Analysis Overview
SHA256
a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717
Threat Level: Known bad
The file a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717 was found to be: Known bad.
Malicious Activity Summary
MetamorpherRAT
Metamorpherrat family
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Uses the VBS compiler for execution
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 02:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 02:18
Reported
2024-11-05 02:21
Platform
win7-20241010-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpC9D4.tmp.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmpC9D4.tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe
"C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vgqtzoqm.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC93.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCC92.tmp"
C:\Users\Admin\AppData\Local\Temp\tmpC9D4.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpC9D4.tmp.exe" C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
Files
memory/2044-0-0x0000000074B31000-0x0000000074B32000-memory.dmp
memory/2044-1-0x0000000074B30000-0x00000000750DB000-memory.dmp
memory/2044-2-0x0000000074B30000-0x00000000750DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vgqtzoqm.cmdline
| MD5 | cae5baf3185884ada003ad519e54241f |
| SHA1 | a949f72a347ff135209604a5eb8ecb3839357db6 |
| SHA256 | b525065aaca49859a7adf0a21347ea2a496a099fb0b4b88e04bcd2188d1a8c53 |
| SHA512 | d5e544c1a55c4927e4c39cb6fc4195e6d59e2acfaa653b7b3947ec0f99c0c787bea772f577a01511f7031a8d89fc966c1c617f1ad4c8c1a777de306427077ecc |
memory/832-8-0x0000000074B30000-0x00000000750DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vgqtzoqm.0.vb
| MD5 | 25e8765c450627d1d61562a2e7ee5b7f |
| SHA1 | fd79f9ad394d5f5a6e100672110fbbe3f47b2015 |
| SHA256 | 215ceded248be38b47964dc2e62f91f3e54d798a75b6d613deeb74ecde9703c8 |
| SHA512 | 13a12e2066a31513587a87e3be780210b977d7a27d7a63d960582202590bbfe90e1edec26d4aee1d82831adea3452f887dbd4cf0334f65a1204de9244293a651 |
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\vbcCC92.tmp
| MD5 | a82aba3387c64a0534fab917507ad27b |
| SHA1 | 9eb37512dadfbc29c6d9b54c581ff71be4ba01a7 |
| SHA256 | a6b6dd9184b620ee61d9b0052057f01f3b27f73c4ae7af09968406162905ed8f |
| SHA512 | 20cafcb5cbdb9114f2c0342cf32bc6417a7175925de99a7e7fad2c8c46c01cac82726721bcd3e2a4b513efc249c35d4fd6d4a852d328be88176c037db0d6ace7 |
C:\Users\Admin\AppData\Local\Temp\RESCC93.tmp
| MD5 | fc252449eed04522ae6d45d02b4b6dfb |
| SHA1 | 6c1e4bd0b8a35aed58744bd04f64654a334c5ea3 |
| SHA256 | 20918fd1a554cbbd4f0be9d9032008b96500358330c55b7158a8d8a106cf1b8e |
| SHA512 | 38f1c3b4e9293a11cf0017d03467e7959e25a06ffd445e8399fe2bd5d8498f449b1c9b9255c02b2ef5e9fd25ca1e7fe2371e462834de65cadbf7d5fee56868e2 |
memory/832-18-0x0000000074B30000-0x00000000750DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpC9D4.tmp.exe
| MD5 | 92cb6e333b6de587a634b62c578caffb |
| SHA1 | 8209c41555c27b93f473c6cec0d49fc0052ac347 |
| SHA256 | db6a07d969c13575f20e1b86b7d4830839933694dfe2061dee32ab55175ac82c |
| SHA512 | 7000829f6caa887078543bd65c4b7ab7e01c5b054abee09efb75e58fff9db878d6b7a142aa23e482475f18b20e3d59238c54111078fbdef704af9798a9be03aa |
memory/2044-24-0x0000000074B30000-0x00000000750DB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-05 02:18
Reported
2024-11-05 02:22
Platform
win10v2004-20241007-en
Max time kernel
151s
Max time network
160s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe
"C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3xk0agj7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC63E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9D985503EEB466EBF5D6C6AC9CB9FD.TMP"
C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe" C:\Users\Admin\AppData\Local\Temp\a86310cc5fa3eabb4347511ed37abddb2028ecad774fea2ec88938bc2f323717.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
Files
memory/4820-0-0x00000000747D2000-0x00000000747D3000-memory.dmp
memory/4820-1-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/4820-2-0x00000000747D0000-0x0000000074D81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3xk0agj7.cmdline
| MD5 | fb2d06b3aa014faa6b54b75aff6ec788 |
| SHA1 | c3a554cdbbc44d33b8f7eb49eefb85cbd92c5a7b |
| SHA256 | 5587ddb6b2c2fd1e48250d4bcdf3751bcaee74819f613e742a62bc0346a53042 |
| SHA512 | 63c56be3808424c0710bcb2f49fd138045c8c67c79827e50940640ca8a2d86b3fd4d1e489228441daee12027321a751d12592fb6a54b7e1dd4ef1d4c39af7ad6 |
memory/3296-8-0x00000000747D0000-0x0000000074D81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3xk0agj7.0.vb
| MD5 | b348347b96c52ff2f3290e2ef72fbcfd |
| SHA1 | 594315cce2c0f62c75e78eac335cf3b354f45e1b |
| SHA256 | 4121c5bae48a46b3831b61afc0101c8c7208c4f0e5f7c4760f92c1b9ad87da80 |
| SHA512 | c54b6c38a06e35e1f06e1ab1972734eccea1e1e477225fc4592b2ef53aa69a9c5c7c837f9cc2910a9e23e6a5742a6d0e764d61029fdc207dd919219bce09e205 |
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\vbc9D985503EEB466EBF5D6C6AC9CB9FD.TMP
| MD5 | 2e3d2a2fe7044fc4ce0dd0191be1e344 |
| SHA1 | 3939e1b5723e10acb6b3b9a404c66ae4941ed733 |
| SHA256 | 91b3108461e8862a43601a2f7c82f7c9126422cca9de35ea659f1b0d1e001a1d |
| SHA512 | b3a8ebbb8b7886cb1efbb27a9a3afbf80259e1fd75a4c5b8ebef3fbdf0da89e8e2f01b00911e452c3a6078982986e12647f854048ab2c02cac23831f2976677b |
C:\Users\Admin\AppData\Local\Temp\RESC63E.tmp
| MD5 | 82746393d8eee26e54f05b1512971330 |
| SHA1 | a34dc817d6650786a369bd1084b9a0923a29284b |
| SHA256 | d1a5397567f882bc498a33f17f093a49f9888f0f1638751f0d47cd63baa01d24 |
| SHA512 | 8e6302f8da036c8c1ac14eae0a5496f2c8b3d8b33611c99348f52864ced9c0898b9b8c6a81c823c2d76df3015f8b467471fe450139129e449c0299e049d8ae76 |
memory/3296-18-0x00000000747D0000-0x0000000074D81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpBF1A.tmp.exe
| MD5 | 54375c1902b874cd1b7b6071a7b35571 |
| SHA1 | cfae6795dff6cfdb2d06ccdf800e30f41839433b |
| SHA256 | 34cd9d96c7f58ce651bbeaa0050c2a01e433d2f445455ec7f732cd4b1d21d90d |
| SHA512 | aa36465ee2b5ccf0d3b4e42c6cd0f81662301ac038ef834b13970fa2e2d1aeff0ac5393f90f63c13ecd8c4201e5a149116a517c9d025890356d02fb86336aaee |
memory/4820-22-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-23-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-24-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-25-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-26-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-27-0x00000000747D0000-0x0000000074D81000-memory.dmp
memory/2800-28-0x00000000747D0000-0x0000000074D81000-memory.dmp