Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 13:15 UTC

General

  • Target

    6fb99828380efda6fb357be8e59524f6_JaffaCakes118.exe

  • Size

    90KB

  • MD5

    6fb99828380efda6fb357be8e59524f6

  • SHA1

    94a3911a1813273e7464e030b6a52859f62dd1f4

  • SHA256

    0c34a4722c74afd100e8d59d69d21da8b9c1cd813663b9ba5c55737e6f6170ad

  • SHA512

    9e6729262f38f3f200309e5ed810b5899adda6295411d20883445c55095f16df63eef44b6d0951ee8fb66e39dc74e8fcab7874576ff88500ae825b1b8c1b21ed

  • SSDEEP

    1536:oaHn4JUoKrukjj11ZeCBlLD3J2BzUTbimNzBKi570rdYHBYAkodUMTQeoNw4ndFw:LHCu7jjFZ1LA4bvzBNQk2AxdrTQeoNwl

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/SKyptWbF

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fb99828380efda6fb357be8e59524f6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6fb99828380efda6fb357be8e59524f6_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\system32\schtasks.exe
      schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\Admin\AppData\Local\Temp\secured.exe'"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:804
    • C:\Users\Admin\AppData\Local\Temp\secured.exe
      "C:\Users\Admin\AppData\Local\Temp\secured.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2288

Network

  • flag-us
    DNS
    pastebin.com
    secured.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.4.235
    pastebin.com
    IN A
    104.20.3.235
    pastebin.com
    IN A
    172.67.19.24
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:18 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: MISS
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6c75afc094b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:24 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 6
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6c9a1fd794b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:29 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 11
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6cbc3a3c94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:30 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 12
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6cc52fe694b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:32 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 14
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6cd1cc0694b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:37 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 19
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6ceeb8b394b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:40 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 22
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d02befd94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:42 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 24
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d0f6d1994b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:47 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 29
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d2da9d094b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:49 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 31
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d375f6594b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:16:53 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 35
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d52281c94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:04 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 46
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6d965d0594b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:06 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 48
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6da69e8f94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:12 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 54
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6dc7fb2694b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:15 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 57
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6dd9b85d94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:18 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 60
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6deb7be594b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:23 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 65
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e100b7f94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:27 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 69
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e29dcd794b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:30 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 72
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e3c597594b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:35 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 77
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e5999af94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:38 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 80
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e6949c394b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:43 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 85
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e8a48eb94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:45 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 87
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6e999e1194b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:51 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 93
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6ebbb86a94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:54 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 96
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6ecf3ce994b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:17:56 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 98
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6edc096d94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:01 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 103
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6efb3e3794b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:04 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 106
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f10e8e594b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:07 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 109
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f1ede3c94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:11 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 113
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f3a283894b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:13 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 115
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f43efb694b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:17 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 119
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f626ce994b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:20 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 122
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f7169ee94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:25 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 127
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6f9098af94b5-LHR
  • flag-us
    GET
    https://pastebin.com/raw/SKyptWbF
    secured.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/SKyptWbF HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 13:18:31 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 133
    Last-Modified: Thu, 25 Jul 2024 13:16:18 GMT
    Server: cloudflare
    CF-RAY: 8a8c6fb76fa594b5-LHR
  • 104.20.4.235:443
    https://pastebin.com/raw/SKyptWbF
    tls, http
    secured.exe
    6.8kB
    25.1kB
    78
    81

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/SKyptWbF

    HTTP Response

    200
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    80 B
    3
    2
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 193.161.193.99:40760
    secured.exe
    152 B
    120 B
    3
    3
  • 8.8.8.8:53
    pastebin.com
    dns
    secured.exe
    58 B
    106 B
    1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.4.235
    104.20.3.235
    172.67.19.24

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\secured.exe

    Filesize

    90KB

    MD5

    6fb99828380efda6fb357be8e59524f6

    SHA1

    94a3911a1813273e7464e030b6a52859f62dd1f4

    SHA256

    0c34a4722c74afd100e8d59d69d21da8b9c1cd813663b9ba5c55737e6f6170ad

    SHA512

    9e6729262f38f3f200309e5ed810b5899adda6295411d20883445c55095f16df63eef44b6d0951ee8fb66e39dc74e8fcab7874576ff88500ae825b1b8c1b21ed

  • memory/1940-0-0x000007FEF5903000-0x000007FEF5904000-memory.dmp

    Filesize

    4KB

  • memory/1940-1-0x00000000008E0000-0x00000000008FC000-memory.dmp

    Filesize

    112KB

  • memory/1940-2-0x0000000000240000-0x0000000000250000-memory.dmp

    Filesize

    64KB

  • memory/1940-3-0x0000000000300000-0x0000000000318000-memory.dmp

    Filesize

    96KB

  • memory/1940-4-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

    Filesize

    9.9MB

  • memory/1940-11-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

    Filesize

    9.9MB

  • memory/2288-12-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

    Filesize

    9.9MB

  • memory/2288-10-0x00000000003F0000-0x000000000040C000-memory.dmp

    Filesize

    112KB

  • memory/2288-13-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

    Filesize

    9.9MB

  • memory/2288-14-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

    Filesize

    9.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.