4d6593647df728b4b96ed285f30d3f57978fac12f2c33097d1ede6fcc8b3bc4ce05a979128100606f104a02f5

  • \Users\Admin\AppData\Local\Temp\tmp259398166.exe

    Filesize

    51KB

    MD5

    65e8d7fc3273b68dbfe23fdc81a953c2

    SHA1

    9d55f0c92a6cd7821e61aac5faede6a642fa30a1

    SHA256

    42767915cfbc0a25e6e14361f52a8c3816fa54e47480453ec72af4cd79f99329

    SHA512

    03b6327f4786331d4d31936741b8fb83496dc53e10018863ddb6f6cd66599137f9b6f2c89237d13151f7546d31cf652732d0781ba2ca090ce7dcd5a991b8baeb

  • \Users\Admin\AppData\Local\Temp\tmp259398197.exe

    Filesize

    213KB

    MD5

    20d89d1781cde87db3a8b59da816efcc

    SHA1

    4f6670c4dcd8d978b21d1db91e081e609f5abcd0

    SHA256

    4653df6eb852f717ac03d5ecdfdd5e1e2c1ac70b012049f1188e0e7d5b5f8983

    SHA512

    7b03a2e2c5f94a3e6164e160e3346cf0e8247471c48858dad9747dc17c8bccd20caaf2ea9f15d7e6be3e633a01536caefdeff6b384c4448c861f1e5a5ff6cf0e

  • memory/1520-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

  • memory/1520-26-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

  • memory/2364-1656-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1657-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1660-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1664-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1665-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1668-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2364-1669-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.