0d43acbb159687bdfda23da84ae785677f0a4c14010be48ead657d2b71a359bd

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 16:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MtvP2P.exe
Size

5.9MB
MD5

c256532149bb511a5616b660f1792c3a
SHA1

26d0add6702f18a03b365aec9d95683842a29d59
SHA256

05ba9c02c7871c980a873c7b0f935323f49875a3a536694ddd4f54626c76ca0c
SHA512

d0dfcaef2e0d883c64ede884e224751a5123d9d7593046089cc469f00bfb9e4f592fdfd9c7caa667efb7b5a8681bb681606b1a68bc87446a9b013ac3e49f25c5
SSDEEP

98304:xMGbGTwx49Y7GbHxjtM4wZEx+LYx73CBqGtSfo01T:0wriB8Z2ObKT

Score

6^/10

adware discovery persistence stealer

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eMuleAutoStart = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MtvP2P.exe -AutoStart"	MtvP2P.exe

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}	MtvP2P.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MtvP2P.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{A0867FD1-79E7-456C-8B41-165A2504FD86}"	MtvP2P.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\MenuExt	MtvP2P.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用MTV分享精灵下载	MtvP2P.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用MTV分享精灵下载\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IE2EM.htm"	MtvP2P.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用MTV分享精灵下载\Contexts = "34"	MtvP2P.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2Pmetfile\Shell\Open	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.IE2EMBHO.1\CLSID	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}\ = "IE2EMBHO Class"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}\Programmable	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.ProtMon\CLSID\ = "{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2P\DefaultIcon	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2Pmetfile\Shell\Open\Command	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IE2EM.IE2EMUrlTaker	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48618374-565F-4CA0-B8CD-6F496C997FAF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell\open\command	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.IE2EMBHO\CLSID\ = "{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0867FD1-79E7-456C-8B41-165A2504FD86}	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IE2EM.IE2EMUrlTaker\CurVer\ = "IE2EM.IE2EMUrlTaker.1"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F5497A2-6C8C-45EA-87BC-5A76F2F5E28B}\1.0\0	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F59B9BF7-9A25-4610-B059-4431AB20C3FF}\TypeLib	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\DefaultIcon	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\ = "URL: mp2p Protocol"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2Ppartfile\DefaultIcon	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\modules\\IE2EM.dll"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48618374-565F-4CA0-B8CD-6F496C997FAF}\AppID = "{BCEADC2F-0C89-43F5-8DE9-068B5BC265E2}"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}\ProgID\ = "BHO.ProtMon.1"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F5497A2-6C8C-45EA-87BC-5A76F2F5E28B}\1.0	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F59B9BF7-9A25-4610-B059-4431AB20C3FF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\URL Protocol	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0867FD1-79E7-456C-8B41-165A2504FD86}\Implemented Categories	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2Pmetfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\resource.dll,1"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}\InprocServer32	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.ProtMon	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\MP2PLoader.exe\" \"%1\""	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2Ppartfile\Shell	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F5497A2-6C8C-45EA-87BC-5A76F2F5E28B}	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F59B9BF7-9A25-4610-B059-4431AB20C3FF}\ProxyStubClsid32	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\shell	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2P\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MtvP2P.exe,1"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}\VersionIndependentProgID\ = "BHO.IE2EMBHO"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0867FD1-79E7-456C-8B41-165A2504FD86}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.ProtMon.1\CLSID\ = "{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F5497A2-6C8C-45EA-87BC-5A76F2F5E28B}\1.0\FLAGS\ = "0"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\ProxyStubClsid32	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ed2k	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DM.EMDM\CurVer\ = "DM.EMDM.1"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCEADC2F-0C89-43F5-8DE9-068B5BC265E2}\ = "IE2EM"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IE2EM.IE2EMUrlTaker\ = "IE2EMUrlTaker Class"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48618374-565F-4CA0-B8CD-6F496C997FAF}\Programmable	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48618374-565F-4CA0-B8CD-6F496C997FAF}\InprocServer32\ThreadingModel = "Apartment"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BHO.ProtMon.1	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}\Implemented Categories	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.part\ = "MtvP2Ppartfile"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\ = "IIE2EMUrlTaker"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2P\shell\open	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2P\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\MtvP2P.exe\" \"%1\""	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IE2EM.IE2EMUrlTaker.1\CLSID\ = "{48618374-565F-4CA0-B8CD-6F496C997FAF}"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D15FB88E-B87E-43D1-87C2-D5FF5FA33002}\TypeLib	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\TypeLib	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\TypeLib\ = "{8F5497A2-6C8C-45EA-87BC-5A76F2F5E28B}"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE1A243C-C7CB-4543-AC32-A2D2CA879663}\ProxyStubClsid32	MtvP2P.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\ = "URL: ed2k Protocol"	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtvP2P\shell	MtvP2P.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0867FD1-79E7-456C-8B41-165A2504FD86}\InprocServer32	MtvP2P.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
824	MtvP2P.exe
2416	updater.exe
2416	updater.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2416	824	MtvP2P.exe	85
PID 824 wrote to memory of 2416	824	MtvP2P.exe	85
PID 824 wrote to memory of 2416	824	MtvP2P.exe	85

C:\Users\Admin\AppData\Local\Temp\MtvP2P.exe
"C:\Users\Admin\AppData\Local\Temp\MtvP2P.exe"
1⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:824
- C:\Users\Admin\AppData\Local\Temp\updater.exe
  updater.exe -checkforupdates
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2416

Network

DNS

download.verycd.com

MtvP2P.exe

Remote address:

8.8.8.8:53

Request

download.verycd.com

IN A

Response
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

78.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.190.18.2.in-addr.arpa

IN PTR

Response

78.190.18.2.in-addr.arpa

IN PTR

a2-18-190-78deploystaticakamaitechnologiescom
DNS

www.mtvp2p.com

MtvP2P.exe

Remote address:

8.8.8.8:53

Request

www.mtvp2p.com

IN A

Response

www.mtvp2p.com

IN CNAME

mtvp2p.com

mtvp2p.com

IN A

149.248.0.144
DNS

www.mtv-ktv.com

MtvP2P.exe

Remote address:

8.8.8.8:53

Request

www.mtv-ktv.com

IN A

Response

www.mtv-ktv.com

IN A

149.248.19.231
DNS

mv.28881.com

MtvP2P.exe

Remote address:

8.8.8.8:53

Request

mv.28881.com

IN A

Response
DNS

no7.mtvp2p.com

MtvP2P.exe

Remote address:

8.8.8.8:53

Request

no7.mtvp2p.com

IN A

Response

no7.mtvp2p.com

IN CNAME

mtvp2p.com

mtvp2p.com

IN A

149.248.0.144
DNS

update.mtvp2p.com

updater.exe

Remote address:

8.8.8.8:53

Request

update.mtvp2p.com

IN A

Response

update.mtvp2p.com

IN CNAME

mtvp2p.com

mtvp2p.com

IN A

149.248.0.144
DNS

update.mtvp2p.com

updater.exe

Remote address:

8.8.8.8:53

Request

update.mtvp2p.com

IN A

Response

update.mtvp2p.com

IN CNAME

mtvp2p.com

mtvp2p.com

IN A

149.248.0.144
DNS

85.197.216.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.197.216.188.in-addr.arpa

IN PTR

Response

85.197.216.188.in-addr.arpa

IN PTR

net-188-216-197-85custvodafonedslit
DNS

219.214.65.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.214.65.151.in-addr.arpa

IN PTR

Response
DNS

208.242.10.24.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.242.10.24.in-addr.arpa

IN PTR

Response

208.242.10.24.in-addr.arpa

IN PTR

c-24-10-242-208hsd1utcomcastnet
DNS

174.70.89.114.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.70.89.114.in-addr.arpa

IN PTR

Response
DNS

216.144.19.90.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.144.19.90.in-addr.arpa

IN PTR

Response

216.144.19.90.in-addr.arpa

IN PTR

aorleans-555-1-82-216w90-19abowanadoofr
DNS

39.114.94.111.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.114.94.111.in-addr.arpa

IN PTR

Response

39.114.94.111.in-addr.arpa

IN PTR

fm-dyn-111-94-114-39fastnetid
DNS

151.90.167.111.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.90.167.111.in-addr.arpa

IN PTR

Response

151.90.167.111.in-addr.arpa

IN PTR

dns151onlinetjcn
DNS

37.131.151.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.131.151.79.in-addr.arpa

IN PTR

Response

37.131.151.79.in-addr.arpa

IN PTR

37red-79-151-131 dynamiciprima-tdenet
DNS

35.51.175.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.51.175.95.in-addr.arpa

IN PTR

Response

35.51.175.95.in-addr.arpa

IN PTR

sdip-51-35dipsintervisioncoil
DNS

192.24.242.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.24.242.82.in-addr.arpa

IN PTR

Response

192.24.242.82.in-addr.arpa

IN PTR

pre68-2_migr-82-242-24-192fbxproxadnet
DNS

69.189.187.61.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.189.187.61.in-addr.arpa

IN PTR

Response
DNS

69.170.245.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.170.245.82.in-addr.arpa

IN PTR

Response

69.170.245.82.in-addr.arpa

IN PTR

bgl93-5_migr-82-245-170-69fbxproxadnet
DNS

215.14.76.124.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.14.76.124.in-addr.arpa

IN PTR

Response
DNS

77.95.76.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.95.76.151.in-addr.arpa

IN PTR

Response
DNS

57.244.53.124.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.244.53.124.in-addr.arpa

IN PTR

Response
DNS

105.228.52.90.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.228.52.90.in-addr.arpa

IN PTR

Response

105.228.52.90.in-addr.arpa

IN PTR

lfbn-cle-1-357-105w90-52abowanadoofr
DNS

167.144.91.123.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.144.91.123.in-addr.arpa

IN PTR

Response
DNS

7.139.130.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.139.130.82.in-addr.arpa

IN PTR

Response

7.139.130.82.in-addr.arpa

IN PTR

7 82-130-139dynamicclientes euskalteles
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

137.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.190.18.2.in-addr.arpa

IN PTR

Response

137.190.18.2.in-addr.arpa

IN PTR

a2-18-190-137deploystaticakamaitechnologiescom
DNS

66.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.209.201.84.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

149.248.0.144:80

www.mtvp2p.com

MtvP2P.exe

260 B
200 B
5
5
149.248.19.231:80

www.mtv-ktv.com

MtvP2P.exe

260 B
200 B
5
5
149.248.0.144:4500

no7.mtvp2p.com

MtvP2P.exe

260 B
200 B
5
5
149.248.0.144:80

update.mtvp2p.com

updater.exe

260 B
200 B
5
5
193.169.86.73:4184

MtvP2P.exe

260 B
5
149.248.0.144:80

update.mtvp2p.com

updater.exe

260 B
200 B
5
5
149.248.0.144:80

update.mtvp2p.com

updater.exe

260 B
200 B
5
5

8.8.8.8:53

download.verycd.com

dns

MtvP2P.exe

65 B
139 B
1
1

DNS Request

download.verycd.com
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

78.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

78.190.18.2.in-addr.arpa
10.127.0.1:1900

MtvP2P.exe

2.4kB
15
8.8.8.8:53

www.mtvp2p.com

dns

MtvP2P.exe

60 B
90 B
1
1

DNS Request

www.mtvp2p.com

DNS Response

149.248.0.144
8.8.8.8:53

www.mtv-ktv.com

dns

MtvP2P.exe

61 B
77 B
1
1

DNS Request

www.mtv-ktv.com

DNS Response

149.248.19.231
8.8.8.8:53

mv.28881.com

dns

MtvP2P.exe

58 B
126 B
1
1

DNS Request

mv.28881.com
8.8.8.8:53

no7.mtvp2p.com

dns

MtvP2P.exe

60 B
90 B
1
1

DNS Request

no7.mtvp2p.com

DNS Response

149.248.0.144
8.8.8.8:53

update.mtvp2p.com

dns

updater.exe

63 B
93 B
1
1

DNS Request

update.mtvp2p.com

DNS Response

149.248.0.144
8.8.8.8:53

update.mtvp2p.com

dns

updater.exe

63 B
93 B
1
1

DNS Request

update.mtvp2p.com

DNS Response

149.248.0.144
188.216.197.85:5235

MtvP2P.exe

9.9kB
125
151.65.214.219:31037

MtvP2P.exe

158 B
2
24.10.242.208:6549

MtvP2P.exe

79 B
1
114.89.70.174:19353

MtvP2P.exe

63 B
1
90.19.144.216:25305

MtvP2P.exe

79 B
1
111.94.114.39:6651

MtvP2P.exe

79 B
1
111.167.90.151:2643

MtvP2P.exe

63 B
1
79.151.131.37:4622

MtvP2P.exe

63 B
1
95.175.51.35:7294

MtvP2P.exe

79 B
1
82.242.24.192:18958

MtvP2P.exe

79 B
1
61.187.189.69:30110

MtvP2P.exe

79 B
1
82.245.170.69:49694

MtvP2P.exe

79 B
1
124.76.14.215:7562

MtvP2P.exe

79 B
1
151.76.95.77:42720

MtvP2P.exe

79 B
1
124.53.244.57:4803

MtvP2P.exe

63 B
1
90.52.228.105:10548

MtvP2P.exe

79 B
1
123.91.144.167:2663

MtvP2P.exe

79 B
1
82.130.139.7:64023

MtvP2P.exe

46 B
1
8.8.8.8:53

85.197.216.188.in-addr.arpa

dns

73 B
125 B
1
1

DNS Request

85.197.216.188.in-addr.arpa
8.8.8.8:53

219.214.65.151.in-addr.arpa

dns

73 B
138 B
1
1

DNS Request

219.214.65.151.in-addr.arpa
8.8.8.8:53

208.242.10.24.in-addr.arpa

dns

72 B
121 B
1
1

DNS Request

208.242.10.24.in-addr.arpa
8.8.8.8:53

174.70.89.114.in-addr.arpa

dns

72 B
160 B
1
1

DNS Request

174.70.89.114.in-addr.arpa
8.8.8.8:53

216.144.19.90.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

216.144.19.90.in-addr.arpa
8.8.8.8:53

39.114.94.111.in-addr.arpa

dns

72 B
118 B
1
1

DNS Request

39.114.94.111.in-addr.arpa
8.8.8.8:53

151.90.167.111.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

151.90.167.111.in-addr.arpa
8.8.8.8:53

37.131.151.79.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

37.131.151.79.in-addr.arpa
8.8.8.8:53

35.51.175.95.in-addr.arpa

dns

71 B
118 B
1
1

DNS Request

35.51.175.95.in-addr.arpa
8.8.8.8:53

192.24.242.82.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

192.24.242.82.in-addr.arpa
8.8.8.8:53

69.189.187.61.in-addr.arpa

dns

72 B
136 B
1
1

DNS Request

69.189.187.61.in-addr.arpa
8.8.8.8:53

69.170.245.82.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

69.170.245.82.in-addr.arpa
8.8.8.8:53

215.14.76.124.in-addr.arpa

dns

72 B
160 B
1
1

DNS Request

215.14.76.124.in-addr.arpa
8.8.8.8:53

77.95.76.151.in-addr.arpa

dns

71 B
136 B
1
1

DNS Request

77.95.76.151.in-addr.arpa
8.8.8.8:53

57.244.53.124.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

57.244.53.124.in-addr.arpa
8.8.8.8:53

105.228.52.90.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

105.228.52.90.in-addr.arpa
8.8.8.8:53

167.144.91.123.in-addr.arpa

dns

73 B
132 B
1
1

DNS Request

167.144.91.123.in-addr.arpa
8.8.8.8:53

7.139.130.82.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

7.139.130.82.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

137.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

137.190.18.2.in-addr.arpa
8.8.8.8:53

66.209.201.84.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

66.209.201.84.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\config\cancelled.met

Filesize
5B

MD5
c36685fdc1b9a56002040854db2d653e

SHA1
f83c507c53e69a3e6a9d195d884c88424c68fec3

SHA256
83eafc118ee2ef9073ef3ce2a22a49fe47a950df022806a23ab07bb889db1d6f

SHA512
35da87fac37efa2df13f4c5c1aabfbbbb3121fda9a288a1ce7420f84608c859a7effb05672d73b5b1346984e7b5b3e77f9cb1140adbfdebaa8e0b246647eb760

Download Submit
memory/824-0-0x0000000002AB0000-0x0000000002AD6000-memory.dmp

Filesize
152KB

Download
memory/824-2-0x0000000002BB0000-0x0000000002BE4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.