Analysis

  • max time kernel
    135s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 20:41

General

  • Target

    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe

  • Size

    672KB

  • MD5

    93809be4e500789f082a2ecd330bde8b

  • SHA1

    75e0aae3a939f29e862220b088646d10414d7e12

  • SHA256

    1f7f2749b7b5c96734f5d6186c9be94a3a3cbc4472eaa1630e4e26932d0c0ba0

  • SHA512

    d05dd4090b2a10e77ba3a1cf1c41754d10e297764c4289f8e4e89fccbe1b1e1f2215aacef861a1b632a2fb25e915984f5f96714a0e80ee2f35ff9cdd6c5dff42

  • SSDEEP

    12288:FTNjEc3PR8R0ZdAscJ9AMUxGi3oUw/cnuXMx2JOVawyu6GPr96/zSb9R3/R9maTg:hNjE2PRhgx3AHf3odEuXMx2JOVKuJPrs

Score
10/10

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe"
    1⤵
    • Modifies firewall policy service
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:3428

Network

  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    ws.xcodelib.net
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    Remote address:
    8.8.8.8:53
    Request
    ws.xcodelib.net
    IN A
    Response
  • flag-us
    DNS
    104.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 437546
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 16057A2D4F024930BB063E0EA418B605 Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 592830
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D09626C6BDEF4CF085C29E7A1B5AE8D7 Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 495498
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1F4E33666634433EB65610A5A8436486 Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 500116
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D2B039375D8842088525AEA6BA4EC0AC Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 647849
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 703E5D7E96774A0F841A8C3F88B53B6E Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 525311
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8C01C5678393401AAEA95C9AA0BD9BF2 Ref B: LON601060104034 Ref C: 2024-10-20T20:43:16Z
    date: Sun, 20 Oct 2024 20:43:15 GMT
  • flag-us
    DNS
    138.201.86.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.201.86.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    132.7kB
    3.3MB
    2404
    2397

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    ws.xcodelib.net
    dns
    2024-10-20_93809be4e500789f082a2ecd330bde8b_mafia.exe
    61 B
    135 B
    1
    1

    DNS Request

    ws.xcodelib.net

  • 8.8.8.8:53
    104.209.201.84.in-addr.arpa
    dns
    73 B
    133 B
    1
    1

    DNS Request

    104.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    138.201.86.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    138.201.86.20.in-addr.arpa

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3428-0-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.