Overview

overview

10

Static

static

10

0297bbb0f0...ee.exe

windows7-x64

3

0297bbb0f0...ee.exe

windows10-2004-x64

3

15aeb8380c...71.exe

windows7-x64

10

15aeb8380c...71.exe

windows10-2004-x64

10

1820a0542f...34.dll

windows7-x64

10

1820a0542f...34.dll

windows10-2004-x64

10

1df11bc19a...ad.exe

windows7-x64

5

1df11bc19a...ad.exe

windows10-2004-x64

5

22934e006b...e7.exe

windows7-x64

3

22934e006b...e7.exe

windows10-2004-x64

3

24989d884f...b7.exe

windows7-x64

10

24989d884f...b7.exe

windows10-2004-x64

10

2828fabf39...65.dll

windows7-x64

1

2828fabf39...65.dll

windows10-2004-x64

1

32b0fbaf95...08.exe

windows7-x64

10

32b0fbaf95...08.exe

windows10-2004-x64

10

4bf2dace8a...d7.exe

windows7-x64

10

4bf2dace8a...d7.exe

windows10-2004-x64

10

55d03f9954...44.dll

windows7-x64

10

55d03f9954...44.dll

windows10-2004-x64

10

5e58e3818a...cb.exe

windows7-x64

10

5e58e3818a...cb.exe

windows10-2004-x64

10

611cf2be67...47.exe

windows7-x64

10

611cf2be67...47.exe

windows10-2004-x64

10

654e574fb4...01.exe

windows7-x64

3

654e574fb4...01.exe

windows10-2004-x64

3

6f4ac0da34...a5.exe

windows7-x64

9

6f4ac0da34...a5.exe

windows10-2004-x64

9

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Resubmissions

04/10/2024, 16:44 UTC

241004-t8yv3syhpd 10

27/09/2024, 16:54 UTC

240927-vepkzsvbre 10

27/09/2024, 16:44 UTC

240927-t86wpavard 10

04/08/2024, 18:04 UTC

240804-wnq1vawbpg 10

03/08/2024, 17:26 UTC

240803-vzvbzazekn 10

03/08/2024, 16:14 UTC

240803-tpp4tsshqa 10

03/08/2024, 15:52 UTC

240803-tbarzsseqc 10

31/07/2024, 19:40 UTC

240731-ydk3yszdpq 10

31/07/2024, 10:53 UTC

240731-my145atfmf 10

Analysis

  • max time kernel
    1742s
  • max time network
    1747s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 16:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344.dll

  • Size

    231KB

  • MD5

    ee28a178e3aacfa1398ca74a9bc1822e

  • SHA1

    193bc249bac79c0a195e736c62de5ec16e5ef38d

  • SHA256

    55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344

  • SHA512

    3f0dbbbda0cba4a32fe49fd7941d3fa640a8b7aeec56a3f584d519593de68e4acf8036c651cd469e386a32c5465521035dccebb6f3732f7893be552803d48353

  • SSDEEP

    3072:ktkuGh43+xNkZ4I0+NFS1I74Y61cyJDz/+6BjbkJuWg349uoZaOG/mf3vfUgrfQj:FMZ4P+NEc4zYgV9QFhP0grf0dd

Score
10/10
icedid1677747888bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1677747888

C2

jeliskvosh.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4836

Network

  • flag-us
    DNS
    aws.amazon.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    aws.amazon.com
    IN A
    Response
    aws.amazon.com
    IN CNAME
    tp.8e49140c2-frontier.amazon.com
    tp.8e49140c2-frontier.amazon.com
    IN CNAME
    dr49lng3n1n2s.cloudfront.net
    dr49lng3n1n2s.cloudfront.net
    IN A
    18.173.233.49
    dr49lng3n1n2s.cloudfront.net
    IN A
    18.173.233.81
    dr49lng3n1n2s.cloudfront.net
    IN A
    18.173.233.64
    dr49lng3n1n2s.cloudfront.net
    IN A
    18.173.233.19
  • flag-de
    GET
    https://aws.amazon.com/
    regsvr32.exe
    Remote address:
    18.173.233.49:443
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Host: aws.amazon.com
    Response
    HTTP/1.1 200
    Content-Type: text/html;charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Date: Fri, 04 Oct 2024 16:44:57 GMT
    Set-Cookie: aws-priv=eyJ2IjoxLCJldSI6MCwic3QiOjB9; Version=1; Comment="Anonymous cookie for privacy regulations"; Domain=.aws.amazon.com; Max-Age=31536000; Expires=Sat, 04 Oct 2025 16:44:57 GMT; Path=/; Secure
    Set-Cookie: aws_lang=en; Domain=.amazon.com; Path=/
    X-Content-Type-Options: nosniff
    Server: Server
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Strict-Transport-Security: max-age=63072000
    x-amz-id-1: B050A08109A84CD58F89
    Last-Modified: Thu, 26 Sep 2024 01:29:51 GMT
    vary: accept-encoding
    X-Cache: Miss from cloudfront
    Via: 1.1 158fcfe21f7e6b2462341c797edc267c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: DUS51-P3
    X-Amz-Cf-Id: hXOpy8yp3a0mhEs9tUd9eQs-mFxFa0IVrHnZ9-yJzc4jLFWd9qGeWw==
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    49.233.173.18.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    49.233.173.18.in-addr.arpa
    IN PTR
    Response
    49.233.173.18.in-addr.arpa
    IN PTR
    server-18-173-233-49dus51r cloudfrontnet
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    5.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    5.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • flag-us
    DNS
    jeliskvosh.com
    regsvr32.exe
    Remote address:
    8.8.8.8:53
    Request
    jeliskvosh.com
    IN A
    Response
  • 18.173.233.49:443
    https://aws.amazon.com/
    tls, http
    regsvr32.exe
    24.7kB
     1.1MB
     481
    791

    HTTP Request

    GET https://aws.amazon.com/

    HTTP Response

    200
  • 8.8.8.8:53
    aws.amazon.com
    dns
    regsvr32.exe
    60 B
     202 B
     1
    1

    DNS Request

    aws.amazon.com

    DNS Response

    18.173.233.49
    18.173.233.81
    18.173.233.64
    18.173.233.19

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    49.233.173.18.in-addr.arpa
    dns
    72 B
     129 B
     1
    1

    DNS Request

    49.233.173.18.in-addr.arpa

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    67.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    67.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    5.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    5.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    60 B
     133 B
     1
    1

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

  • 8.8.8.8:53
    jeliskvosh.com
    dns
    regsvr32.exe
    120 B
     266 B
     2
    2

    DNS Request

    jeliskvosh.com

    DNS Request

    jeliskvosh.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4836-0-0x0000000002360000-0x00000000023C3000-memory.dmp

    Filesize

    396KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.