Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 07:25 UTC
Static task
static1
Behavioral task
behavioral1
Sample
c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
c86e15085144ad16a9a62bb67c4d4042
-
SHA1
15d3174e8b8f3dd171ef5fbc463fbcf6b588f60d
-
SHA256
6a3f3dbadb3325deed042ff9f91ccc369e84d82a32c48bf2ecae3f2973adaa1c
-
SHA512
89c34c1fb3671f03a1d9e7dc86cce920bece27243abaf15f12acabe95cdaa3e25dae16aa04dab8b581667668e8f426f3998fa75e1449e35e88c7f28a70a56e13
-
SSDEEP
12288:yvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D:SbLgddQhfdmMSirYbcMNgef0
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3303) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 3 IoCs
pid Process 4440 mssecsvc.exe 4972 mssecsvc.exe 4944 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\WINDOWS\mssecsvc.exe rundll32.exe File created C:\WINDOWS\tasksche.exe mssecsvc.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mssecsvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mssecsvc.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" mssecsvc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4308 wrote to memory of 396 4308 rundll32.exe 83 PID 4308 wrote to memory of 396 4308 rundll32.exe 83 PID 4308 wrote to memory of 396 4308 rundll32.exe 83 PID 396 wrote to memory of 4440 396 rundll32.exe 84 PID 396 wrote to memory of 4440 396 rundll32.exe 84 PID 396 wrote to memory of 4440 396 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4308 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c86e15085144ad16a9a62bb67c4d4042_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:396 -
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4440 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i4⤵
- Executes dropped EXE
PID:4944
-
-
-
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe -m security1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4972
Network
-
Remote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN AResponsewww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN A104.16.167.228www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comIN A104.16.166.228
-
Remote address:104.16.167.228:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 8baacf3cfb7094e7-LHR
-
Remote address:104.16.167.228:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 607
Connection: close
Server: cloudflare
CF-RAY: 8baacf3dfa5a9455-LHR
-
Remote address:8.8.8.8:53Request228.167.16.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Request24.139.73.23.in-addr.arpaIN PTRResponse24.139.73.23.in-addr.arpaIN PTRa23-73-139-24deploystaticakamaitechnologiescom
-
Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Request40.16.46.147.in-addr.arpaIN PTRResponse
-
Request1.94.61.191.in-addr.arpaIN PTRResponse
-
Request205.94.61.191.in-addr.arpaIN PTRResponse
-
Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 435187
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7800F3FC74C04D259F9D686BF9461045 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
date: Thu, 29 Aug 2024 07:27:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 518597
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 636F0C34D9AD480489C167856610A454 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
date: Thu, 29 Aug 2024 07:27:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 754419
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09B6ED727E084F80A373A8F08BB918D0 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
date: Thu, 29 Aug 2024 07:27:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 490098
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6750A5CC08F049C8AF82E7FEA90C7648 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
date: Thu, 29 Aug 2024 07:27:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 610666
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CF4B265F28F7421D907E2488FF0104F1 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:31Z
date: Thu, 29 Aug 2024 07:27:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90RequestGET /th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 500661
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1CAF737FF0D44259DB59BFDAB0BA4E7 Ref B: LON04EDGE0919 Ref C: 2024-08-29T07:27:32Z
date: Thu, 29 Aug 2024 07:27:31 GMT
-
Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Request83.252.187.178.in-addr.arpaIN PTRResponse
-
Request2.94.61.191.in-addr.arpaIN PTRResponse
-
Request2.94.61.191.in-addr.arpaIN PTR
-
Request2.94.61.191.in-addr.arpaIN PTR
-
Request3.94.61.191.in-addr.arpaIN PTRResponse
-
Request4.94.61.191.in-addr.arpaIN PTRResponse
-
Request147.31.16.37.in-addr.arpaIN PTRResponse
-
Request1.31.16.37.in-addr.arpaIN PTRResponse
-
Request2.31.16.37.in-addr.arpaIN PTRResponse
-
Request5.94.61.191.in-addr.arpaIN PTRResponse
-
Request6.94.61.191.in-addr.arpaIN PTRResponse
-
Request3.31.16.37.in-addr.arpaIN PTR
-
376 B 990 B 6 5
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/HTTP Response
200 -
376 B 990 B 6 5
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/HTTP Response
200 -
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 80 B 2 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 80 B 2 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 80 B 2 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
95 B 127 B 1 1
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
DNS Response
104.16.167.228104.16.166.228
-
73 B 135 B 1 1
DNS Request
228.167.16.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.6MB
MD52dd2f810f4a7a89c3488d7be73169d12
SHA136635df9fe5148f6e11c2b4021c70b4dd204e2a7
SHA25605cdee7b2e4c71f6adc2676a29ad3b8b164bb8a29f8e36c046e2502290649f84
SHA512d1dccc472c0c0aedff58403d7e08c65f62414b53695282dc8b9f59c593ab6fbfbd3b77726e87c5258ca4700686fb27a270677f2e2b4384555dfc5bfb34e590ad
-
Filesize
3.4MB
MD57f51e2c3f9cd8c9561e549d58508668f
SHA1c7e69712737307515a3d56c5d25d43e968130d46
SHA2568a5c69817d0b09acfc0ae921969b0607d6937ade6898f6364bced0341843cd52
SHA512fcea49a0b7596e0bab3289b3b68c23b681f952ba8cc8432fe85393fbc5acffe4bb10d7425aa7e3dd510fb73903945e8e978023d2ee090e26206d91975cf6b39a