Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

017b236bf3...d6.exe

windows7-x64

10

05676f2007...fb.exe

windows7-x64

3

0a025116a8...57.exe

windows7-x64

8

1.exe

windows7-x64

8

18674bbd9a...38.exe

windows7-x64

8

234901adb1...b2.exe

windows7-x64

10

2ae06537d1...b6.exe

windows7-x64

8

2c02c65090...91.exe

windows7-x64

7

3.exe

windows7-x64

10

329b3ddbf1...f9.exe

windows7-x64

10

336fe6e8bc...de.exe

windows7-x64

8

4bd31921c8...be.exe

windows7-x64

8

4e180437ef...a9.exe

windows7-x64

1

539b0b5d54...05.exe

windows7-x64

10

53bf3a0bff...35.exe

windows7-x64

8

$PLUGINSDIR/INetC.dll

windows7-x64

3

5d63c27043...42.exe

windows7-x64

8

$PLUGINSDIR/INetC.dll

windows7-x64

3

5d6e1eeab9...84.exe

windows7-x64

8

63136e1d44...b5.exe

windows7-x64

8

658110c095...6f.exe

windows7-x64

8

74cafa4165...c5.exe

windows7-x64

8

88bf025119...30.exe

windows7-x64

5

9fbf62bd6a...a0.exe

windows7-x64

9

a89591555b...df.exe

windows7-x64

10

add230a2e7...10.exe

windows7-x64

10

c83bf900eb...31.exe

windows7-x64

10

ccbf53569b...71.exe

windows7-x64

8

db725306e6...8b.exe

windows7-x64

10

e035a1741d...5f.exe

windows7-x64

7

e2f4dfe61d...f8.exe

windows7-x64

8

f10e957b92...41.exe

windows7-x64

8

Analysis

  • max time kernel
    361s
  • max time network
    364s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 13:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe

  • Size

    96KB

  • MD5

    9953c9961814c8e1c88346415dd208c2

  • SHA1

    bb2daf108ac562e5163e74ba57278857f720d212

  • SHA256

    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438

  • SHA512

    75985b7c5e41dda0bb83ac34338bedccd14c9deed13c983f8afa1afc083ebf55217aaa69e19c9a195faf8479c0ccbe55a384dbd15a2a44ba89971ac502767027

  • SSDEEP

    3072:BCunH3YQ4TgvMvPQDeqgKJ+BCn2S6Q5aA:BCAX3vMvPQNgKL2S6Q5f

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    "C:\Users\Admin\AppData\Local\Temp\18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:1740

Network

  • flag-us
    DNS
    xetapp.com
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    8.8.8.8:53
    Request
    xetapp.com
    IN A
    Response
    xetapp.com
    IN A
    82.146.50.198
  • flag-ru
    GET
    https://xetapp.com/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xetapp.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:42 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://xet.app/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
  • flag-us
    DNS
    xet.app
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    8.8.8.8:53
    Request
    xet.app
    IN A
    Response
    xet.app
    IN A
    82.146.50.198
  • flag-ru
    GET
    https://xet.app/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xet.app
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:42 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
  • flag-ru
    GET
    https://xet.app/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xet.app
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:43 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
  • flag-ru
    GET
    https://xet.app/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8 HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xet.app
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:50 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
  • flag-ru
    GET
    https://xet.app/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8 HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xet.app
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:50 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
  • flag-ru
    GET
    https://xetapp.com/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xetapp.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:43 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://xet.app/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
  • flag-us
    DNS
    dl.xetapp.us
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    8.8.8.8:53
    Request
    dl.xetapp.us
    IN A
    Response
    dl.xetapp.us
    IN A
    172.98.192.37
  • flag-us
    GET
    http://dl.xetapp.us/downloads/software/security/encryption/secret.disk.exe
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    172.98.192.37:80
    Request
    GET /downloads/software/security/encryption/secret.disk.exe HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: dl.xetapp.us
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 527
    content-type: text/html; charset=utf-8
    date: Wed, 20 Nov 2024 13:10:46 GMT
    server: nginx
    set-cookie: sid=db2f3ad8-a740-11ef-84c9-5c26890d6483; path=/; domain=.xetapp.us; expires=Mon, 08 Dec 2092 16:24:53 GMT; max-age=2147483647; HttpOnly
  • flag-ru
    GET
    https://xetapp.com/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8 HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xetapp.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:50 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://xet.app/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
  • flag-ru
    GET
    https://xetapp.com/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    82.146.50.198:443
    Request
    GET /settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8 HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: xetapp.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:50 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://xet.app/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
  • flag-us
    DNS
    download.yandex.ru
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    8.8.8.8:53
    Request
    download.yandex.ru
    IN A
    Response
    download.yandex.ru
    IN CNAME
    cdn.yandex.net
    cdn.yandex.net
    IN A
    5.45.205.242
    cdn.yandex.net
    IN A
    5.45.205.244
    cdn.yandex.net
    IN A
    5.45.205.245
    cdn.yandex.net
    IN A
    5.45.205.241
    cdn.yandex.net
    IN A
    5.45.205.243
  • flag-ru
    GET
    http://download.yandex.ru/yandex-pack/downloader/downloader.exe
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    5.45.205.242:80
    Request
    GET /yandex-pack/downloader/downloader.exe HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: download.yandex.ru
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    Server: nginx/1.17.9
    Date: Wed, 20 Nov 2024 13:10:51 GMT
    Content-Length: 0
    Connection: keep-alive
    Keep-Alive: timeout=5
    Location: http://cachev2-rad-05.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=309
    X-Request-Id: 1732108251057973-9112290496667312549
    X-Strm-Request-Id: 1732108251057973-9112290496667312549
    X_h: strm-cacto-production-1.klg.yp-c.yandex.net
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Cache-Control: no-cache
    Cache-Control: no-store,no-cache,must-revalidate
    Pragma: no-cache
  • flag-us
    DNS
    cachev2-rad-05.cdn.yandex.net
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    8.8.8.8:53
    Request
    cachev2-rad-05.cdn.yandex.net
    IN A
    Response
    cachev2-rad-05.cdn.yandex.net
    IN A
    5.45.192.12
  • flag-fi
    GET
    http://cachev2-rad-05.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=309
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    Remote address:
    5.45.192.12:80
    Request
    GET /download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=309 HTTP/1.1
    User-Agent: NSIS_Inetc (Mozilla)
    Host: cachev2-rad-05.cdn.yandex.net
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 20 Nov 2024 13:10:51 GMT
    Content-Type: application/octet-stream
    Content-Length: 208544
    Connection: keep-alive
    Keep-Alive: timeout=60
    Etag: "b9314504e592d42cb36534415a62b3af"
    Last-Modified: Mon, 22 Jul 2024 09:35:20 GMT
    X-Amz-Meta-Origin-Date-Iso8601: 2024-07-22T09:04:09.431Z
    X-Amz-Request-Id: 5055470270556695
    Access-Control-Allow-Origin: *
    X-Robots-Tag: noindex, noarchive, nofollow
    X-Strm-Log-Split: 7
    X_h: cachev2-rad-05.cdn.yandex.net
    X-Strm-Request-Id: faacad697c48adb6
    X-Request-Id: faacad697c48adb6
    Report-To: {"group": "network-errors", "max_age": 1200, "include_subdomains": true, "endpoints": [ {"url": "https://dr.yandex.net/strm", "priority": 1}, {"url": "https://dr2.yandex.net/strm", "priority": 2} ]}
    NEL: {"report_to": "network-errors", "max_age": 1200, "success_fraction": 0.005, "failure_fraction": 0.05, "include_subdomains": true}
    Accept-Ranges: bytes
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    23.209.125.31
    a1363.dscg.akamai.net
    IN A
    23.209.125.34
  • flag-nl
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    23.209.125.31:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
    Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
    ETag: 0x8DCDDD1E3AF2C76
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d4df7fec-901e-0075-17c5-0f3cc6000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 20 Nov 2024 13:11:12 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    95.100.245.144
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    95.100.245.144:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: PjrtHAukbJio72s77Ag5mA==
    Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
    ETag: 0x8DCFA0366D6C4CA
    x-ms-request-id: 7ca9c103-d01e-0016-3fee-2ba13d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 20 Nov 2024 13:11:12 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV2e3fd2a7.0
    ms-cv-esi: CASMicrosoftCV2e3fd2a7.0
    X-RTag: RT
  • 82.146.50.198:443
    https://xetapp.com/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    tls, http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    1.2kB
     7.1kB
     13
    11

    HTTP Request

    GET https://xetapp.com/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya

    HTTP Response

    301
  • 82.146.50.198:443
    https://xet.app/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    tls, http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    2.1kB
     7.8kB
     17
    14

    HTTP Request

    GET https://xet.app/settings/launches.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya

    HTTP Response

    404

    HTTP Request

    GET https://xet.app/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya

    HTTP Response

    404

    HTTP Request

    GET https://xet.app/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8

    HTTP Response

    404

    HTTP Request

    GET https://xet.app/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8

    HTTP Response

    404
  • 82.146.50.198:443
    https://xetapp.com/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya
    tls, http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    1.4kB
     7.7kB
     13
    12

    HTTP Request

    GET https://xetapp.com/settings/install.php?name=Secret-Disk&site=&campaign=yandex&source=ru_ya

    HTTP Response

    301
  • 172.98.192.37:80
    http://dl.xetapp.us/downloads/software/security/encryption/secret.disk.exe
    http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    457 B
     1.2kB
     6
    5

    HTTP Request

    GET http://dl.xetapp.us/downloads/software/security/encryption/secret.disk.exe

    HTTP Response

    200
  • 82.146.50.198:443
    https://xetapp.com/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    tls, http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    1.2kB
     7.6kB
     12
    11

    HTTP Request

    GET https://xetapp.com/settings/promo-installs.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8

    HTTP Response

    301
  • 82.146.50.198:443
    https://xetapp.com/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8
    tls, http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    1.1kB
     7.0kB
     10
    10

    HTTP Request

    GET https://xetapp.com/settings/promo-installs-real.php?name=Secret-Disk&site=&campaign=yandex&ip=&date=&ya_cmd=8

    HTTP Response

    301
  • 5.45.205.242:80
    http://download.yandex.ru/yandex-pack/downloader/downloader.exe
    http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    446 B
     1.3kB
     6
    4

    HTTP Request

    GET http://download.yandex.ru/yandex-pack/downloader/downloader.exe

    HTTP Response

    302
  • 5.45.192.12:80
    http://cachev2-rad-05.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=309
    http
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    4.0kB
     215.8kB
     83
    157

    HTTP Request

    GET http://cachev2-rad-05.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/downloader.exe?lid=309

    HTTP Response

    200
  • 23.209.125.31:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    445 B
     1.7kB
     5
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 95.100.245.144:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    439 B
     1.7kB
     5
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 8.8.8.8:53
    xetapp.com
    dns
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    56 B
     72 B
     1
    1

    DNS Request

    xetapp.com

    DNS Response

    82.146.50.198

  • 8.8.8.8:53
    xet.app
    dns
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    53 B
     69 B
     1
    1

    DNS Request

    xet.app

    DNS Response

    82.146.50.198

  • 8.8.8.8:53
    dl.xetapp.us
    dns
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    58 B
     74 B
     1
    1

    DNS Request

    dl.xetapp.us

    DNS Response

    172.98.192.37

  • 8.8.8.8:53
    download.yandex.ru
    dns
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    64 B
     172 B
     1
    1

    DNS Request

    download.yandex.ru

    DNS Response

    5.45.205.242
    5.45.205.244
    5.45.205.245
    5.45.205.241
    5.45.205.243

  • 8.8.8.8:53
    cachev2-rad-05.cdn.yandex.net
    dns
    18674bbd9af6e4e7396363a4f7d72312a50514f72ee4c4ceb131738801100438.exe
    75 B
     91 B
     1
    1

    DNS Request

    cachev2-rad-05.cdn.yandex.net

    DNS Response

    5.45.192.12

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    23.209.125.31
    23.209.125.34

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    95.100.245.144

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CabA410.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA5E7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd96C4.tmp\INetC.dll
    Filesize

    24KB

    MD5

    640bff73a5f8e37b202d911e4749b2e9

    SHA1

    9588dd7561ab7de3bca392b084bec91f3521c879

    SHA256

    c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    SHA512

    39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    Download Submit

  • memory/1740-60-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1740-77-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.