d88271eb4440a41f65cad7e1d6c8b6b5f5d627d2bba8783b7ca76890467e9947

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 17:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SmokeySpoofer-main.zip
Size

581KB
MD5

23d5ad584a5094288b5e12150935925c
SHA1

f7bd4a4ab5f349ef275d58df9445a6afc23796b4
SHA256

d88271eb4440a41f65cad7e1d6c8b6b5f5d627d2bba8783b7ca76890467e9947
SHA512

863829d45e6fb12648700b5fd221f00e18c4f14fc721db1f9634686fc846cce65a57024575ba89613b756e1836e141ed9dd9c9a31107c9b79f83001f4e5faaa5
SSDEEP

12288:lima08bs6anNi3bEWGSHdWCvFM70vVPmHM8PXHeR:liZ7bas3bETSHXFq0vQsKeR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649350043581149"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
868	chrome.exe
868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1124	868	chrome.exe	101
PID 868 wrote to memory of 1124	868	chrome.exe	101
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 4620	868	chrome.exe	102
PID 868 wrote to memory of 184	868	chrome.exe	103
PID 868 wrote to memory of 184	868	chrome.exe	103
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104
PID 868 wrote to memory of 3060	868	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer-main.zip
1⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4316,i,3027467512973953085,11878940668304988630,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
1⤵
PID:1164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffedd62ab58,0x7ffedd62ab68,0x7ffedd62ab78
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:8
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1912,i,175265137832069315,6369219778315184821,131072 /prefetch:8
  2⤵
  PID:4428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4660

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

101.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.58.20.217.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR

Response

147.142.123.92.in-addr.arpa

IN PTR

a92-123-142-147deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

10.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

99.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.58.20.217.in-addr.arpa

IN PTR

Response
DNS

37.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.56.20.217.in-addr.arpa

IN PTR

Response

142.250.180.4:443

www.google.com

tls

chrome.exe

953 B
4.6kB
8
9
172.217.16.238:443

clients2.google.com

tls, http2

chrome.exe

953 B
8.1kB
8
9

8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

101.58.20.217.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

101.58.20.217.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

147.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

147.142.123.92.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
142.250.180.4:443

www.google.com

https

chrome.exe

5.7kB
23.8kB
35
37
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.178.250.142.in-addr.arpa
8.8.8.8:53

10.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.178.250.142.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.16.238
172.217.16.238:443

clients2.google.com

https

chrome.exe

3.7kB
8.0kB
11
11
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

99.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

99.58.20.217.in-addr.arpa
8.8.8.8:53

37.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

37.56.20.217.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e10bca0-ca15-41be-b4ea-77c7f118cbec.tmp

Filesize
285KB

MD5
8d9e508530538544f19c7ede48f1f7bb

SHA1
845a84635dfd964d5211df84e65d68235d232d7e

SHA256
0030a794c5d0a367069078e1f29da85897a3150075a8fe63d048ffb231101445

SHA512
4b7b63ccb30a762cfe401a01465f5212cab52014eee7d7d4ba3e20da405fa0b9afca5fd2920d0c912a4809568681fcc1b4ef209e44bb41282ae8141745894bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1cb8042a69421bb58761d77500fb9b6

SHA1
f0d5384bcf1bf5dc55448af41ce3f84a0de26a85

SHA256
b07fafae9f5eb3dd378377ef4b6bac1b6bc23b0654cc1d278c85fe506533b649

SHA512
fe937990198c1aec38e529c73ea1eb0e087ca2384c6d9d3782cf777cdca6d93bf1f2ad47b8736807dc71343ce46efb936ce684443a2a0e9fdb7a90480118a494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
911fb43b596e9f0294fb89341e97cb30

SHA1
c6061c09d2b7e3c8ca44f5cd516f38019263d9ea

SHA256
679e96c72f528f6c8271e9d3198e485863976bb73c032bc2f19e8d8b5858d00a

SHA512
b97b8e2695a244e353f943ea8df174ec70d19ffa3289e6b375498c8e7cbf99d4a753d0b73aa9082c1977f12b91fb9f6e90a8f045150a7e23b428fe01694d15e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be248261c41c6e7f6591e65850f75d47

SHA1
6d979603a3aa14aae9204512cbcff57c38c9dbcd

SHA256
19908e4326a83f2d8fb25c139977e15e366cfefadd1cf1261c8aea522687af6d

SHA512
0ad86caec6f5f552ef45e29c6819e05b2ded1585bc0e08c390908ab5848a737aa41864393b1d6cd407bdf54b7f9c1fd253f78af458ae38112aca090e9cd74f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2b800b81517f7b917cb22e9138b55a27

SHA1
637e19cfd0c9924b073180bfaa1a4ad14ea0a63e

SHA256
add140039a1dc7e1583f0124b5ea4995a598af7a5646bf7b694176393c9256cd

SHA512
2e1c85f26c97a40e88f4d654fc2aa08b363b702097f51e2346f09ff1145070b8c235f8cf04d70ea853114ebf3beda2131b4e73d7714a75120cb6e6a174e90269

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.