Analysis Overview
SHA256
9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4
Threat Level: Known bad
The file 9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe was found to be: Known bad.
Malicious Activity Summary
MetamorpherRAT
Metamorpherrat family
Executes dropped EXE
Checks computer location settings
Uses the VBS compiler for execution
Deletes itself
Loads dropped DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 00:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 00:48
Reported
2024-11-13 00:50
Platform
win7-20240729-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpA998.tmp.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmpA998.tmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe
"C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sf8q7flo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAB7C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAB7B.tmp"
C:\Users\Admin\AppData\Local\Temp\tmpA998.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpA998.tmp.exe" C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
Files
memory/2112-0-0x0000000074991000-0x0000000074992000-memory.dmp
memory/2112-1-0x0000000074990000-0x0000000074F3B000-memory.dmp
memory/2112-6-0x0000000074990000-0x0000000074F3B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sf8q7flo.cmdline
| MD5 | a4e8f2c972a54421b92fe4d7b3f119a8 |
| SHA1 | eec57e4d6df8a0b484a0686b4993553eded981cc |
| SHA256 | 8aa2d2a0e1f4e17c7af77e31fbefe1cf69abf90d450bd440214e13d03c85e6cd |
| SHA512 | 21a4b3d9ab45ea0cb918d794562ce02270884a761f7f2301b57e583a9cc111d496a547c7c39b10c5a4f1a605634bb761e82572a43158916f6827ac3bdcd507c6 |
memory/2372-8-0x0000000074990000-0x0000000074F3B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sf8q7flo.0.vb
| MD5 | 2ef42e7ed31e86e084582c65628d1f6d |
| SHA1 | b241fde9c6d8a4f371704471d71fd385a640de66 |
| SHA256 | 698b5a2c3fcd2c9074e4e97219e3171e28b13b26f9c892ed8b5b99c775487efb |
| SHA512 | e1194700d70bd92ec0051cf40dbca84e3dc7624c492f65a2a3eb8ecb3ff499e243ce3644b7ebad2d467bb4b16933a68440daa9bd3f7af79f581b380672f087c3 |
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\vbcAB7B.tmp
| MD5 | adfb1e6e557f4791aa337af4b28e968b |
| SHA1 | b126dae26bf0356764c97f829853b282a516dfaa |
| SHA256 | 5fae63531966b54dda3c88ca19e9699ff342a336d4016b16002a1b823cfca8a1 |
| SHA512 | ba3c4cd477700f4f3d022e3cd97f916a8f47d1ee5fc7553c79b9a287642f1dc98539d10f4b799376b78ac22abf1b4a1094e11c5c8ad59c1f262622827b20581c |
C:\Users\Admin\AppData\Local\Temp\RESAB7C.tmp
| MD5 | 9e8620b8aa20609dff3ce3167f867e80 |
| SHA1 | a22e7704b410b33475c5b78a2f4121f01ebf91cc |
| SHA256 | aea82feefc67e330a97c25804f3a2af601140d5d65ba00a2f0f0e9d22f77082e |
| SHA512 | 8fc167fcc4792f6deaea79102f56338d85259f94a86d356c2c94eafe96dcd3bf51f8be74f3212981ba2755595a1eef2e87aa5c8ca5d005992490289f3935f787 |
memory/2372-18-0x0000000074990000-0x0000000074F3B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpA998.tmp.exe
| MD5 | 09f71015931679a3129749124479b8ee |
| SHA1 | 6631d3ee356dbd4238bbe9d216246a71ae487303 |
| SHA256 | b1671bc0f32b157dd5e669858d558f46a7eda320aeaedc50c3432bf22053ccc0 |
| SHA512 | 7637c6a9ea8f249aac997447f26ce5cb26e14f8390b4fff9db2142007cb5e942440ffa6afaacee43fa420036afdc6a71c8957196316ef0e606eaeb811851d3ca |
memory/2112-24-0x0000000074990000-0x0000000074F3B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 00:48
Reported
2024-11-13 00:50
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe
"C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2lphoypp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD86.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9D6A3319E1D441D8AE4B758D1E489A8B.TMP"
C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe" C:\Users\Admin\AppData\Local\Temp\9b7cf938b99a7aa201d4f3955941fcab57d8991de49a3e72150268d74d190de4N.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | tcp |
Files
memory/1312-0-0x0000000075382000-0x0000000075383000-memory.dmp
memory/1312-1-0x0000000075380000-0x0000000075931000-memory.dmp
memory/1312-2-0x0000000075380000-0x0000000075931000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2lphoypp.cmdline
| MD5 | c7d07dc3a440051c773d056ccd0c01ce |
| SHA1 | c43103053cf051bd4979372f7238487e8c42e685 |
| SHA256 | a07dbfaaa8f2385d7f5622968f70e2c0cecd83fd3e0f2e11c032f9ada66ec7dc |
| SHA512 | 0b3428b26d27a9a5e462292167cb81ec69a24619578ff1cd29b371bc720b3598ceaacd8895e033efafa0984e9f5ec29d6ce5f834d475a58095130ecde05aa0c1 |
C:\Users\Admin\AppData\Local\Temp\2lphoypp.0.vb
| MD5 | 7e5668376dc25f3b9ac8dc344923669c |
| SHA1 | dbd6a7c6d0273b67be612662e291631b43d993ec |
| SHA256 | 3c1235f5c9180146e97c2f260b11885531ff6c98b5373cf874f94ef3121b18eb |
| SHA512 | 0d0c6c55de812c3d2f76ba5fbdef4a448a079a3fa190d3a25aecd7e6744c59448a4292eb7141fde42ce0c09ea70cb7f6b70fcbe706cecd84250fad51c6fdafdd |
memory/4056-9-0x0000000075380000-0x0000000075931000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\vbc9D6A3319E1D441D8AE4B758D1E489A8B.TMP
| MD5 | 4b67a3333a4fcf1a4f823bcbc03863c3 |
| SHA1 | 16188eff22600abbf24ae12f94d65f28bf92332f |
| SHA256 | 91015d725bd83efef544502839143d83aea56ff9506be8aeb3bd0b6f3d9498d4 |
| SHA512 | 9a0c5e5822ee16354fdff31eb219bcd0ad19417fed9efc6b0a59407375075090a37104909200921b7ea9776cfa82e1547e08852f8d0636b6d7bac058a7f1c6d3 |
C:\Users\Admin\AppData\Local\Temp\RESAD86.tmp
| MD5 | 93422921d334dea8fae972655cf1835a |
| SHA1 | f9f815a29f408a3ef08497f6fcae1b56cca355da |
| SHA256 | 9447f5153b32d2567f6ae4fcf32b4e23db606701a23a3745be856a81d1b113d3 |
| SHA512 | 3e7ed6ce0ed99f2826fc90b9f39128e0c1b4cd9ff7b95433b78cd92e957f16ff1897691db27f39d29ae85fa31cf476d0c86c8110b8c09e714dec8fa43299a221 |
memory/4056-18-0x0000000075380000-0x0000000075931000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpAC5D.tmp.exe
| MD5 | 71c887703269b779abfeaefd4c8ab73a |
| SHA1 | 569705855c664347be60a37f4a46b721c92a23da |
| SHA256 | a374bcefb40e59be634535e904ed306dabc6c1a06954db01e8976b00be382258 |
| SHA512 | 984d3bcbf34a9ec82363dc483b14deb895eae4dd55ec27dc37680adc1a74adc19345090fa83d98275feabcb4b2ced7061fd9447a8939e985139026b56e3e6da5 |
memory/1312-22-0x0000000075380000-0x0000000075931000-memory.dmp
memory/2524-23-0x0000000075380000-0x0000000075931000-memory.dmp
memory/2524-24-0x0000000075380000-0x0000000075931000-memory.dmp
memory/2524-25-0x0000000075380000-0x0000000075931000-memory.dmp
memory/2524-26-0x0000000075380000-0x0000000075931000-memory.dmp
memory/2524-27-0x0000000075380000-0x0000000075931000-memory.dmp