Overview

overview

10

Static

static

5

078db59624...6d.exe

windows7-x64

10

078db59624...6d.exe

windows10-2004-x64

10

07f59c1814...17.exe

windows7-x64

10

07f59c1814...17.exe

windows10-2004-x64

10

083d3eee79...8c.exe

windows7-x64

10

083d3eee79...8c.exe

windows10-2004-x64

10

08b9d4c939...ff.exe

windows7-x64

10

08b9d4c939...ff.exe

windows10-2004-x64

10

08c1757fc2...f6.exe

windows7-x64

10

08c1757fc2...f6.exe

windows10-2004-x64

10

0d08ee2ca8...dd.exe

windows7-x64

10

0d08ee2ca8...dd.exe

windows10-2004-x64

10

0d1c17f831...d0.exe

windows7-x64

10

0d1c17f831...d0.exe

windows10-2004-x64

10

1017f357d8...c6.exe

windows7-x64

10

1017f357d8...c6.exe

windows10-2004-x64

10

152de8e813...2e.exe

windows7-x64

10

152de8e813...2e.exe

windows10-2004-x64

10

18a7c9bb15...1a.exe

windows7-x64

10

18a7c9bb15...1a.exe

windows10-2004-x64

10

1c429652e6...c5.exe

windows7-x64

10

1c429652e6...c5.exe

windows10-2004-x64

10

1fe8e976dc...0b.exe

windows7-x64

7

1fe8e976dc...0b.exe

windows10-2004-x64

7

231f15571a...d3.exe

windows7-x64

10

231f15571a...d3.exe

windows10-2004-x64

10

253a433e14...6a.exe

windows7-x64

10

253a433e14...6a.exe

windows10-2004-x64

10

26ccb116f4...8f.exe

windows7-x64

10

26ccb116f4...8f.exe

windows10-2004-x64

10

2936e6b87d...99.exe

windows7-x64

10

2936e6b87d...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/11/2024, 06:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe

  • Size

    351KB

  • MD5

    73f7ae135b1bf7d5f6b496db53b126e9

  • SHA1

    6bdddb2c1ad14066378620ea1ead917f237b2053

  • SHA256

    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff

  • SHA512

    6b1d1ff84c401c2b6d55318479f2ddabd011d7589d3b14cedf75041a2a800eeba0cc550680c71ff39258a4b0250dc6f0d5cebc556afa832bfb8648debc90dd23

  • SSDEEP

    6144:oVmHUktMXuPRRcSbMSa53KT39Z8wephq7ioVTOTDCDvOkiuosFglBp1:oVlXcyNKrH8wepwtVTOPMOk9Ef

Score
10/10
gcleaneronlyloggerdiscoveryloaderupx

Malware Config

Extracted

Family

gcleaner

C2

gcc-partners.in

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • Onlylogger family
    onlylogger
  • OnlyLogger payload 5 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    "C:\Users\Admin\AppData\Local\Temp\08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3648

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    api.ip.sb
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ip.sb
    IN A
    Response
    api.ip.sb
    IN CNAME
    api.ip.sb.cdn.cloudflare.net
    api.ip.sb.cdn.cloudflare.net
    IN A
    172.67.75.172
    api.ip.sb.cdn.cloudflare.net
    IN A
    104.26.13.31
    api.ip.sb.cdn.cloudflare.net
    IN A
    104.26.12.31
  • flag-us
    GET
    http://api.ip.sb/geoip
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    172.67.75.172:80
    Request
    GET /geoip HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Host: api.ip.sb
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 08 Nov 2024 06:44:01 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://api.ip.sb/geoip
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sy6MKpj8SHD475FQ096ikUvu%2B8hzKlTbmW%2FdrE1gsJKMAINo2EqrTcYyb%2FDE06KJsUQ7ve4LDX%2BQ2gETEKQ93QFiiVWja4c5Pws3PIuHQi905f70tR42hBq5Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8df397936a3cbece-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=42708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=113&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    GET
    https://api.ip.sb/geoip
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    172.67.75.172:443
    Request
    GET /geoip HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Host: api.ip.sb
    Response
    HTTP/1.1 200 OK
    Date: Fri, 08 Nov 2024 06:44:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    Cache-Control: no-cache
    access-control-allow-origin: *
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQlU0YtiIkN%2BF%2B9I59MOegjDLg69gLM7Uhl7Q7JUQH3W76aGvNEFoplQXeACRUFZO6Csp0ruHruxQHTcscECE%2BoQpacdcjzTQaopSaLt5huJcqTcWQaRP8zRnA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8df39798f8ec9482-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=49159&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3263&recv_bytes=411&delivery_rate=71897&cwnd=253&unsent_bytes=0&cid=39e496ac4a67100d&ts=233&x=0"
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    freegeoip.app
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    freegeoip.app
    IN A
    Response
    freegeoip.app
    IN A
    104.21.73.97
    freegeoip.app
    IN A
    172.67.160.84
  • flag-us
    GET
    http://freegeoip.app/json
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    104.21.73.97:80
    Request
    GET /json HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Host: freegeoip.app
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 08 Nov 2024 06:44:02 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Fri, 08 Nov 2024 07:44:02 GMT
    Location: http://ipbase.com/json
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twd%2B9bcHfpEjrbeRkrnBZxMvIqgfewvQ%2Ba1ABxBp64Komd6BBYmZcTOIaXPh6QCJpmeD5XxebWfUG1v9l1IXNYvR%2BzjlPOsfUkodLLPK3%2FYMG7MYz%2BLPi0Lx%2Fu4FszVt"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8df3979a5ec794a7-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=41367&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=116&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    DNS
    ipbase.com
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    ipbase.com
    IN A
    Response
    ipbase.com
    IN A
    104.21.85.189
    ipbase.com
    IN A
    172.67.209.71
  • flag-us
    GET
    http://ipbase.com/json
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    104.21.85.189:80
    Request
    GET /json HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Host: ipbase.com
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 08 Nov 2024 06:44:02 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Fri, 08 Nov 2024 07:44:02 GMT
    Location: https://ipbase.com/json
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTKI97EHyExI5XvHzs6%2FSOvDdq7Ejyrptxfc9wgXPbSqcTAHuF5pgKrna%2BMJXwumVXsZBwYwmGQ%2FNhcITzFM3sc5OMFnfgOZRZ6sGh6%2FxbFhK2rMcHbLX%2FC76fbK"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8df3979b3dbabda0-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=41553&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=113&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    GET
    https://ipbase.com/json
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    104.21.85.189:443
    Request
    GET /json HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Host: ipbase.com
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 08 Nov 2024 06:44:02 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Age: 32053
    Cache-Control: public,max-age=0,must-revalidate
    Cache-Status: "Netlify Edge"; hit
    Vary: Accept-Encoding
    X-Nf-Request-Id: 01JC587ZFBERSRCVX9WSG2DXB8
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VzLnvI5Fi49DCFIHKAP%2FyWZqhRbOTwUNKKhl%2FcQNSTcZdT7m1lVuB5FpNrzhtMKja2ATu9s9ihfncspOspII5FqdpuZ44CVi03mrYBfNgpENKaNq5j%2FkDdN9YcY8"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8df3979c78ed776c-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=42465&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=412&delivery_rate=90668&cwnd=232&unsent_bytes=0&cid=9ff916e54302fde1&ts=139&x=0"
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    172.75.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.75.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.73.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.73.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    189.85.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    189.85.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.117.19.2.in-addr.arpa
    IN PTR
    Response
    75.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-75deploystaticakamaitechnologiescom
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • flag-us
    DNS
    gcc-partners.in
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    Remote address:
    8.8.8.8:53
    Request
    gcc-partners.in
    IN A
    Response
  • 172.67.75.172:80
    http://api.ip.sb/geoip
    http
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    343 B
     1.1kB
     5
    4

    HTTP Request

    GET http://api.ip.sb/geoip

    HTTP Response

    301
  • 172.67.75.172:443
    https://api.ip.sb/geoip
    tls, http
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    813 B
     5.0kB
     9
    10

    HTTP Request

    GET https://api.ip.sb/geoip

    HTTP Response

    200
  • 104.21.73.97:80
    http://freegeoip.app/json
    http
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    392 B
     1.2kB
     6
    4

    HTTP Request

    GET http://freegeoip.app/json

    HTTP Response

    301
  • 104.21.85.189:80
    http://ipbase.com/json
    http
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    389 B
     1.2kB
     6
    4

    HTTP Request

    GET http://ipbase.com/json

    HTTP Response

    301
  • 104.21.85.189:443
    https://ipbase.com/json
    tls, http
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    906 B
     8.0kB
     11
    13

    HTTP Request

    GET https://ipbase.com/json

    HTTP Response

    404
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    api.ip.sb
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    55 B
     145 B
     1
    1

    DNS Request

    api.ip.sb

    DNS Response

    172.67.75.172
    104.26.13.31
    104.26.12.31

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    freegeoip.app
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    59 B
     91 B
     1
    1

    DNS Request

    freegeoip.app

    DNS Response

    104.21.73.97
    172.67.160.84

  • 8.8.8.8:53
    ipbase.com
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    56 B
     88 B
     1
    1

    DNS Request

    ipbase.com

    DNS Response

    104.21.85.189
    172.67.209.71

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    172.75.67.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    172.75.67.172.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    97.73.21.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    97.73.21.104.in-addr.arpa

  • 8.8.8.8:53
    189.85.21.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    189.85.21.104.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    75.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    75.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     114 B
     2
    1

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    61 B
     114 B
     1
    1

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

  • 8.8.8.8:53
    gcc-partners.in
    dns
    08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
    122 B
     228 B
     2
    2

    DNS Request

    gcc-partners.in

    DNS Request

    gcc-partners.in

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3648-0-0x0000000000400000-0x00000000047CB000-memory.dmp

    Filesize

    67.8MB

    Download

  • memory/3648-2-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/3648-1-0x0000000004CB0000-0x0000000004CF6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3648-3-0x0000000000400000-0x00000000047CB000-memory.dmp

    Filesize

    67.8MB

    Download

  • memory/3648-4-0x0000000000400000-0x00000000047CB000-memory.dmp

    Filesize

    67.8MB

    Download

  • memory/3648-6-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.