metamorpherrat | 9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778

Analysis

max time kernel
117s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2024, 04:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe
Size

78KB
MD5

00a72eeecb69954ebefffe8c098c0817
SHA1

e84682df169001b28f3048358364643fc4b2d83f
SHA256

9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778
SHA512

3b4b4f9999a49cf9f1da0c638ff707bdd4ef6ef84779d5335c6816247d193151b63b106ab821c65128e7f8fac57a5afcfc505b674e26e3d92306230ec270ad8c
SSDEEP

1536:35jSRXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtC6K9/tO1ML/:35jSRSyRxvY3md+dWWZyS9/3/

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Signatures

MetamorpherRAT
Metamorpherrat is a hacking tool that has been around for a while since 2013.
trojan rat stealer metamorpherrat
Metamorpherrat family
metamorpherrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe

Executes dropped EXE 1 IoCs

pid	Process
380	tmpA289.tmp.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShFusRes = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\big5.exe\""	tmpA289.tmp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmpA289.tmp.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe
Token: SeDebugPrivilege	380	tmpA289.tmp.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 1936	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	83
PID 4560 wrote to memory of 1936	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	83
PID 4560 wrote to memory of 1936	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	83
PID 1936 wrote to memory of 3712	1936	vbc.exe	85
PID 1936 wrote to memory of 3712	1936	vbc.exe	85
PID 1936 wrote to memory of 3712	1936	vbc.exe	85
PID 4560 wrote to memory of 380	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	86
PID 4560 wrote to memory of 380	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	86
PID 4560 wrote to memory of 380	4560	9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe	86

C:\Users\Admin\AppData\Local\Temp\9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe
"C:\Users\Admin\AppData\Local\Temp\9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rh73s_rp.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA47D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA0890B28AE154548BC6FDB9150E8BCBE.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3712
- C:\Users\Admin\AppData\Local\Temp\tmpA289.tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmpA289.tmp.exe" C:\Users\Admin\AppData\Local\Temp\9258ecd03c63816f436923948ca7c259fef4d8fcad7a6b9096ce8792e0e87778.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:380

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

bejnz.com

tmpA289.tmp.exe

Remote address:

8.8.8.8:53

Request

bejnz.com

IN A

Response

bejnz.com

IN A

44.221.84.105
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=619b5c78df5cec7bddb589aad96ff01c|181.215.176.83|1732422880|1732422880|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

105.84.221.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.84.221.44.in-addr.arpa

IN PTR

Response

105.84.221.44.in-addr.arpa

IN PTR

ec2-44-221-84-105 compute-1 amazonawscom
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8c3e0036b29b71dde8dfffbaa2dfdb90|181.215.176.83|1732422883|1732422883|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=649a0d950701bcdced2bf2ba036fbce0|181.215.176.83|1732422887|1732422887|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c37a6e85c24dad9254d5b5da7dc5b4ae|181.215.176.83|1732422890|1732422890|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=343e1dd0c5e18834b83e80902d0f2b53|181.215.176.83|1732422893|1732422893|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:34:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8e07c3852cec6b748050be74bcd60501|181.215.176.83|1732422897|1732422897|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=52ac4f5097124852b23b75775338b6dc|181.215.176.83|1732422900|1732422900|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e2e55e3c87fd8d7d6d0653ab23c7c5c6|181.215.176.83|1732422903|1732422903|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cf62520e4bbc05723862973ac89d6d05|181.215.176.83|1732422907|1732422907|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7a820687072ab165ed54fb0f4bea8364|181.215.176.83|1732422910|1732422910|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fbf2296f57cac75a1b69c19f9979bc5c|181.215.176.83|1732422913|1732422913|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e315ef51edf090f7f469a22820f2ece8|181.215.176.83|1732422917|1732422917|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=600739216c7aa8c373218fa1b104bf98|181.215.176.83|1732422920|1732422920|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4f0538cd4e9ba4822a7c78e64fd0bcb2|181.215.176.83|1732422923|1732422923|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e0d4847fb5d7d995be1fa1f9e94c742f|181.215.176.83|1732422927|1732422927|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5bdaeed86d4ebe6b5af72ce7642ae00d|181.215.176.83|1732422930|1732422930|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=61341aa0ef3394677ff86da2e17b50c4|181.215.176.83|1732422933|1732422933|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e0e9705f7ca8430e390723284eef9a98|181.215.176.83|1732422937|1732422937|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e735fa6746b0ef87d9bc7e0f00bab49f|181.215.176.83|1732422940|1732422940|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5aeb1593368c685fe793769dc057a0ae|181.215.176.83|1732422943|1732422943|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=98fbe19bac99804410da6de78e4ac37d|181.215.176.83|1732422947|1732422947|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5424c6f7b99cd24825e2b17f3c466a66|181.215.176.83|1732422950|1732422950|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d49ddc62aa8586df530307844e6b28ff|181.215.176.83|1732422953|1732422953|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:35:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4fa939dbaa489e66e4f7ecd77cd27739|181.215.176.83|1732422957|1732422957|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9ae3006d739d8db846cf81db480dd8ec|181.215.176.83|1732422960|1732422960|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=598a78b3df262d51904e4d4f5c4f0dc7|181.215.176.83|1732422963|1732422963|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3e96bb2214da0079edef5b1c0d4f27af|181.215.176.83|1732422967|1732422967|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4fcfeebf7a0c82cdb043e33413ed15b2|181.215.176.83|1732422970|1732422970|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=07862d70d007915ce42187dc6a9dc91e|181.215.176.83|1732422973|1732422973|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a99d3f387ccb24b62cf6c32072e6b5c4|181.215.176.83|1732422977|1732422977|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=648c3ba2fba189f80c54cdae1e43e2d2|181.215.176.83|1732422980|1732422980|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a9ec3a945faa2c4799aace324b452dbf|181.215.176.83|1732422983|1732422983|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e25bba58ad912ba76f95150a17203502|181.215.176.83|1732422987|1732422987|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA289.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 24 Nov 2024 04:36:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a4d1b5d43abc928c16ddb5170faa13b7|181.215.176.83|1732422990|1732422990|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

295 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA289.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
127.0.0.1:127

tmpA289.tmp.exe

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

bejnz.com

dns

tmpA289.tmp.exe

55 B
71 B
1
1

DNS Request

bejnz.com

DNS Response

44.221.84.105
8.8.8.8:53

105.84.221.44.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

105.84.221.44.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESA47D.tmp

Filesize
1KB

MD5
8651b9fdce101e328f5635d468dec187

SHA1
3aeab8a459ce25e48d9023e674e5b861a36f5e20

SHA256
68aefed74a53acadd90fcc2f129dfe0d89f00fd9589abc728ec7f5e9ef86ce74

SHA512
e1552f02385a70a0875ca1746b91e3275a7f5e742c67478fc7eded016b252591757b1de9d617cb1397eac4e974a2b3eb02d8446bc0438763ac878a218ad6aa40

Download Submit
C:\Users\Admin\AppData\Local\Temp\rh73s_rp.0.vb

Filesize
14KB

MD5
c61e4dfd4f8c1d610e8192baf19944e1

SHA1
9faa160b9f086265178daf25b8c51007c454c25b

SHA256
a23df2ab71cde72cef9d2d793e847a70014139c1ec4887b7cf8dffdc2d43b41c

SHA512
5a252334610c00133b7270b14b7eb7846885f5fe1f3b3f5b9d08ab947a22ba467e49b93e63eca433d46b817b7f3f4b76970fe5601238ec67ae89372ec60c7184

Download Submit
C:\Users\Admin\AppData\Local\Temp\rh73s_rp.cmdline

Filesize
266B

MD5
2c790d3e79de393086dcbd7321e32ce9

SHA1
d0a1f7cc3e7c421e66c0b648ed795e90c53e5e4a

SHA256
1f2ea09e330f2a822bb52277b3321abe8058dcaa6f90aa8705085b5968c7f7e8

SHA512
7f7d119f24f975b237704fe794d0d5d8e386a22486a61fa0c96a6983b9778ff3228b03353b8ce1a1297c30f2534ead14266bc0ec4c2b74afe3681818972a01b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA289.tmp.exe

Filesize
78KB

MD5
c28e39a191959c4f6184a45496f726f6

SHA1
2b04fdcb0607bb9aab222554c46aea1b76e146fe

SHA256
d365507cafca2d4c4bbef634ba954b30e637bbbcb0574018bfb8877b2e0e2d3d

SHA512
6b0da3d0d99282546b3a75c581a2598696ca3b5cc885a21996a346c7ec18b4e381bd475309604b25724d2ef344b0f9cad050c9bbee3d8f3ea9c70b6a8774518e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcA0890B28AE154548BC6FDB9150E8BCBE.TMP

Filesize
660B

MD5
146d0029547c1d16f7eea1aac418077c

SHA1
28cc541d5f4cfbb535039fc04afb0627f1930cdb

SHA256
aaa504705149de0f25684ecf7b070a95df2fd497f01207be7c22c245079f314b

SHA512
a6fbc1d21c592e98b6e959243e3d9831b0d4bd61279faf54ab65511d83b7490f899b5994a43527e4a8a0ce25be0b99bb7219d21e255ccaa5e81839196081d8fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\zCom.resources

Filesize
62KB

MD5
4f0e8cf79edb6cd381474b21cabfdf4a

SHA1
7018c96b4c5dab7957d4bcdc82c1e7bb3a4f80c4

SHA256
e54a257fa391065c120f55841de8c11116ea0e601d90fe1a35dcd340c5dd9cd5

SHA512
2451a59d09464e30d0df822d9322dbecb83faa92c5a5b71b7b9db62330c40cc7570d66235f137290074a3c4a9f3d8b3447067ed135f1bb60ea9e18d0df39a107

Download Submit
memory/380-22-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-24-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-26-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-27-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-28-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-29-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/380-30-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/1936-9-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/1936-18-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/4560-1-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/4560-2-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download
memory/4560-0-0x0000000074FB2000-0x0000000074FB3000-memory.dmp

Filesize
4KB

Download
memory/4560-23-0x0000000074FB0000-0x0000000075561000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request