Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

abd59ce3d5...7b.exe

windows7-x64

10

abd59ce3d5...7b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2025, 10:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe

  • Size

    125KB

  • MD5

    50dbc6538fa3c20d32d9394371cd4ed4

  • SHA1

    733cc54a136e40003dec8ce05d6772e0076519b3

  • SHA256

    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b

  • SHA512

    b22530276e829b70a932abb9ef9b58e5542755147cfff5f889d7bceedf8807c3cad852fd68e360c817f74528090c424e13b6b1b2c9d1817e92b863bb04e270f6

  • SSDEEP

    3072:8rFMrpkj8RLr+PCRUqsMlKaFZ5KrCgb0Nlil:8pikjqnlE0Fql

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://onecable.ca/forum/viewtopic.php

http://onlyidea.com/forum/viewtopic.php

http://originalpizzaplus.ca/forum/viewtopic.php

http://originalpizzaplus.com/forum/viewtopic.php
Attributes
  • payload_url

    http://plugwise.gr/7ViY.exe

    http://fmax.in.th/36Bu09XG.exe

    http://chuck.fanzoom.net/Hg0A.exe

    http://iworld.cd/tCb.exe

Signatures

  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    "C:\Users\Admin\AppData\Local\Temp\abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe"
    1⤵
    • Accesses Microsoft Outlook accounts
    • Accesses Microsoft Outlook profiles
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • outlook_win_path
    PID:1144

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    onecable.ca
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    8.8.8.8:53
    Request
    onecable.ca
    IN A
    Response
    onecable.ca
    IN A
    3.33.130.190
    onecable.ca
    IN A
    15.197.148.33
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    190.130.33.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    190.130.33.3.in-addr.arpa
    IN PTR
    Response
    190.130.33.3.in-addr.arpa
    IN PTR
    a2aa9ff50de748dbeawsglobalacceleratorcom
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://onecable.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.130.190:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onecable.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    onlyidea.com
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    8.8.8.8:53
    Request
    onlyidea.com
    IN A
    Response
    onlyidea.com
    IN A
    3.33.251.168
    onlyidea.com
    IN A
    15.197.225.128
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:13 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    DNS
    168.251.33.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.251.33.3.in-addr.arpa
    IN PTR
    Response
    168.251.33.3.in-addr.arpa
    IN PTR
    aec037177372cc6cdawsglobalacceleratorcom
  • flag-us
    DNS
    85.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:18 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:23 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:28 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:34 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:39 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:44 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:49 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:54 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:11:59 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    POST
    http://onlyidea.com/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.251.168:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: onlyidea.com
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:12:05 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    DNS
    originalpizzaplus.ca
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    8.8.8.8:53
    Request
    originalpizzaplus.ca
    IN A
    Response
    originalpizzaplus.ca
    IN A
    3.33.152.147
    originalpizzaplus.ca
    IN A
    15.197.142.173
  • flag-us
    POST
    http://originalpizzaplus.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.152.147:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: originalpizzaplus.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:12:05 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • flag-us
    DNS
    147.152.33.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.152.33.3.in-addr.arpa
    IN PTR
    Response
    147.152.33.3.in-addr.arpa
    IN PTR
    a4ec4c6ea1c92e2e6awsglobalacceleratorcom
  • flag-us
    POST
    http://originalpizzaplus.ca/forum/viewtopic.php
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    Remote address:
    3.33.152.147:80
    Request
    POST /forum/viewtopic.php HTTP/1.0
    Host: originalpizzaplus.ca
    Accept: */*
    Accept-Encoding: identity, *;q=0
    Accept-Language: en-US
    Content-Length: 183
    Content-Type: application/octet-stream
    Connection: close
    Content-Encoding: binary
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Response
    HTTP/1.1 405 Not Allowed
    Server: awselb/2.0
    Date: Wed, 08 Jan 2025 10:12:10 GMT
    Content-Length: 0
    Connection: close
    WAFRule: 0
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.130.190:80
    http://onecable.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    897 B
     365 B
     7
    7

    HTTP Request

    POST http://onecable.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.251.168:80
    http://onlyidea.com/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    898 B
     427 B
     7
    7

    HTTP Request

    POST http://onlyidea.com/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.152.147:80
    http://originalpizzaplus.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    906 B
     427 B
     7
    7

    HTTP Request

    POST http://originalpizzaplus.ca/forum/viewtopic.php

    HTTP Response

    405
  • 3.33.152.147:80
    http://originalpizzaplus.ca/forum/viewtopic.php
    http
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    906 B
     427 B
     7
    7

    HTTP Request

    POST http://originalpizzaplus.ca/forum/viewtopic.php

    HTTP Response

    405
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    onecable.ca
    dns
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    57 B
     89 B
     1
    1

    DNS Request

    onecable.ca

    DNS Response

    3.33.130.190
    15.197.148.33

  • 8.8.8.8:53
    190.130.33.3.in-addr.arpa
    dns
    71 B
     127 B
     1
    1

    DNS Request

    190.130.33.3.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    onlyidea.com
    dns
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    58 B
     90 B
     1
    1

    DNS Request

    onlyidea.com

    DNS Response

    3.33.251.168
    15.197.225.128

  • 8.8.8.8:53
    168.251.33.3.in-addr.arpa
    dns
    71 B
     127 B
     1
    1

    DNS Request

    168.251.33.3.in-addr.arpa

  • 8.8.8.8:53
    85.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    85.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    originalpizzaplus.ca
    dns
    abd59ce3d595f5350054d941b82ed981f1db9cc7c3745313c57b277959114b7b.exe
    66 B
     98 B
     1
    1

    DNS Request

    originalpizzaplus.ca

    DNS Response

    3.33.152.147
    15.197.142.173

  • 8.8.8.8:53
    147.152.33.3.in-addr.arpa
    dns
    71 B
     127 B
     1
    1

    DNS Request

    147.152.33.3.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-0-0x00000000007E0000-0x00000000007E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-1-0x0000000000A40000-0x0000000000A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-2-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1144-3-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1144-4-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.