Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 05:45

General

  • Target

    d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118.exe

  • Size

    252KB

  • MD5

    d3ae29e3719d5fd68d31bf3c4d9eac30

  • SHA1

    8739e0f1800b0a89c48e400bd36a705c39bf1c4d

  • SHA256

    bc1c02ee6e4d533847e586205284c7cc4d69909b2bd9c6781c92c766384405f2

  • SHA512

    db2cb32a5dd1fbb061e1755a48b1b9b1c35ba01a2405e5f26f5afb4f0ead8ccee3f001e6d8178e134ac65eb7b5b2eed064c978ef0fd72188805eefa8245130bf

  • SSDEEP

    6144:Qkp72oN2xBsSc6HHLHEKrNhKb1prrTYJR/zMCZf:QkX+sgHLEKphKb1pnYb

Malware Config

Signatures

  • Detects PlugX payload 18 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:452
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:3784

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 673255
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D02271001CC7487FA799EA887ABEA10A Ref B: LON04EDGE0911 Ref C: 2024-09-08T05:46:01Z
    date: Sun, 08 Sep 2024 05:46:00 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 754419
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0A646CE24DA646198B577A2B7C21A76C Ref B: LON04EDGE0911 Ref C: 2024-09-08T05:46:01Z
    date: Sun, 08 Sep 2024 05:46:00 GMT
  • flag-us
    DNS
    138.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-unknown
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    255.255.255.255:53
    Request
    jepsen.r3u8.com
    IN A
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • flag-us
    DNS
    jepsen.r3u8.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    jepsen.r3u8.com
    IN A
    Response
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    53.5kB
    1.5MB
    1088
    1084

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    138.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    138.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 255.255.255.255:53
    jepsen.r3u8.com
    dns
    svchost.exe
    305 B
    5

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53
    jepsen.r3u8.com
    dns
    svchost.exe
    61 B
    134 B
    1
    1

    DNS Request

    jepsen.r3u8.com

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/452-32-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-41-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-33-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-4-0x0000000000E70000-0x0000000000E71000-memory.dmp

    Filesize

    4KB

  • memory/452-5-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-8-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-31-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-21-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-22-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-23-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-20-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-9-0x0000000001490000-0x00000000014BE000-memory.dmp

    Filesize

    184KB

  • memory/452-19-0x0000000000E70000-0x0000000000E71000-memory.dmp

    Filesize

    4KB

  • memory/1820-7-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

  • memory/1820-26-0x0000000003510000-0x0000000003610000-memory.dmp

    Filesize

    1024KB

  • memory/1820-1-0x0000000003510000-0x0000000003610000-memory.dmp

    Filesize

    1024KB

  • memory/1820-2-0x0000000003780000-0x00000000037AE000-memory.dmp

    Filesize

    184KB

  • memory/1820-3-0x0000000003780000-0x00000000037AE000-memory.dmp

    Filesize

    184KB

  • memory/3784-25-0x0000000002580000-0x00000000025AE000-memory.dmp

    Filesize

    184KB

  • memory/3784-30-0x0000000002580000-0x00000000025AE000-memory.dmp

    Filesize

    184KB

  • memory/3784-29-0x0000000002580000-0x00000000025AE000-memory.dmp

    Filesize

    184KB

  • memory/3784-28-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

  • memory/3784-27-0x0000000002580000-0x00000000025AE000-memory.dmp

    Filesize

    184KB

  • memory/3784-24-0x00000000007D0000-0x00000000007D1000-memory.dmp

    Filesize

    4KB

  • memory/3784-34-0x0000000002580000-0x00000000025AE000-memory.dmp

    Filesize

    184KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.