Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23/09/2024, 23:20 UTC

General

  • Target

    Enquiry 88210103.exe

  • Size

    551KB

  • MD5

    86e68a876e55e70275d6759c10de5345

  • SHA1

    0a15cf065fe62814d1c7bdb09508f99699e0b8ec

  • SHA256

    20cd59764483a62bfcf3d0b85cb92a3ba2dfcb1ef9303c3cef574ef9def84fcf

  • SHA512

    b9632c31b47c489629bbb74e94493aa4c79f76204cdfa569aedbd957e2f11a159b390a700528f7abb1af3578a4d188b4e703162b769328dfd9b2abb11360500d

  • SSDEEP

    12288:Pd+24kzKDSd1JqakAuiJurlPQFfA0xYsPzDtl8wYge:r4kpqaWiJMPQFY0xvPzDf9

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7519296385:AAFFI2mxNdfa3ltOQw6_L0rzJGbiW-4SUz4/sendMessage?chat_id=5116181161

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

  • Snake Keylogger payload 5 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe
    "C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2472
    • C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe
      "C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe"
      2⤵
        PID:2772
      • C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe
        "C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe"
        2⤵
          PID:948
        • C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe
          "C:\Users\Admin\AppData\Local\Temp\Enquiry 88210103.exe"
          2⤵
          • Accesses Microsoft Outlook profiles
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • outlook_office_path
          • outlook_win_path
          PID:1484

      Network

      • flag-us
        DNS
        checkip.dyndns.org
        Enquiry 88210103.exe
        Remote address:
        8.8.8.8:53
        Request
        checkip.dyndns.org
        IN A
        Response
        checkip.dyndns.org
        IN CNAME
        checkip.dyndns.com
        checkip.dyndns.com
        IN A
        193.122.6.168
        checkip.dyndns.com
        IN A
        158.101.44.242
        checkip.dyndns.com
        IN A
        132.226.8.169
        checkip.dyndns.com
        IN A
        132.226.247.73
        checkip.dyndns.com
        IN A
        193.122.130.0
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:28 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 2823bb71ea7ae4d78aff0f37b781bcd5
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:30 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 751b735ef64e6ec5bdf93efd414c1c99
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:36 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 99887d4e6eb486417238727e882db123
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:39 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 0332712918db426141b17748975ddf03
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:42 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 9e364c52a3b5547ce1a24c3482d38cf4
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:44 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: c8bd2d0be387093ba0c01025301cdb3f
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:47 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: f2fcc9c454996e0e0631b31e4cbd877d
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:50 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: aedf648c0d0d9240ddeb79d6933658cb
      • flag-de
        GET
        http://checkip.dyndns.org/
        Enquiry 88210103.exe
        Remote address:
        193.122.6.168:80
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
        Host: checkip.dyndns.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:54 GMT
        Content-Type: text/html
        Content-Length: 105
        Connection: keep-alive
        Cache-Control: no-cache
        Pragma: no-cache
        X-Request-ID: 31c101f0f4e322b08b04f1821db3ee96
      • flag-us
        DNS
        reallyfreegeoip.org
        Enquiry 88210103.exe
        Remote address:
        8.8.8.8:53
        Request
        reallyfreegeoip.org
        IN A
        Response
        reallyfreegeoip.org
        IN A
        104.21.67.152
        reallyfreegeoip.org
        IN A
        172.67.177.134
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:33 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79255
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v9GqVNhqtyPYWy6iB11QIcIeyyRnLPW6H6w0Ggnb0MUEZ7%2BQw4vqpyLHMW1Pf3vSMI%2FIhvah2MygxXH69%2B8DHWbqxoRKe2jyBxChi9hj4C%2Fu5XOreKOhYeYdgK3GXvrZk4OhrACo"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e441bbff4406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:36 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79258
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6f1A3P1Z87mCsvqYHIelyk1c%2Fwqt%2FzWoaEtHlY%2BxCp6MuVJeb08COrQOIPOt8AtASgVy7L%2F603MTShA5AgG4h37VnexJ8iA3waudwPbbRn7NJ5LinM2B6h16Q42SDSRwpJINLseT"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e442cf85d406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:39 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79261
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6zVhyzVtdewfUZSAbhxKNXkeXpOc%2Btrdda%2Bo20SnNpMRTt3utvFKioJYSqUjkc5ggjoxmE1NTcCB7AC%2BgpeyeM3jSMqqXO4mMrgs3g1URsb0I6YBobzAmbDnp1z8cXVNqnn29Dd"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e443e993a406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:42 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79264
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=crmzlVQzwsh9sDhgS9xN%2F3fB%2FLr0IEneIImVLYwuRLAuKBSWeIJVoiNoj8vJNayhqB7C%2FaInU2OEdA27WDBXTe1xlkx5GMijuFpauiEYZR2fqpyM3WAzuZx1Z5dF5CKY%2B0SXl7iu"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e444fd8d2406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:44 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79266
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJ0GonD9okgkt0QT9Apm7VFUhhTkHlno7xLNAWTFzHhBaU6WodfY%2BQcIuvxgkJzZKQ2rnapBR0LmYnUAbHK1Y212iI41Lsg%2B9IhPlXNZzC1l1S52i1c143vJdiuw3iMGQJ%2FWH8Bj"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e44610ff5406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:47 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79269
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWKNcJbUtAdF2DcQREhoT63iFbo0uEOFtuwi2HswBQcToTNF1VKWb5cvB1EN8NH9wLSJXljbOEsv3R5MB8nIC2XYcff23HBhYUOcvMKa24R9mlOire58XlKdEnjubCiPYwW3neTq"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e44725f69406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:50 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79272
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KOlx5dvZo3eLWdrVmwPbZDB60m3vvLTXd%2FVUi4dkcwAUhmWG6L94ImLrjuqADWIKBOl6uiDIwz0si%2FwcquMGcrFMO8wtl6hbQkTd48EI3TBD1coMLXJisLGXduDWRs2rhQydIMU"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e44839ef3406b-LHR
      • flag-us
        GET
        https://reallyfreegeoip.org/xml/194.110.13.70
        Enquiry 88210103.exe
        Remote address:
        104.21.67.152:443
        Request
        GET /xml/194.110.13.70 HTTP/1.1
        Host: reallyfreegeoip.org
        Response
        HTTP/1.1 200 OK
        Date: Mon, 23 Sep 2024 23:20:54 GMT
        Content-Type: application/xml
        Transfer-Encoding: chunked
        Connection: keep-alive
        access-control-allow-origin: *
        vary: Accept-Encoding
        Cache-Control: max-age=86400
        CF-Cache-Status: HIT
        Age: 79276
        Last-Modified: Mon, 23 Sep 2024 01:19:38 GMT
        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BX%2FIGzviV7MfGIEsbvhY%2BLsr87vS82phVcWejOjc%2FZEVtMmc6cO0hPg7gGbnU5gS42Xs69czuLL0U0l5%2FvAWVvWxGr6JiTc6Dg%2FW8Qmr3zShHOzbL4bh9WiZZUpWKM10SZSmIfuA"}],"group":"cf-nel","max_age":604800}
        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
        Server: cloudflare
        CF-RAY: 8c7e449af999406b-LHR
      • 193.122.6.168:80
        http://checkip.dyndns.org/
        http
        Enquiry 88210103.exe
        2.1kB
        3.5kB
        22
        16

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200

        HTTP Request

        GET http://checkip.dyndns.org/

        HTTP Response

        200
      • 104.21.67.152:443
        https://reallyfreegeoip.org/xml/194.110.13.70
        tls, http
        Enquiry 88210103.exe
        2.1kB
        12.5kB
        23
        23

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200

        HTTP Request

        GET https://reallyfreegeoip.org/xml/194.110.13.70

        HTTP Response

        200
      • 8.8.8.8:53
        checkip.dyndns.org
        dns
        Enquiry 88210103.exe
        64 B
        176 B
        1
        1

        DNS Request

        checkip.dyndns.org

        DNS Response

        193.122.6.168
        158.101.44.242
        132.226.8.169
        132.226.247.73
        193.122.130.0

      • 8.8.8.8:53
        reallyfreegeoip.org
        dns
        Enquiry 88210103.exe
        65 B
        97 B
        1
        1

        DNS Request

        reallyfreegeoip.org

        DNS Response

        104.21.67.152
        172.67.177.134

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1484-18-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/1484-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

      • memory/1484-24-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/1484-23-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/1484-20-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/1484-15-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-7-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-17-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-13-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-8-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-9-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/1484-10-0x0000000000400000-0x0000000000426000-memory.dmp

        Filesize

        152KB

      • memory/2136-5-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/2136-1-0x0000000000160000-0x00000000001F0000-memory.dmp

        Filesize

        576KB

      • memory/2136-6-0x0000000005290000-0x00000000052F8000-memory.dmp

        Filesize

        416KB

      • memory/2136-0-0x000000007468E000-0x000000007468F000-memory.dmp

        Filesize

        4KB

      • memory/2136-19-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      • memory/2136-4-0x000000007468E000-0x000000007468F000-memory.dmp

        Filesize

        4KB

      • memory/2136-3-0x00000000004C0000-0x00000000004D2000-memory.dmp

        Filesize

        72KB

      • memory/2136-2-0x0000000074680000-0x0000000074D6E000-memory.dmp

        Filesize

        6.9MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.