Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4c534640c1...18.exe

windows7-x64

8

4c534640c1...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 01:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c534640c1640866fb3f340b7f2f097b_JaffaCakes118.exe

  • Size

    526KB

  • MD5

    4c534640c1640866fb3f340b7f2f097b

  • SHA1

    87335d6780313da3243963768c56a1d57da4ffba

  • SHA256

    74f7681392fa6d1d6c62467d8a9b3ab60df26820ce60fad04585b7cb68d444b1

  • SHA512

    7b66b294999d9266a476e40e0b263197a499207a7d82c7cf22b1ad55bf458a281dc967b273255665f2232c4698365ac483735412bd7248ecc8c8e17a543e3ab5

  • SSDEEP

    12288:FVpo70X4yQySH6u40Prkl84/0zGoPqLbI16MMcxwireV:F3+0Xh46N+2czaPE6MHxw7

Score
8/10
persistenceupx

Malware Config

Signatures

  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c534640c1640866fb3f340b7f2f097b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4c534640c1640866fb3f340b7f2f097b_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Users\Admin\AppData\Local\Temp\QvodSetup5.exe
      "C:\Users\Admin\AppData\Local\Temp\QvodSetup5.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:996
    • C:\Users\Admin\AppData\Local\Temp\qvodplay7.exe
      "C:\Users\Admin\AppData\Local\Temp\qvodplay7.exe"
      2⤵
      • Event Triggered Execution: Image File Execution Options Injection
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4452
      • C:\Users\Admin\AppData\Local\Temp\~24065665.exe
        C:\Users\Admin\AppData\Local\Temp\~24065665.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:976
        • C:\Windows\SysWOW64\cmd.exe
          cmd
          4⤵
            PID:3008

    Network

    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      147.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.142.123.92.in-addr.arpa
      IN PTR
      Response
      147.142.123.92.in-addr.arpa
      IN PTR
      a92-123-142-147deploystaticakamaitechnologiescom
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 751091
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BBCA2007D3B649179E53DE64DE095BA1 Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 502729
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8FAEAE4AA4474984AD2BD8ED87C370C4 Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 866696
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 10265254CE9D4FDF98A547372D32BEF9 Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 639396
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C43E4D40EE5746A2AD052EB9F594884A Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 892656
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 07A511BF7A9C413FB5364762E8E42418 Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 473680
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 989BE8C1E6844DA99777DC7562316E6E Ref B: LON04EDGE0709 Ref C: 2024-07-16T01:53:54Z
      date: Tue, 16 Jul 2024 01:53:54 GMT
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      inl7.oi1i.com
      ~24065665.exe
      Remote address:
      8.8.8.8:53
      Request
      inl7.oi1i.com
      IN A
      Response
    • flag-us
      DNS
      qd.kuaibo.com
      QvodSetup5.exe
      Remote address:
      8.8.8.8:53
      Request
      qd.kuaibo.com
      IN A
      Response
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      147.1kB
       4.3MB
       3113
      3109

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      140.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      140.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      147.142.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      147.142.123.92.in-addr.arpa

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      inl7.oi1i.com
      dns
      ~24065665.exe
      59 B
       132 B
       1
      1

      DNS Request

      inl7.oi1i.com

    • 8.8.8.8:53
      qd.kuaibo.com
      dns
      QvodSetup5.exe
      59 B
       127 B
       1
      1

      DNS Request

      qd.kuaibo.com

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\QvodSetup5.exe
      Filesize

      540KB

      MD5

      59e20e2ec60d5946ad54b64a3deb1c83

      SHA1

      7027c9308b7b2d14ff9fd7b81efa81a1c9a0ec68

      SHA256

      538c299746b0afa502968f74f13220069a204e06d008c429a19762ee7ae097bc

      SHA512

      283824f4d63fdef8eba6a078dc7dcaff401cc13aee6e3c970f0505772b4b1525e2ad805dc2e90b3140f3d9523ea7db575eaf860db60f6c2b4a8edb289d447aa9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\qvodplay7.exe
      Filesize

      29KB

      MD5

      1a3440da9f8f5cad3319d8b2e17772be

      SHA1

      fb3c6ec93d7d15228f77d71651a8f24a1a35facf

      SHA256

      09c7ece20c9b50b0d272cc40c45a965d289a9ae73441a0b893de3c9532aeeae3

      SHA512

      b22e08e4fc4a4acb760a3d56992b9d73f1ccb5ac2eaff04f66587b55b3a3396f3760840c50e7800f1e51cd95ef95f6d70a41e6c3766ed60cb41ada85920c5e23

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~24065665.exe
      Filesize

      8KB

      MD5

      1c85b838536b8027027ed9a9019f6e57

      SHA1

      193086e31000ad275b91798e6ab2bf1823f28fb7

      SHA256

      513684483d92bef7b9ea5f279b47cededbfa059bd7688f0944cd9c3e0a7c4c3c

      SHA512

      7fa2da850652713edc6e187d0014f12ae877d8f6699160a4e0b1ed6d8163279316ace4d81373ee98f22a7f5b816f81a531af1a23c0e9ebb35546e9f8e0d9e25c

      Download Submit

    • memory/996-23-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/996-65-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-45-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-59-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-30-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-51-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-35-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-49-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/996-17-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/1476-22-0x0000000000400000-0x0000000000485398-memory.dmp

      Filesize

      532KB

      Download

    • memory/1476-0-0x0000000000400000-0x0000000000485398-memory.dmp

      Filesize

      532KB

      Download

    • memory/4452-34-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4452-46-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4452-36-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4452-33-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4452-31-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4452-21-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.