Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

edc9d46d51...18.dll

windows7-x64

10

edc9d46d51...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 14:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edc9d46d513eeea22b8c6fa189bc20bc_JaffaCakes118.dll

  • Size

    5.0MB

  • MD5

    edc9d46d513eeea22b8c6fa189bc20bc

  • SHA1

    cfa3c5b8897e50a64779efbd858b52fba93398ff

  • SHA256

    740f5a1c574ac7cad6134438ffef5b8b4c07aad1167c15e9043aeeffa444b46e

  • SHA512

    88dc79e91da48292fb4b02ca47df24fba14a78a90a9951f448ee1a6adc2f9eaf28bbd5ad901dfd4cfd42be5b3d527884254faed0d2b1caa090324416182ab6fa

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAFEau3R8yAH1plAH:+DqPoBhz1aRxcSUDk36SAT3R8yAVp2H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3275) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\edc9d46d513eeea22b8c6fa189bc20bc_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\edc9d46d513eeea22b8c6fa189bc20bc_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\WINDOWS\mssecsvc.exe
        C:\WINDOWS\mssecsvc.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:2052
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          PID:2436
  • C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2396

Network

  • flag-us
    DNS
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    mssecsvc.exe
    Remote address:
    8.8.8.8:53
    Request
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    Response
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.167.228
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    IN A
    104.16.166.228
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.167.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Fri, 20 Sep 2024 14:29:18 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 8c6281c39d9c9430-LHR
  • flag-us
    GET
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    mssecsvc.exe
    Remote address:
    104.16.167.228:80
    Request
    GET / HTTP/1.1
    Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Fri, 20 Sep 2024 14:29:18 GMT
    Content-Type: text/html
    Content-Length: 607
    Connection: close
    Server: cloudflare
    CF-RAY: 8c6281c5783dcd53-LHR
  • 104.16.167.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    330 B
     990 B
     5
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 104.16.167.228:80
    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
    http
    mssecsvc.exe
    330 B
     990 B
     5
    5

    HTTP Request

    GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

    HTTP Response

    200
  • 190.84.59.133:445
    mssecsvc.exe
    52 B
     1
  • 10.127.0.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.3.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.1.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.2.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.4.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.5.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.6.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.7.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.8.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.9.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.10.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.11.1:445
    mssecsvc.exe
    52 B
     1
  • 11.156.111.127:445
    mssecsvc.exe
    52 B
     1
  • 10.127.12.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.13.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.14.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.16.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.15.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.20.1:445
    mssecsvc.exe
    52 B
     1
  • 42.128.151.136:445
    mssecsvc.exe
    52 B
     1
  • 10.127.18.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.21.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.17.1:445
    mssecsvc.exe
    52 B
     1
  • 9.152.223.4:445
    mssecsvc.exe
    52 B
     1
  • 10.127.19.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.25.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.23.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.22.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.24.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.26.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.27.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.28.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.29.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.30.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.31.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.32.1:445
    mssecsvc.exe
    52 B
     1
  • 15.17.105.213:445
    mssecsvc.exe
    52 B
     1
  • 10.127.33.1:445
    mssecsvc.exe
    52 B
     1
  • 100.119.204.216:445
    mssecsvc.exe
    52 B
     1
  • 10.127.34.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.36.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.35.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.38.1:445
    mssecsvc.exe
    52 B
     1
  • 221.65.107.164:445
    mssecsvc.exe
    52 B
     1
  • 10.127.42.1:445
    mssecsvc.exe
    52 B
     1
  • 1.104.35.61:445
    mssecsvc.exe
    52 B
     1
  • 10.127.37.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.39.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.40.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.41.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.43.1:445
    mssecsvc.exe
    52 B
     1
  • 175.29.3.179:445
    mssecsvc.exe
    52 B
     1
  • 10.127.44.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.46.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.45.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.47.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.48.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.49.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.50.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.51.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.52.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.53.1:445
    mssecsvc.exe
    52 B
     1
  • 55.50.114.154:445
    mssecsvc.exe
    52 B
     1
  • 10.127.54.1:445
    mssecsvc.exe
    52 B
     1
  • 30.65.96.100:445
    mssecsvc.exe
    52 B
     1
  • 103.104.27.198:445
    mssecsvc.exe
    52 B
     1
  • 10.127.55.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.56.1:445
    mssecsvc.exe
    52 B
     1
  • 40.57.159.140:445
    mssecsvc.exe
    52 B
     1
  • 10.127.57.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.63.1:445
    mssecsvc.exe
    52 B
     1
  • 23.187.221.63:445
    mssecsvc.exe
    52 B
     1
  • 10.127.58.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.64.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.62.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.59.1:445
    mssecsvc.exe
    52 B
     1
  • 130.67.37.29:445
    mssecsvc.exe
    52 B
     1
  • 10.127.60.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.66.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.65.1:445
    mssecsvc.exe
    52 B
     1
  • 2.174.56.174:445
    mssecsvc.exe
    52 B
     1
  • 10.127.61.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.67.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.68.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.69.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.70.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.71.1:445
    mssecsvc.exe
    52 B
     1
  • 67.151.134.187:445
    mssecsvc.exe
    52 B
     1
  • 10.127.72.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.73.1:445
    mssecsvc.exe
    52 B
     1
  • 97.93.75.185:445
    mssecsvc.exe
    52 B
     1
  • 10.127.75.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.74.1:445
    mssecsvc.exe
    52 B
     1
  • 202.103.101.251:445
    mssecsvc.exe
    52 B
     1
  • 149.54.137.50:445
    mssecsvc.exe
    52 B
     1
  • 10.127.76.1:445
    mssecsvc.exe
    52 B
     1
  • 101.106.63.167:445
    mssecsvc.exe
    52 B
     1
  • 10.127.78.1:445
    mssecsvc.exe
    52 B
     1
  • 77.69.183.209:445
    mssecsvc.exe
    52 B
     1
  • 10.127.79.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.82.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.77.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.81.1:445
    mssecsvc.exe
    52 B
     1
  • 25.20.48.89:445
    mssecsvc.exe
    52 B
     1
  • 10.127.83.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.80.1:445
    mssecsvc.exe
    52 B
     1
  • 98.89.183.53:445
    mssecsvc.exe
    52 B
     1
  • 10.127.84.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.85.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.86.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.87.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.88.1:445
    mssecsvc.exe
    52 B
     1
  • 199.87.189.7:445
    mssecsvc.exe
    52 B
     1
  • 10.127.89.1:445
    mssecsvc.exe
    52 B
     1
  • 30.198.76.95:445
    mssecsvc.exe
    52 B
     1
  • 10.127.90.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.91.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.92.1:445
    mssecsvc.exe
    52 B
     1
  • 184.17.197.66:445
    mssecsvc.exe
    52 B
     1
  • 167.72.221.217:445
    mssecsvc.exe
    52 B
     1
  • 10.127.95.1:445
    mssecsvc.exe
    52 B
     1
  • 144.121.129.130:445
    mssecsvc.exe
    52 B
     1
  • 10.127.99.1:445
    mssecsvc.exe
    52 B
     1
  • 176.186.154.55:445
    mssecsvc.exe
    52 B
     1
  • 184.29.6.0:445
    mssecsvc.exe
    52 B
     1
  • 149.243.38.60:445
    mssecsvc.exe
    52 B
     1
  • 10.127.94.1:445
    mssecsvc.exe
    52 B
     1
  • 8.76.232.157:445
    mssecsvc.exe
    52 B
     1
  • 10.127.100.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.104.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.106.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.97.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.102.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.103.1:445
    mssecsvc.exe
    52 B
     1
  • 75.35.33.14:445
    mssecsvc.exe
    52 B
     1
  • 10.127.105.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.96.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.101.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.108.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.93.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.98.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.107.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.109.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.110.1:445
    mssecsvc.exe
    52 B
     1
  • 84.57.7.86:445
    mssecsvc.exe
    52 B
     1
  • 10.127.111.1:445
    mssecsvc.exe
    52 B
     1
  • 23.230.64.246:445
    mssecsvc.exe
    52 B
     1
  • 20.201.74.218:445
    mssecsvc.exe
    52 B
     1
  • 126.207.111.175:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.113.1:445
    mssecsvc.exe
    52 B
     1
  • 181.162.227.7:445
    mssecsvc.exe
    52 B
     1
  • 10.127.117.1:445
    mssecsvc.exe
    52 B
     1
  • 164.120.42.94:445
    mssecsvc.exe
    52 B
     1
  • 10.127.118.1:445
    mssecsvc.exe
    52 B
     1
  • 4.186.113.37:445
    mssecsvc.exe
    52 B
     1
  • 10.127.114.1:445
    mssecsvc.exe
    52 B
     1
  • 74.191.219.202:445
    mssecsvc.exe
    52 B
     1
  • 10.127.119.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.112.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.116.1:445
    mssecsvc.exe
    52 B
     1
  • 146.243.130.164:445
    mssecsvc.exe
    52 B
     1
  • 10.127.115.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.120.1:445
    mssecsvc.exe
    52 B
     1
  • 87.92.33.220:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.123.1:445
    mssecsvc.exe
    52 B
     1
  • 151.7.90.207:445
    mssecsvc.exe
    52 B
     1
  • 10.127.121.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.124.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.122.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.125.1:445
    mssecsvc.exe
    52 B
     1
  • 215.229.130.88:445
    mssecsvc.exe
    52 B
     1
  • 10.127.126.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.127.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.128.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.129.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.130.1:445
    mssecsvc.exe
    52 B
     1
  • 186.50.48.196:445
    mssecsvc.exe
    52 B
     1
  • 10.127.131.1:445
    mssecsvc.exe
    52 B
     1
  • 172.70.174.123:445
    mssecsvc.exe
    52 B
     1
  • 10.127.132.1:445
    mssecsvc.exe
    52 B
     1
  • 223.248.218.234:445
    mssecsvc.exe
    52 B
     1
  • 142.196.7.252:445
    mssecsvc.exe
    52 B
     1
  • 209.218.158.210:445
    mssecsvc.exe
    52 B
     1
  • 149.240.6.203:445
    mssecsvc.exe
    52 B
     1
  • 10.127.133.1:445
    mssecsvc.exe
    52 B
     1
  • 96.245.191.82:445
    mssecsvc.exe
    52 B
     1
  • 189.223.91.224:445
    mssecsvc.exe
    52 B
     1
  • 171.119.189.204:445
    mssecsvc.exe
    52 B
     1
  • 153.147.57.190:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.134.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.135.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.143.1:445
    mssecsvc.exe
    52 B
     1
  • 118.102.145.142:445
    mssecsvc.exe
    52 B
     1
  • 10.127.139.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.141.1:445
    mssecsvc.exe
    52 B
     1
  • 2.147.119.199:445
    mssecsvc.exe
    52 B
     1
  • 10.127.136.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.137.1:445
    mssecsvc.exe
    52 B
     1
  • 206.160.77.117:445
    mssecsvc.exe
    52 B
     1
  • 10.127.138.1:445
    mssecsvc.exe
    52 B
     1
  • 176.107.59.185:445
    mssecsvc.exe
    52 B
     1
  • 10.127.140.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.144.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.142.1:445
    mssecsvc.exe
    52 B
     1
  • 29.5.99.86:445
    mssecsvc.exe
    52 B
     1
  • 10.127.145.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.146.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.147.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.148.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.149.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.150.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.151.1:445
    mssecsvc.exe
    52 B
     1
  • 210.5.96.87:445
    mssecsvc.exe
    52 B
     1
  • 10.127.152.1:445
    mssecsvc.exe
    52 B
     1
  • 101.208.118.47:445
    mssecsvc.exe
    52 B
     1
  • 10.127.153.1:445
    mssecsvc.exe
    52 B
     1
  • 99.209.188.185:445
    mssecsvc.exe
    52 B
     1
  • 76.252.30.196:445
    mssecsvc.exe
    52 B
     1
  • 62.81.23.12:445
    mssecsvc.exe
    52 B
     1
  • 77.138.174.163:445
    mssecsvc.exe
    52 B
     1
  • 14.181.62.94:445
    mssecsvc.exe
    52 B
     1
  • 10.127.156.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.154.1:445
    mssecsvc.exe
    52 B
     1
  • 94.37.211.140:445
    mssecsvc.exe
    52 B
     1
  • 80.146.125.245:445
    mssecsvc.exe
    52 B
     1
  • 10.127.160.1:445
    mssecsvc.exe
    52 B
     1
  • 167.212.16.79:445
    mssecsvc.exe
    52 B
     1
  • 10.127.155.1:445
    mssecsvc.exe
    52 B
     1
  • 188.26.101.66:445
    mssecsvc.exe
    52 B
     1
  • 10.127.162.1:445
    mssecsvc.exe
    52 B
     1
  • 156.138.173.20:445
    mssecsvc.exe
    52 B
     1
  • 10.127.164.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.157.1:445
    mssecsvc.exe
    52 B
     1
  • 198.104.57.224:445
    mssecsvc.exe
    52 B
     1
  • 10.127.163.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.165.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.158.1:445
    mssecsvc.exe
    52 B
     1
  • 12.226.24.34:445
    mssecsvc.exe
    52 B
     1
  • 10.127.159.1:445
    mssecsvc.exe
    52 B
     1
  • 115.238.104.228:445
    mssecsvc.exe
    52 B
     1
  • 10.127.161.1:445
    mssecsvc.exe
    52 B
     1
  • 18.181.6.152:445
    mssecsvc.exe
    52 B
     1
  • 10.127.166.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.167.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.168.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.169.1:445
    mssecsvc.exe
    52 B
     1
  • 67.132.183.17:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.170.1:445
    mssecsvc.exe
    52 B
     1
  • 164.70.115.234:445
    mssecsvc.exe
    52 B
     1
  • 10.127.171.1:445
    mssecsvc.exe
    52 B
     1
  • 58.85.135.29:445
    mssecsvc.exe
    52 B
     1
  • 172.53.101.192:445
    mssecsvc.exe
    52 B
     1
  • 80.5.208.44:445
    mssecsvc.exe
    52 B
     1
  • 10.127.176.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.172.1:445
    mssecsvc.exe
    52 B
     1
  • 46.138.169.53:445
    mssecsvc.exe
    52 B
     1
  • 19.104.150.190:445
    mssecsvc.exe
    52 B
     1
  • 40.5.21.102:445
    mssecsvc.exe
    52 B
     1
  • 10.127.173.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.175.1:445
    mssecsvc.exe
    52 B
     1
  • 62.111.246.89:445
    mssecsvc.exe
    52 B
     1
  • 8.240.67.243:445
    mssecsvc.exe
    52 B
     1
  • 10.127.174.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.177.1:445
    mssecsvc.exe
    52 B
     1
  • 216.246.172.240:445
    mssecsvc.exe
    52 B
     1
  • 10.237.252.156:445
    mssecsvc.exe
    52 B
     1
  • 10.127.179.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.181.1:445
    mssecsvc.exe
    52 B
     1
  • 11.202.83.254:445
    mssecsvc.exe
    52 B
     1
  • 154.245.84.13:445
    mssecsvc.exe
    52 B
     1
  • 10.127.184.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.180.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.178.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.182.1:445
    mssecsvc.exe
    52 B
     1
  • 94.75.125.10:445
    mssecsvc.exe
    52 B
     1
  • 167.8.52.115:445
    mssecsvc.exe
    52 B
     1
  • 183.42.173.87:445
    mssecsvc.exe
    52 B
     1
  • 10.127.183.1:445
    mssecsvc.exe
    52 B
     1
  • 200.53.245.110:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.185.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.186.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.187.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.188.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.189.1:445
    mssecsvc.exe
    52 B
     1
  • 72.140.55.63:445
    mssecsvc.exe
    52 B
     1
  • 147.38.29.97:445
    mssecsvc.exe
    52 B
     1
  • 155.165.175.51:445
    mssecsvc.exe
    52 B
     1
  • 10.127.191.1:445
    mssecsvc.exe
    52 B
     1
  • 48.27.85.178:445
    mssecsvc.exe
    52 B
     1
  • 68.20.223.189:445
    mssecsvc.exe
    52 B
     1
  • 204.60.204.43:445
    mssecsvc.exe
    52 B
     1
  • 10.127.192.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.190.1:445
    mssecsvc.exe
    52 B
     1
  • 113.252.122.214:445
    mssecsvc.exe
    52 B
     1
  • 50.194.98.140:445
    mssecsvc.exe
    52 B
     1
  • 10.127.193.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.198.1:445
    mssecsvc.exe
    52 B
     1
  • 4.57.156.142:445
    mssecsvc.exe
    52 B
     1
  • 205.155.245.94:445
    mssecsvc.exe
    52 B
     1
  • 161.52.251.234:445
    mssecsvc.exe
    52 B
     1
  • 10.127.194.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.196.1:445
    mssecsvc.exe
    52 B
     1
  • 33.22.177.118:445
    mssecsvc.exe
    52 B
     1
  • 10.127.197.1:445
    mssecsvc.exe
    52 B
     1
  • 147.240.80.201:445
    mssecsvc.exe
    52 B
     1
  • 10.127.195.1:445
    mssecsvc.exe
    52 B
     1
  • 36.148.224.37:445
    mssecsvc.exe
    52 B
     1
  • 10.127.200.1:445
    mssecsvc.exe
    52 B
     1
  • 166.86.214.27:445
    mssecsvc.exe
    52 B
     1
  • 10.127.199.1:445
    mssecsvc.exe
    52 B
     1
  • 217.150.132.7:445
    mssecsvc.exe
    52 B
     1
  • 21.51.6.131:445
    mssecsvc.exe
    52 B
     1
  • 10.127.205.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.202.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.206.1:445
    mssecsvc.exe
    52 B
     1
  • 179.30.83.84:445
    mssecsvc.exe
    52 B
     1
  • 10.127.204.1:445
    mssecsvc.exe
    52 B
     1
  • 5.178.231.223:445
    mssecsvc.exe
    52 B
     1
  • 10.127.201.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.203.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.207.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.208.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.209.1:445
    mssecsvc.exe
    52 B
     1
  • 91.173.113.101:445
    mssecsvc.exe
    52 B
     1
  • 10.127.210.1:445
    mssecsvc.exe
    52 B
     1
  • 49.131.144.224:445
    mssecsvc.exe
    52 B
     1
  • 138.117.91.205:445
    mssecsvc.exe
    52 B
     1
  • 92.162.171.204:445
    mssecsvc.exe
    52 B
     1
  • 217.164.24.82:445
    mssecsvc.exe
    52 B
     1
  • 34.164.162.149:445
    mssecsvc.exe
    52 B
     1
  • 10.127.211.1:445
    mssecsvc.exe
    52 B
     1
  • 5.158.203.43:445
    mssecsvc.exe
    52 B
     1
  • 3.167.143.49:445
    mssecsvc.exe
    52 B
     1
  • 10.127.215.1:445
    mssecsvc.exe
    52 B
     1
  • 55.195.131.51:445
    mssecsvc.exe
    52 B
     1
  • 10.127.214.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.216.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.213.1:445
    mssecsvc.exe
    52 B
     1
  • 16.5.157.87:445
    mssecsvc.exe
    52 B
     1
  • 10.127.212.1:445
    mssecsvc.exe
    52 B
     1
  • 210.208.147.164:445
    mssecsvc.exe
    52 B
     1
  • 174.125.163.149:445
    mssecsvc.exe
    52 B
     1
  • 10.127.217.1:445
    mssecsvc.exe
    52 B
     1
  • 177.89.20.50:445
    mssecsvc.exe
    52 B
     1
  • 140.44.75.130:445
    mssecsvc.exe
    52 B
     1
  • 88.125.60.62:445
    mssecsvc.exe
    52 B
     1
  • 10.127.221.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.220.1:445
    mssecsvc.exe
    52 B
     1
  • 193.42.129.213:445
    mssecsvc.exe
    52 B
     1
  • 82.60.37.6:445
    mssecsvc.exe
    104 B
     80 B
     2
    2
  • 10.127.222.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.218.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.219.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.223.1:445
    mssecsvc.exe
    52 B
     1
  • 118.253.243.1:445
    mssecsvc.exe
    52 B
     1
  • 67.131.149.124:445
    mssecsvc.exe
    52 B
     1
  • 10.127.227.1:445
    mssecsvc.exe
    52 B
     1
  • 110.141.128.208:445
    mssecsvc.exe
    52 B
     1
  • 168.111.71.241:445
    mssecsvc.exe
    52 B
     1
  • 10.127.230.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.229.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.226.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.224.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.225.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.228.1:445
    mssecsvc.exe
    52 B
     1
  • 7.52.189.17:445
    mssecsvc.exe
    52 B
     1
  • 132.100.116.43:445
    mssecsvc.exe
    52 B
     1
  • 129.10.74.114:445
    mssecsvc.exe
    52 B
     1
  • 10.127.231.1:445
    mssecsvc.exe
    52 B
     1
  • 5.7.37.131:445
    mssecsvc.exe
    52 B
     1
  • 54.12.31.43:445
    mssecsvc.exe
    52 B
     1
  • 87.71.139.254:445
    mssecsvc.exe
    52 B
     1
  • 118.140.189.204:445
    mssecsvc.exe
    52 B
     1
  • 10.127.232.1:445
    mssecsvc.exe
    52 B
     1
  • 191.121.152.233:445
    mssecsvc.exe
    52 B
     1
  • 79.81.186.112:445
    mssecsvc.exe
    52 B
     1
  • 202.24.203.144:445
    mssecsvc.exe
    52 B
     1
  • 10.127.238.1:445
    mssecsvc.exe
    52 B
     1
  • 7.66.240.92:445
    mssecsvc.exe
    52 B
     1
  • 10.127.236.1:445
    mssecsvc.exe
    52 B
     1
  • 3.105.159.158:445
    mssecsvc.exe
    52 B
     1
  • 202.154.184.56:445
    mssecsvc.exe
    52 B
     1
  • 10.127.235.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.240.1:445
    mssecsvc.exe
    52 B
     1
  • 71.125.243.134:445
    mssecsvc.exe
    52 B
     1
  • 10.127.233.1:445
    mssecsvc.exe
    52 B
     1
  • 121.28.26.142:445
    mssecsvc.exe
    52 B
     1
  • 14.247.110.215:445
    mssecsvc.exe
    52 B
     1
  • 10.127.234.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.239.1:445
    mssecsvc.exe
    52 B
     1
  • 147.102.5.174:445
    mssecsvc.exe
    52 B
     1
  • 7.47.67.7:445
    mssecsvc.exe
    52 B
     1
  • 10.127.243.1:445
    mssecsvc.exe
    52 B
     1
  • 196.93.153.15:445
    mssecsvc.exe
    52 B
     40 B
     1
    1
  • 10.127.237.1:445
    mssecsvc.exe
    52 B
     1
  • 128.149.167.188:445
    mssecsvc.exe
    52 B
     1
  • 78.81.251.230:445
    mssecsvc.exe
    52 B
     1
  • 10.127.242.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.241.1:445
    mssecsvc.exe
    52 B
     1
  • 140.91.95.154:445
    mssecsvc.exe
    52 B
     1
  • 204.99.224.55:445
    mssecsvc.exe
    52 B
     1
  • 10.127.245.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.248.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.247.1:445
    mssecsvc.exe
    52 B
     1
  • 53.70.130.88:445
    mssecsvc.exe
    52 B
     1
  • 10.127.244.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.246.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.249.1:445
    mssecsvc.exe
    52 B
     1
  • 10.127.250.1:445
    mssecsvc.exe
    52 B
     1
  • 42.214.208.201:445
    mssecsvc.exe
    52 B
     1
  • 193.251.157.62:445
    mssecsvc.exe
    52 B
     1
  • 196.33.158.100:445
    mssecsvc.exe
    52 B
     1
  • 165.63.104.119:445
    mssecsvc.exe
    52 B
     1
  • 217.86.48.246:445
    mssecsvc.exe
    52 B
     1
  • 10.127.251.1:445
    mssecsvc.exe
    52 B
     1
  • 90.42.78.115:445
    mssecsvc.exe
    52 B
     1
  • 179.204.178.52:445
    mssecsvc.exe
    52 B
     1
  • 218.79.181.3:445
    mssecsvc.exe
    52 B
     1
  • 10.127.253.1:445
    mssecsvc.exe
    52 B
     1
  • 14.54.239.174:445
    mssecsvc.exe
    52 B
     1
  • 45.48.17.38:445
    mssecsvc.exe
    52 B
     1
  • 10.127.255.1:445
    mssecsvc.exe
    52 B
     1
  • 147.106.253.39:445
    mssecsvc.exe
    52 B
     1
  • 10.127.252.1:445
    mssecsvc.exe
    52 B
     1
  • 34.154.191.126:445
    mssecsvc.exe
    52 B
     1
  • 10.127.254.1:445
    mssecsvc.exe
    52 B
     1
  • 113.91.135.30:445
    mssecsvc.exe
    52 B
     1
  • 10.127.0.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.1.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.2.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.3.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.4.2:445
    mssecsvc.exe
    52 B
     1
  • 213.234.80.231:445
    mssecsvc.exe
    52 B
     1
  • 10.127.5.2:445
    mssecsvc.exe
    52 B
     1
  • 170.228.140.200:445
    mssecsvc.exe
    52 B
     1
  • 10.127.6.2:445
    mssecsvc.exe
    52 B
     1
  • 75.177.174.217:445
    mssecsvc.exe
    52 B
     1
  • 10.127.7.2:445
    mssecsvc.exe
    52 B
     1
  • 218.243.167.112:445
    mssecsvc.exe
    52 B
     1
  • 173.98.27.146:445
    mssecsvc.exe
    52 B
     1
  • 10.127.8.2:445
    mssecsvc.exe
    52 B
     1
  • 142.233.90.226:445
    mssecsvc.exe
    52 B
     1
  • 59.150.17.35:445
    mssecsvc.exe
    52 B
     1
  • 10.127.9.2:445
    mssecsvc.exe
    52 B
     1
  • 64.214.5.154:445
    mssecsvc.exe
    52 B
     1
  • 179.214.52.5:445
    mssecsvc.exe
    52 B
     1
  • 10.127.10.2:445
    mssecsvc.exe
    52 B
     1
  • 62.171.69.193:445
    mssecsvc.exe
    52 B
     1
  • 174.67.216.138:445
    mssecsvc.exe
    52 B
     1
  • 10.127.11.2:445
    mssecsvc.exe
    52 B
     1
  • 30.200.194.74:445
    mssecsvc.exe
    52 B
     1
  • 10.127.12.2:445
    mssecsvc.exe
    52 B
     1
  • 215.100.238.72:445
    mssecsvc.exe
    52 B
     1
  • 178.176.30.241:445
    mssecsvc.exe
    52 B
     1
  • 10.127.14.2:445
    mssecsvc.exe
    52 B
     1
  • 49.94.192.15:445
    mssecsvc.exe
    52 B
     1
  • 10.127.15.2:445
    mssecsvc.exe
    52 B
     1
  • 99.73.183.33:445
    mssecsvc.exe
    52 B
     1
  • 213.156.162.123:445
    mssecsvc.exe
    52 B
     1
  • 10.127.13.2:445
    mssecsvc.exe
    52 B
     1
  • 118.184.109.66:445
    mssecsvc.exe
    52 B
     1
  • 148.185.220.14:445
    mssecsvc.exe
    52 B
     1
  • 10.127.16.2:445
    mssecsvc.exe
    52 B
     1
  • 9.115.235.245:445
    mssecsvc.exe
    52 B
     1
  • 199.44.225.235:445
    mssecsvc.exe
    52 B
     1
  • 10.127.17.2:445
    mssecsvc.exe
    52 B
     1
  • 10.118.36.106:445
    mssecsvc.exe
    52 B
     1
  • 143.111.121.185:445
    mssecsvc.exe
    52 B
     1
  • 10.127.20.2:445
    mssecsvc.exe
    52 B
     1
  • 208.245.141.180:445
    mssecsvc.exe
    52 B
     1
  • 52.27.159.87:445
    mssecsvc.exe
    52 B
     1
  • 61.181.205.66:445
    mssecsvc.exe
    52 B
     1
  • 10.127.18.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.19.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.21.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.22.2:445
    mssecsvc.exe
    52 B
     1
  • 176.193.227.111:445
    mssecsvc.exe
    52 B
     1
  • 10.127.23.2:445
    mssecsvc.exe
    52 B
     1
  • 193.166.211.72:445
    mssecsvc.exe
    52 B
     1
  • 10.127.24.2:445
    mssecsvc.exe
    52 B
     1
  • 32.239.172.4:445
    mssecsvc.exe
    52 B
     1
  • 10.127.25.2:445
    mssecsvc.exe
    52 B
     1
  • 10.127.26.2:445
    mssecsvc.exe
    52 B
     1
  • 114.7.15.243:445
    mssecsvc.exe
    52 B
     1
  • 10.127.27.2:445
    mssecsvc.exe
    52 B
     1
  • 142.102.232.246:445
    mssecsvc.exe
    52 B
     1
  • 10.127.28.2:445
    mssecsvc.exe
    52 B
     1
  • 160.115.200.54:445
    mssecsvc.exe
    52 B
     1
  • 10.127.29.2:445
    mssecsvc.exe
    52 B
     1
  • 49.6.72.7:445
    mssecsvc.exe
    52 B
     1
  • 123.136.165.103:445
    mssecsvc.exe
    52 B
     1
  • 10.127.30.2:445
    mssecsvc.exe
    52 B
     1
  • 151.161.238.33:445
    mssecsvc.exe
    52 B
     1
  • 10.127.31.2:445
    mssecsvc.exe
    52 B
     1
  • 194.178.49.206:445
    mssecsvc.exe
    52 B
     1
  • 117.209.170.171:445
    mssecsvc.exe
    52 B
     1
  • 8.8.8.8:53
    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
    dns
    mssecsvc.exe
    95 B
     127 B
     1
    1

    DNS Request

    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

    DNS Response

    104.16.167.228
    104.16.166.228

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvc.exe
    Filesize

    3.6MB

    MD5

    8d8e570963a3830c6ff64fefe63325d6

    SHA1

    26125342a00ed04093f8029d136044c45ca1f01c

    SHA256

    604f887261051ff600b64e91e67da9cc81f319da7799ab108d962767301b3ec6

    SHA512

    2232186b825e3b653c7d82dde2d82a9b81c1ade122f8b2e09595431e7c2672b1a930221f73392ba8fed585884804f251283d424ca15fc5807584dacbd3459ff4

    Download Submit

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    de1122c376513f37fdd353dee6999a9b

    SHA1

    e91b041853e55b05fa148ff7c225e2e5871dfbca

    SHA256

    15c1de7a235b5a493a60f8892ab8f9ab8990526937483f7dffb0ee9f0690e421

    SHA512

    bccc8692352b40812c35c7da150ed5bc99977f9a286f5b072db98fd84d772257aa64185c311c61a5313b8d0b76f2fcf2628a446f51a1285efc0c9edf7667b9f3

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.