Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    110s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2024, 18:59 UTC

General

  • Target

    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe

  • Size

    165KB

  • MD5

    cd0e91bba7713d1a7c66d50c4f9aed90

  • SHA1

    fc4dde2537881ce341b8054fe64a9659a235bfaa

  • SHA256

    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095

  • SHA512

    2a1eb564056bb3ea26d4ec36ba1c88482ec7fb26b788dbcde7389f654400403519d0d9c82ec544694e668ddbebba0b3a28ca4e70bf0e452764a6b5ada50615a5

  • SSDEEP

    3072:EfkfcHxa/ZrtSBnZ+k2/d7V2g855t1dRTvydaDgA+XtZ4X:akfcHxaRhS7+kId/85zLRxgAiZ4

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 5 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    "C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
      C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2928
    • C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
      C:\Users\Admin\AppData\Local\Temp\31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1344

Network

  • flag-us
    DNS
    greenherbalteaonline.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    greenherbalteaonline.com
    IN A
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mediadryvers.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    mediadryvers.com
    IN A
    Response
  • flag-us
    DNS
    milkiwals.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    milkiwals.com
    IN A
    Response
  • flag-us
    DNS
    zonedg.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    zonedg.com
    IN A
    Response
    zonedg.com
    IN A
    103.224.212.214
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSjf%2BFpPOPuwd13Uq%2F3vleWbkY%3D
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSjf%2BFpPOPuwd13Uq%2F3vleWbkY%3D HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Thu, 12 Dec 2024 18:59:56 GMT
    server: Apache
    set-cookie: __tad=1734029996.3402048; expires=Sun, 10-Dec-2034 18:59:56 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSjf%2BFpPOPuwd13Uq%2F3vleWbkY%3D&subid1=20241213-0559-56d8-b679-b5b30699ee04
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSsdOFpPOPuwd11Uq%2F3vleWbkY%3D
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSsdOFpPOPuwd11Uq%2F3vleWbkY%3D HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Thu, 12 Dec 2024 18:59:56 GMT
    server: Apache
    set-cookie: __tad=1734029996.2611109; expires=Sun, 10-Dec-2034 18:59:56 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSsdOFpPOPuwd11Uq%2F3vleWbkY%3D&subid1=20241213-0559-5662-99ae-74ed3756acd4
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    214.212.224.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    214.212.224.103.in-addr.arpa
    IN PTR
    Response
    214.212.224.103.in-addr.arpa
    IN PTR
    lb-212-214abovecom
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    maildbaccess.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    maildbaccess.com
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.google.com
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    172.217.20.164
  • flag-fr
    GET
    http://www.google.com/
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    172.217.20.164:80
    Request
    GET / HTTP/1.0
    Connection: close
    Host: www.google.com
    Accept: */*
    Response
    HTTP/1.0 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwI1OXsugYQnM35lgESBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Yf5UmN1cVfX-f5UkvpSUIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Thu, 12 Dec 2024 19:00:36 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-WMTGgbdJgLp5vaV66EQYs6WeSwCqQuykbWPp9-6WTSrYCsuMARvg; expires=Tue, 10-Jun-2025 19:00:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-fr
    GET
    http://www.google.com/
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    172.217.20.164:80
    Request
    GET / HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwI1OXsugYQoJS1vAISBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ebm-dQao_1YVzfJcBW9Kwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Thu, 12 Dec 2024 19:00:36 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-ViKY69ySIZ6IkTZH6z4AJZcVOa2MDiYVOgHoIMlvv3r5E4fd_-ww; expires=Tue, 10-Jun-2025 19:00:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Connection: close
  • flag-us
    DNS
    164.20.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.20.217.172.in-addr.arpa
    IN PTR
    Response
    164.20.217.172.in-addr.arpa
    IN PTR
    waw02s07-in-f41e100net
    164.20.217.172.in-addr.arpa
    IN PTR
    par10s49-in-f4�H
    164.20.217.172.in-addr.arpa
    IN PTR
    waw02s07-in-f164�H
  • flag-fr
    GET
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    Remote address:
    172.217.20.164:80
    Request
    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Thu, 12 Dec 2024 19:00:36 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3075
    X-XSS-Protection: 0
    Connection: close
  • flag-us
    DNS
    180.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSjf%2BFpPOPuwd13Uq%2F3vleWbkY%3D
    http
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    585 B
    718 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSjf%2BFpPOPuwd13Uq%2F3vleWbkY%3D

    HTTP Response

    302
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSsdOFpPOPuwd11Uq%2F3vleWbkY%3D
    http
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    583 B
    716 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfxoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbedv1sTuDuw9hx4W4%2F4%2B7G3n72bEr0%2FLeqd%2FdvX%2BP9nf9i9xg4lP7MogWBGT7iisTdBYFpOej6wb518i8OsL%2BB6GL3GB%2BjucSsdOFpPOPuwd11Uq%2F3vleWbkY%3D

    HTTP Response

    302
  • 127.0.0.1:64727
  • 172.217.20.164:80
    http://www.google.com/
    http
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    348 B
    1.5kB
    6
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 127.0.0.1:64727
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
  • 172.217.20.164:80
    http://www.google.com/
    http
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    307 B
    1.5kB
    5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 172.217.20.164:80
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    526 B
    3.7kB
    6
    7

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNTl7LoGIjCOIKi563-g2GoDa5fq5coWLohuwuQsNNYmPDjJWxb_XamhPLPlj7wFxOY5-yqVSe8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 127.0.0.1:64727
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
  • 127.0.0.1:64727
  • 127.0.0.1:64727
  • 8.8.8.8:53
    greenherbalteaonline.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    70 B
    143 B
    1
    1

    DNS Request

    greenherbalteaonline.com

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 224.0.0.251:5353
    224 B
    4
  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    mediadryvers.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    62 B
    135 B
    1
    1

    DNS Request

    mediadryvers.com

  • 8.8.8.8:53
    milkiwals.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    59 B
    132 B
    1
    1

    DNS Request

    milkiwals.com

  • 8.8.8.8:53
    zonedg.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    56 B
    72 B
    1
    1

    DNS Request

    zonedg.com

    DNS Response

    103.224.212.214

  • 8.8.8.8:53
    214.212.224.103.in-addr.arpa
    dns
    74 B
    108 B
    1
    1

    DNS Request

    214.212.224.103.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    maildbaccess.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    62 B
    135 B
    1
    1

    DNS Request

    maildbaccess.com

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    www.google.com
    dns
    31517a026e70dc7b2620892bc48f86cf1ee219bfa0da56802184f4a30fd6b095N.exe
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    172.217.20.164

  • 8.8.8.8:53
    164.20.217.172.in-addr.arpa
    dns
    73 B
    171 B
    1
    1

    DNS Request

    164.20.217.172.in-addr.arpa

  • 8.8.8.8:53
    180.129.81.91.in-addr.arpa
    dns
    72 B
    147 B
    1
    1

    DNS Request

    180.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\C915.BE5

    Filesize

    1KB

    MD5

    307c49262d13e33386fc157b72571ca4

    SHA1

    c0ff90e2942312119bf8e511e58d71ff0f29b8da

    SHA256

    fd739d20683d941173009e1c867dae81f1cc33586341fff900519928e69eed6b

    SHA512

    aeb233baa4bb88a9f5111d4dd0eec781588f8a930d6771daaf089e02ec108f2d71c3ff3eeb1b9e7db0cfc994cb53803e89453b5c47cb16c1525d1a8a8b6dea22

  • C:\Users\Admin\AppData\Roaming\C915.BE5

    Filesize

    897B

    MD5

    9ed8d85c4687b5da8da0adc74049771d

    SHA1

    4a37c7b4aac3167680b688ea7d904c3c9b10543b

    SHA256

    88ed9921bde8746306cfe34512f764e8591905934b1444693f4dc5368f507dc6

    SHA512

    d096693ad2d5058553ee6033595a4baac40a7db3dfef025bf86fa8c5504995f533725a94a759457d0ab2baf11242245725d524f43f6bc29abd5e42e3b6876a4f

  • C:\Users\Admin\AppData\Roaming\C915.BE5

    Filesize

    1KB

    MD5

    633c7ac80a09523c4d52711651025bff

    SHA1

    b8054fa6a035274756c8906895b9d46e77acb4f4

    SHA256

    2a895c528bfc05e56aab02467b891665f2fd03dc17ef59fc83bb6e39b78ecd3a

    SHA512

    afefb23ddb220d7049c8d786d22f2043178c6fd5a60e87f56537fbf17fa7b39af65b5fca8b87e04de8437cc019e2668488458daf966a8e2c9a5deea5631805b2

  • C:\Users\Admin\AppData\Roaming\C915.BE5

    Filesize

    597B

    MD5

    3e8c2045570149b2003e090d0624e200

    SHA1

    f39996dfde1340d76262f6975c72c3dfac773037

    SHA256

    59f8ca440d8b52b33a434db5e5bf90336972afada2ef542bb9704b07dd74c3e7

    SHA512

    ac57465e72bad48fcb262ffb3e8d90a4eae589511950695e653693f71be12275b33b5207165fe61b620d8b611bb73c27ac46e8827df7205c96e1dc491fc694be

  • memory/1344-75-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/1344-74-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2520-19-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2520-72-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2520-1-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2520-184-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2928-18-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2928-17-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

  • memory/2928-16-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.