Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 21:17 UTC

General

  • Target

    3786fcb6140f9aa71c65abe4a53af23ab35f66ce734736ad2bf6fb1d6b01575b.exe

  • Size

    6.7MB

  • MD5

    45c5c737a738f01c4b08bbaa771fa02b

  • SHA1

    067a9e35cdd45ff31536203ac7e98ca682f97e1c

  • SHA256

    3786fcb6140f9aa71c65abe4a53af23ab35f66ce734736ad2bf6fb1d6b01575b

  • SHA512

    3459b1f371d9cb1970251270e3285cbb7591b5e54ef489334ca0a122f24024507da99334d474081421d9810ed2b1acbc4a9d4ec2a657d82c4b6e3696890f537c

  • SSDEEP

    98304:qiCQN7R5prsGljcxb+Fja/E05q/M/CUodfvI0CyLNjAY+iTWfkSZ9QwGvZ/u9dkD:/Ce75sGljcqjc5q/MxppZ6xvZ29di

Malware Config

Signatures

  • Detect Socks5Systemz Payload 3 IoCs
  • Socks5Systemz

    Socks5Systemz is a botnet written in C++.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3786fcb6140f9aa71c65abe4a53af23ab35f66ce734736ad2bf6fb1d6b01575b.exe
    "C:\Users\Admin\AppData\Local\Temp\3786fcb6140f9aa71c65abe4a53af23ab35f66ce734736ad2bf6fb1d6b01575b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Users\Admin\AppData\Local\Temp\is-JUC98.tmp\is-7RNCT.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JUC98.tmp\is-7RNCT.tmp" /SL4 $602CE "C:\Users\Admin\AppData\Local\Temp\3786fcb6140f9aa71c65abe4a53af23ab35f66ce734736ad2bf6fb1d6b01575b.exe" 6735210 52224
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:400
      • C:\Users\Admin\AppData\Local\MP3 CD Ripper Beta\mp3cdripperbeta32_64.exe
        "C:\Users\Admin\AppData\Local\MP3 CD Ripper Beta\mp3cdripperbeta32_64.exe" -i
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2964
      • C:\Users\Admin\AppData\Local\MP3 CD Ripper Beta\mp3cdripperbeta32_64.exe
        "C:\Users\Admin\AppData\Local\MP3 CD Ripper Beta\mp3cdripperbeta32_64.exe" -s
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4408

Network

  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2EF293BA9C5C63690C7B877F9DE7621B; domain=.bing.com; expires=Sun, 17-Aug-2025 21:17:11 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9311E97FF70D4A5487D3E80E87ED7AF9 Ref B: LON04EDGE0821 Ref C: 2024-07-23T21:17:11Z
    date: Tue, 23 Jul 2024 21:17:10 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2EF293BA9C5C63690C7B877F9DE7621B
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=hL-TfzK45sUQuSo2RYPyMD431_qJSYsIy8fQZH0781Q; domain=.bing.com; expires=Sun, 17-Aug-2025 21:17:11 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 54BCA1D1C5694100AC3AD99E7052ACAA Ref B: LON04EDGE0821 Ref C: 2024-07-23T21:17:11Z
    date: Tue, 23 Jul 2024 21:17:10 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2EF293BA9C5C63690C7B877F9DE7621B; MSPTC=hL-TfzK45sUQuSo2RYPyMD431_qJSYsIy8fQZH0781Q
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 27D65809FC3647A184D039D270CA5332 Ref B: LON04EDGE0821 Ref C: 2024-07-23T21:17:11Z
    date: Tue, 23 Jul 2024 21:17:10 GMT
  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 570135
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 423F2A48694D481E8FCE573150ADCA7D Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:48Z
    date: Tue, 23 Jul 2024 21:18:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 639396
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 89EE3EE044FB496B901C172A5BC82201 Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:48Z
    date: Tue, 23 Jul 2024 21:18:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 751091
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 98704656593F499EA419FF675725334E Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:48Z
    date: Tue, 23 Jul 2024 21:18:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239359734403_1QUIFQSNPPFE4TECL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239359734403_1QUIFQSNPPFE4TECL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 737279
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F1E2B40E2B094321B81840626AA6311B Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:48Z
    date: Tue, 23 Jul 2024 21:18:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 739548
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 807E094A65DA4599ABA3B31F289CF2A1 Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:48Z
    date: Tue, 23 Jul 2024 21:18:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239359734404_1RBLA5UG5KRWGU20H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239359734404_1RBLA5UG5KRWGU20H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 818456
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 33137C0EF45140F38448F8B5D35D4909 Ref B: LON04EDGE1021 Ref C: 2024-07-23T21:18:49Z
    date: Tue, 23 Jul 2024 21:18:48 GMT
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-lt
    DNS
    beyledp.com
    mp3cdripperbeta32_64.exe
    Remote address:
    91.211.247.248:53
    Request
    beyledp.com
    IN A
    Response
    beyledp.com
    IN A
    94.156.8.80
  • flag-lt
    GET
    http://beyledp.com/search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692396689f918c4e695
    mp3cdripperbeta32_64.exe
    Remote address:
    94.156.8.80:80
    Request
    GET /search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692396689f918c4e695 HTTP/1.1
    Host: beyledp.com
    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.20.1
    Date: Tue, 23 Jul 2024 21:19:13 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    X-Powered-By: PHP/7.4.33
  • flag-lt
    GET
    http://beyledp.com/search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12eab517aa5c96bd86e8908f4f815a8bbc896c58e713bc90c91836b5281fc235a925ed3e5dd6bd974a95129070b616e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff813c1e893933fc46f
    mp3cdripperbeta32_64.exe
    Remote address:
    94.156.8.80:80
    Request
    GET /search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12eab517aa5c96bd86e8908f4f815a8bbc896c58e713bc90c91836b5281fc235a925ed3e5dd6bd974a95129070b616e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff813c1e893933fc46f HTTP/1.1
    Host: beyledp.com
    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.20.1
    Date: Tue, 23 Jul 2024 21:19:15 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    X-Powered-By: PHP/7.4.33
  • flag-us
    DNS
    80.8.156.94.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    80.8.156.94.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    248.247.211.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    248.247.211.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.111.10.176.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.111.10.176.in-addr.arpa
    IN PTR
    Response
    158.111.10.176.in-addr.arpa
    IN PTR
    opg63sweetantslocationscom
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    tls, http2
    2.0kB
    9.3kB
    22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204
  • 52.111.236.22:443
    322 B
    7
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239359734404_1RBLA5UG5KRWGU20H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    153.1kB
    4.4MB
    3210
    3205

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239359734403_1QUIFQSNPPFE4TECL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239359734404_1RBLA5UG5KRWGU20H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 94.156.8.80:80
    http://beyledp.com/search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12eab517aa5c96bd86e8908f4f815a8bbc896c58e713bc90c91836b5281fc235a925ed3e5dd6bd974a95129070b616e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff813c1e893933fc46f
    http
    mp3cdripperbeta32_64.exe
    906 B
    1.7kB
    6
    5

    HTTP Request

    GET http://beyledp.com/search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692396689f918c4e695

    HTTP Response

    200

    HTTP Request

    GET http://beyledp.com/search/?q=67e28dd8385cf17b455daa1f7c27d78406abdd88be4b12eab517aa5c96bd86e8908f4f815a8bbc896c58e713bc90c91836b5281fc235a925ed3e5dd6bd974a95129070b616e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff813c1e893933fc46f

    HTTP Response

    200
  • 176.10.111.158:2023
    mp3cdripperbeta32_64.exe
    659 B
    174 B
    5
    4
  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    17.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    17.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 91.211.247.248:53
    beyledp.com
    dns
    mp3cdripperbeta32_64.exe
    57 B
    84 B
    1
    1

    DNS Request

    beyledp.com

    DNS Response

    94.156.8.80

  • 8.8.8.8:53
    248.247.211.91.in-addr.arpa
    dns
    73 B
    130 B
    1
    1

    DNS Request

    248.247.211.91.in-addr.arpa

  • 8.8.8.8:53
    80.8.156.94.in-addr.arpa
    dns
    70 B
    130 B
    1
    1

    DNS Request

    80.8.156.94.in-addr.arpa

  • 8.8.8.8:53
    158.111.10.176.in-addr.arpa
    dns
    73 B
    115 B
    1
    1

    DNS Request

    158.111.10.176.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\MP3 CD Ripper Beta\mp3cdripperbeta32_64.exe

    Filesize

    3.1MB

    MD5

    538be7e5b91d8e72f0b65d7f25340a18

    SHA1

    43b324d412c70dec1f4551552f66990c093351a6

    SHA256

    54e9c3657ec6435e94dfb9ffe9646c3f460254eee05cd9cd61cb15fdeb4b277c

    SHA512

    ef6b3c823994d3e1d063c4f8fa43fd395b84173f4e9e9f7b973b7af19cbba222798aaca330ca54941e80c655b36a341f12e44b620e6ba196f8f04e75d49fecbf

  • C:\Users\Admin\AppData\Local\Temp\is-JUC98.tmp\is-7RNCT.tmp

    Filesize

    642KB

    MD5

    6580f6f26daf83c5e4d3e3b28e2f70f6

    SHA1

    5bc35126a341e038b96923db25c3f5424a631c5e

    SHA256

    e241bd09fc67344895f45de4fb9f147d618a8a5bcec360c83882675e75ebd672

    SHA512

    8f042bbbaec8f0a7cb31cfa44ed0e3d72100e3f3473f442e06ffc7f90322da4cb54979ba51365033cba927b801225d339e64b3b31c3b57483b76bd006908dd36

  • C:\Users\Admin\AppData\Local\Temp\is-UTGK1.tmp\_iscrypt.dll

    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

  • memory/400-67-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

  • memory/400-15-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

  • memory/2632-2-0x0000000000401000-0x000000000040A000-memory.dmp

    Filesize

    36KB

  • memory/2632-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/2632-66-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/2964-57-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/2964-58-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/2964-60-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/2964-61-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-72-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-87-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-68-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-71-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-64-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-75-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-78-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-81-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-84-0x00000000009F0000-0x0000000000A92000-memory.dmp

    Filesize

    648KB

  • memory/4408-65-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-92-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-95-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-98-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-101-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-104-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-107-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-108-0x00000000009F0000-0x0000000000A92000-memory.dmp

    Filesize

    648KB

  • memory/4408-109-0x00000000009F0000-0x0000000000A92000-memory.dmp

    Filesize

    648KB

  • memory/4408-113-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/4408-116-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.