Analysis

  • max time kernel
    97s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 01:36 UTC

General

  • Target

    eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe

  • Size

    132KB

  • MD5

    eed37cf09b9398aabcea83bb3f233d13

  • SHA1

    c3267753b2ddc763153bea9beddd009402ccf3c6

  • SHA256

    9879b1e44c666011159838b2f07443af399d950842afef9e27668bfff5817546

  • SHA512

    6b5ea3cf3464336d0bfc30d219dd8fc34ac51f666a0815a70f6d3c65f04018bb1fc0efa17276f114bb3994327025b7f855006b466cf4e431fd37dd86ff11c96e

  • SSDEEP

    3072:AXMH+xXy+URljrFQCKkJm+kS0w+xhMGE8gZMp9gx:ApX+FQCKkJaNZbpI

Score
10/10

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
      • C:\Windows\system32\fontdrvhost.exe
        "fontdrvhost.exe"
        2⤵
          PID:768
        • C:\Windows\system32\dwm.exe
          "dwm.exe"
          2⤵
            PID:1012
        • C:\Windows\system32\lsass.exe
          C:\Windows\system32\lsass.exe
          1⤵
            PID:668
          • C:\Windows\system32\fontdrvhost.exe
            "fontdrvhost.exe"
            1⤵
              PID:772
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch -p
              1⤵
                PID:784
                • C:\Windows\system32\wbem\unsecapp.exe
                  C:\Windows\system32\wbem\unsecapp.exe -Embedding
                  2⤵
                    PID:3156
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    2⤵
                      PID:3864
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      2⤵
                        PID:3960
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        2⤵
                          PID:4024
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          2⤵
                            PID:1036
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            2⤵
                              PID:3544
                            • C:\Windows\System32\RuntimeBroker.exe
                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                              2⤵
                                PID:440
                              • C:\Windows\system32\SppExtComObj.exe
                                C:\Windows\system32\SppExtComObj.exe -Embedding
                                2⤵
                                  PID:1468
                                • C:\Windows\system32\DllHost.exe
                                  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                  2⤵
                                    PID:3576
                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                    2⤵
                                      PID:4848
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k RPCSS -p
                                    1⤵
                                      PID:892
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                      1⤵
                                        PID:940
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                        1⤵
                                          PID:412
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
                                          1⤵
                                            PID:908
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                            1⤵
                                              PID:1060
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                              1⤵
                                                PID:1064
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                1⤵
                                                  PID:1080
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                  1⤵
                                                    PID:1236
                                                    • C:\Windows\system32\taskhostw.exe
                                                      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                      2⤵
                                                        PID:2868
                                                      • C:\Windows\system32\MusNotification.exe
                                                        C:\Windows\system32\MusNotification.exe
                                                        2⤵
                                                          PID:3300
                                                      • C:\Windows\System32\svchost.exe
                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                        1⤵
                                                          PID:1252
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                          1⤵
                                                            PID:1272
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                            1⤵
                                                              PID:1348
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                              1⤵
                                                                PID:1360
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                1⤵
                                                                  PID:1480
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                  1⤵
                                                                    PID:1512
                                                                  • C:\Windows\System32\svchost.exe
                                                                    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                                    1⤵
                                                                      PID:1520
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                                      1⤵
                                                                        PID:1572
                                                                        • C:\Windows\system32\sihost.exe
                                                                          sihost.exe
                                                                          2⤵
                                                                            PID:2700
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                          1⤵
                                                                            PID:1648
                                                                          • C:\Windows\System32\svchost.exe
                                                                            C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                                            1⤵
                                                                              PID:1700
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                              1⤵
                                                                                PID:1748
                                                                              • C:\Windows\System32\svchost.exe
                                                                                C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                                                1⤵
                                                                                  PID:1804
                                                                                • C:\Windows\System32\svchost.exe
                                                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                  1⤵
                                                                                    PID:1832
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                                    1⤵
                                                                                      PID:1948
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                                      1⤵
                                                                                        PID:1996
                                                                                      • C:\Windows\System32\svchost.exe
                                                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                        1⤵
                                                                                          PID:2008
                                                                                        • C:\Windows\System32\svchost.exe
                                                                                          C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                          1⤵
                                                                                            PID:1736
                                                                                          • C:\Windows\System32\spoolsv.exe
                                                                                            C:\Windows\System32\spoolsv.exe
                                                                                            1⤵
                                                                                              PID:2124
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                                              1⤵
                                                                                                PID:2160
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                                1⤵
                                                                                                  PID:2228
                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                  C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                                                                  1⤵
                                                                                                    PID:2260
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                                    1⤵
                                                                                                      PID:2320
                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                      1⤵
                                                                                                        PID:2540
                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                                                        1⤵
                                                                                                          PID:2552
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                                          1⤵
                                                                                                            PID:2720
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                                                            1⤵
                                                                                                              PID:2804
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                              1⤵
                                                                                                                PID:2844
                                                                                                              • C:\Windows\sysmon.exe
                                                                                                                C:\Windows\sysmon.exe
                                                                                                                1⤵
                                                                                                                  PID:2856
                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                                                                  1⤵
                                                                                                                    PID:2904
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                                                    1⤵
                                                                                                                      PID:2928
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                                                      1⤵
                                                                                                                        PID:2960
                                                                                                                      • C:\Windows\Explorer.EXE
                                                                                                                        C:\Windows\Explorer.EXE
                                                                                                                        1⤵
                                                                                                                          PID:3508
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe"
                                                                                                                            2⤵
                                                                                                                            • Modifies firewall policy service
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            • Suspicious behavior: MapViewOfSection
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            • Suspicious use of WriteProcessMemory
                                                                                                                            PID:4280
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                          1⤵
                                                                                                                            PID:3516
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                            1⤵
                                                                                                                              PID:3684
                                                                                                                            • C:\Windows\System32\svchost.exe
                                                                                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                              1⤵
                                                                                                                                PID:4100
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                1⤵
                                                                                                                                  PID:1456
                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                  1⤵
                                                                                                                                    PID:2912
                                                                                                                                  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                    1⤵
                                                                                                                                      PID:1932
                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                      C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                      1⤵
                                                                                                                                        PID:4748
                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                        1⤵
                                                                                                                                          PID:2180
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                          1⤵
                                                                                                                                            PID:4432

                                                                                                                                          Network

                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            8.8.8.8.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            8.8.8.8.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                            8.8.8.8.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            dnsgoogle
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            217.106.137.52.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            217.106.137.52.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            ilo.brenz.pl
                                                                                                                                            eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            ilo.brenz.pl
                                                                                                                                            IN A
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            ant.trenz.pl
                                                                                                                                            eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            ant.trenz.pl
                                                                                                                                            IN A
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            172.210.232.199.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            172.210.232.199.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            73.159.190.20.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            73.159.190.20.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            13.86.106.20.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            13.86.106.20.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            95.221.229.192.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            95.221.229.192.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            198.187.3.20.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            198.187.3.20.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            172.214.232.199.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            172.214.232.199.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                            Response
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                          • flag-us
                                                                                                                                            DNS
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            Dnscache
                                                                                                                                            Remote address:
                                                                                                                                            8.8.8.8:53
                                                                                                                                            Request
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            IN PTR
                                                                                                                                          • 83.133.119.197:80
                                                                                                                                            eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                                            156 B
                                                                                                                                            3
                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            8.8.8.8.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            66 B
                                                                                                                                            90 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            8.8.8.8.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            217.106.137.52.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            73 B
                                                                                                                                            147 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            217.106.137.52.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            ilo.brenz.pl
                                                                                                                                            dns
                                                                                                                                            eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                                            58 B
                                                                                                                                            58 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            ilo.brenz.pl

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            ant.trenz.pl
                                                                                                                                            dns
                                                                                                                                            eed37cf09b9398aabcea83bb3f233d13_JaffaCakes118.exe
                                                                                                                                            58 B
                                                                                                                                            58 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            ant.trenz.pl

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            172.210.232.199.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            74 B
                                                                                                                                            128 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            172.210.232.199.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            73.159.190.20.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            72 B
                                                                                                                                            158 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            73.159.190.20.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            13.86.106.20.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            71 B
                                                                                                                                            157 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            13.86.106.20.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            95.221.229.192.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            73 B
                                                                                                                                            144 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            95.221.229.192.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            70 B
                                                                                                                                            144 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            86.23.85.13.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            198.187.3.20.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            71 B
                                                                                                                                            157 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            198.187.3.20.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            172.214.232.199.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            74 B
                                                                                                                                            128 B
                                                                                                                                            1
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            172.214.232.199.in-addr.arpa

                                                                                                                                          • 8.8.8.8:53
                                                                                                                                            48.229.111.52.in-addr.arpa
                                                                                                                                            dns
                                                                                                                                            Dnscache
                                                                                                                                            288 B
                                                                                                                                            158 B
                                                                                                                                            4
                                                                                                                                            1

                                                                                                                                            DNS Request

                                                                                                                                            48.229.111.52.in-addr.arpa

                                                                                                                                            DNS Request

                                                                                                                                            48.229.111.52.in-addr.arpa

                                                                                                                                            DNS Request

                                                                                                                                            48.229.111.52.in-addr.arpa

                                                                                                                                            DNS Request

                                                                                                                                            48.229.111.52.in-addr.arpa

                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                          Replay Monitor

                                                                                                                                          Loading Replay Monitor...

                                                                                                                                          Downloads

                                                                                                                                          • memory/4280-0-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            136KB

                                                                                                                                          • memory/4280-1-0x0000000077952000-0x0000000077953000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4280-3-0x0000000077953000-0x0000000077954000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4280-2-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            48KB

                                                                                                                                          • memory/4280-4-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            48KB

                                                                                                                                          • memory/4280-7-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            48KB

                                                                                                                                          • memory/4280-9-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            136KB

                                                                                                                                          We care about your privacy.

                                                                                                                                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.