2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13/02/2025, 01:26 UTC

250213-btppra1pcz 10

17/01/2025, 20:14 UTC

250117-yz7h3s1qfw 10

17/01/2025, 20:12 UTC

250117-yy9l2sslcr 10

17/01/2025, 17:25 UTC

250117-vy9p9sxpez 10

17/01/2025, 17:21 UTC

250117-vw8eesyjfp 10

17/01/2025, 14:16 UTC

250117-rk9ass1rhk 10

17/01/2025, 14:12 UTC

250117-rhv1ds1lds 10

16/01/2025, 12:52 UTC

250116-p4et7a1mez 10

Analysis

max time kernel
879s
max time network
887s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 12:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.bat
Size

9KB
MD5

bbae81b88416d8fba76dd3145a831d19
SHA1

42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
SHA256

5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
SHA512

f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
SSDEEP

192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1988	MEMZ.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
4880	msedge.exe
4880	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
5880	msedge.exe
5880	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 728	2400	cmd.exe	78
PID 2400 wrote to memory of 728	2400	cmd.exe	78
PID 2400 wrote to memory of 1988	2400	cmd.exe	79
PID 2400 wrote to memory of 1988	2400	cmd.exe	79
PID 2400 wrote to memory of 1988	2400	cmd.exe	79
PID 1988 wrote to memory of 4880	1988	MEMZ.exe	80
PID 1988 wrote to memory of 4880	1988	MEMZ.exe	80
PID 4880 wrote to memory of 4744	4880	msedge.exe	81
PID 4880 wrote to memory of 4744	4880	msedge.exe	81
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 2780	4880	msedge.exe	82
PID 4880 wrote to memory of 464	4880	msedge.exe	83
PID 4880 wrote to memory of 464	4880	msedge.exe	83
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84
PID 4880 wrote to memory of 5108	4880	msedge.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:728
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff924a13cb8,0x7ff924a13cc8,0x7ff924a13cd8
      4⤵
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
      4⤵
      PID:2780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
      4⤵
      PID:5108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      PID:5796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
      4⤵
      PID:2884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
      4⤵
      PID:884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:4684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,12871147251890464145,17966422605152367084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3336 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

Network

DNS

google.co.ck

msedge.exe

Remote address:

8.8.8.8:53

Request

google.co.ck

IN A

Response

google.co.ck

IN A

142.250.187.196
DNS

google.co.ck

msedge.exe

Remote address:

8.8.8.8:53

Request

google.co.ck

IN A

Response

google.co.ck

IN A

142.250.187.196
DNS

login.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.akadns.net

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.4

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.23

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.71

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.0

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.64

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.2

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.31.71

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.31.67
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

cac-ocsp.digicert.com.edgekey.net

cac-ocsp.digicert.com.edgekey.net

IN CNAME

e3913.cd.akamaiedge.net

e3913.cd.akamaiedge.net

IN A

2.22.98.7
DNS

support.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

support.google.com

IN A

Response

support.google.com

IN A

216.58.213.14
DNS

8.8.8.8.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

fonts.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

142.250.180.3
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.214.172

bg.microsoft.map.fastly.net

IN A

199.232.210.172
GET

http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

msedge.exe

Remote address:

142.250.187.196:80

Request

GET /search?q=facebook+hacking+tool+free+download+no+virus+working+2016 HTTP/1.1
Host: google.co.ck
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dfacebook%2Bhacking%2Btool%2Bfree%2Bdownload%2Bno%2Bvirus%2Bworking%2B2016&q=EgS117BTGK-IpLwGIjCNsHHNiEbM6LOSJl1Zz_lqtFBbvCJJX2p_u28BMd_sr3l2FoE6OqCNRAH_68Gd5FgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIr4ikvAYQ7rHt9AISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce--wsTHYKAhmGK40OM8vbXAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/web
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]}
Permissions-Policy: unload=()
Date: Thu, 16 Jan 2025 13:05:51 GMT
Server: gws
Content-Length: 480
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-UrYcfXo8iFaOijkz0QheHMmWovDpXKiZ1f9-XCWnrhQLI2QNHfiQ; expires=Tue, 15-Jul-2025 13:05:51 GMT; path=/; domain=.google.co.ck; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dfacebook%2Bhacking%2Btool%2Bfree%2Bdownload%2Bno%2Bvirus%2Bworking%2B2016&q=EgS117BTGK-IpLwGIjCNsHHNiEbM6LOSJl1Zz_lqtFBbvCJJX2p_u28BMd_sr3l2FoE6OqCNRAH_68Gd5FgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

msedge.exe

Remote address:

142.250.187.196:80

Request

GET /sorry/index?continue=http://google.co.ck/search%3Fq%3Dfacebook%2Bhacking%2Btool%2Bfree%2Bdownload%2Bno%2Bvirus%2Bworking%2B2016&q=EgS117BTGK-IpLwGIjCNsHHNiEbM6LOSJl1Zz_lqtFBbvCJJX2p_u28BMd_sr3l2FoE6OqCNRAH_68Gd5FgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Host: www.google.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 429 Too Many Requests

Date: Thu, 16 Jan 2025 13:05:51 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3267
X-XSS-Protection: 0
GET

http://www.google.com/favicon.ico

msedge.exe

Remote address:

142.250.187.196:80

Request

GET /favicon.ico HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dfacebook%2Bhacking%2Btool%2Bfree%2Bdownload%2Bno%2Bvirus%2Bworking%2B2016&q=EgS117BTGK-IpLwGIjCNsHHNiEbM6LOSJl1Zz_lqtFBbvCJJX2p_u28BMd_sr3l2FoE6OqCNRAH_68Gd5FgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1494
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 13 Jan 2025 13:10:39 GMT
Expires: Tue, 21 Jan 2025 13:10:39 GMT
Cache-Control: public, max-age=691200
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
Content-Type: image/x-icon
Vary: Accept-Encoding
Age: 258914
GET

https://www.google.com/recaptcha/api.js

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: http://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&s=T0bF_4LFO9luPz1WtGVT5EYwT5r26H3NM1AiTUAt9N-3TChAtMPISPNbuClkM0EEgdGJ0DBId36QnRhK3xydSJGr2rlUpbvKMXCcxMoNFq4919rvYHH46iC2oaFNj3CFufm9M69mYdMfilFAKYpWYMGQU-CDt4wCbSODDHREH4cmqrgPCNaQiwJkv_0jvPpcY3DSQRkFqVvWos46120CPcQmbB5RqqM6EMlfSc64FqZ8vlCA2CKFfcLcGTbbWVNqMHeU0dPDkmTYeNNtaq5R_GqWC3ke31o&cb=bepymng56lzu

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&s=T0bF_4LFO9luPz1WtGVT5EYwT5r26H3NM1AiTUAt9N-3TChAtMPISPNbuClkM0EEgdGJ0DBId36QnRhK3xydSJGr2rlUpbvKMXCcxMoNFq4919rvYHH46iC2oaFNj3CFufm9M69mYdMfilFAKYpWYMGQU-CDt4wCbSODDHREH4cmqrgPCNaQiwJkv_0jvPpcY3DSQRkFqVvWos46120CPcQmbB5RqqM6EMlfSc64FqZ8vlCA2CKFfcLcGTbbWVNqMHeU0dPDkmTYeNNtaq5R_GqWC3ke31o&cb=bepymng56lzu HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.13
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response
DNS

7.98.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.98.22.2.in-addr.arpa

IN PTR

Response

7.98.22.2.in-addr.arpa

IN PTR

a2-22-98-7deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

ocsp.digicert.com

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

cac-ocsp.digicert.com.edgekey.net

cac-ocsp.digicert.com.edgekey.net

IN CNAME

e3913.cd.akamaiedge.net

e3913.cd.akamaiedge.net

IN A

2.22.98.7

142.250.187.196:80

www.google.com

msedge.exe

420 B
392 B
9
8
142.250.187.196:80

http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

http

msedge.exe

1.0kB
2.1kB
11
11

HTTP Request

GET http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

HTTP Response

302
142.250.187.196:80

http://www.google.com/favicon.ico

http

msedge.exe

2.0kB
6.3kB
14
14

HTTP Request

GET http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dfacebook%2Bhacking%2Btool%2Bfree%2Bdownload%2Bno%2Bvirus%2Bworking%2B2016&q=EgS117BTGK-IpLwGIjCNsHHNiEbM6LOSJl1Zz_lqtFBbvCJJX2p_u28BMd_sr3l2FoE6OqCNRAH_68Gd5FgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429

HTTP Request

GET http://www.google.com/favicon.ico

HTTP Response

200
142.250.187.196:443

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&s=T0bF_4LFO9luPz1WtGVT5EYwT5r26H3NM1AiTUAt9N-3TChAtMPISPNbuClkM0EEgdGJ0DBId36QnRhK3xydSJGr2rlUpbvKMXCcxMoNFq4919rvYHH46iC2oaFNj3CFufm9M69mYdMfilFAKYpWYMGQU-CDt4wCbSODDHREH4cmqrgPCNaQiwJkv_0jvPpcY3DSQRkFqVvWos46120CPcQmbB5RqqM6EMlfSc64FqZ8vlCA2CKFfcLcGTbbWVNqMHeU0dPDkmTYeNNtaq5R_GqWC3ke31o&cb=bepymng56lzu

tls, http2

msedge.exe

3.2kB
40.1kB
34
50

HTTP Request

GET https://www.google.com/recaptcha/api.js

HTTP Request

GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&s=T0bF_4LFO9luPz1WtGVT5EYwT5r26H3NM1AiTUAt9N-3TChAtMPISPNbuClkM0EEgdGJ0DBId36QnRhK3xydSJGr2rlUpbvKMXCcxMoNFq4919rvYHH46iC2oaFNj3CFufm9M69mYdMfilFAKYpWYMGQU-CDt4wCbSODDHREH4cmqrgPCNaQiwJkv_0jvPpcY3DSQRkFqVvWos46120CPcQmbB5RqqM6EMlfSc64FqZ8vlCA2CKFfcLcGTbbWVNqMHeU0dPDkmTYeNNtaq5R_GqWC3ke31o&cb=bepymng56lzu

8.8.8.8:53

google.co.ck

dns

msedge.exe

501 B
1.2kB
8
8

DNS Request

google.co.ck

DNS Response

142.250.187.196

DNS Request

google.co.ck

DNS Response

142.250.187.196

DNS Request

login.live.com

DNS Response

20.190.159.4

20.190.159.23

20.190.159.71

20.190.159.0

20.190.159.64

20.190.159.2

40.126.31.71

40.126.31.67

DNS Request

ocsp.digicert.com

DNS Response

2.22.98.7

DNS Request

support.google.com

DNS Response

216.58.213.14

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

142.250.180.3

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.214.172

199.232.210.172
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

217 B
395 B
3
3

DNS Request

4.159.190.20.in-addr.arpa

DNS Request

3.180.250.142.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

222 B
415 B
3
3

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.13

DNS Request

66.112.168.52.in-addr.arpa
8.8.8.8:53

7.98.22.2.in-addr.arpa

dns

203 B
471 B
3
3

DNS Request

7.98.22.2.in-addr.arpa

DNS Request

13.227.111.52.in-addr.arpa

DNS Request

ocsp.digicert.com

DNS Response

2.22.98.7
142.250.187.196:443

www.google.com

https

msedge.exe

5.0kB
18.3kB
20
24
224.0.0.251:5353

525 B
8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
38502e6c5d8f0b1f859cdfa3379d9917

SHA1
3b5f75eab28ed05bf3beeea46184cf205b13db40

SHA256
2ceea795cfc0de75ebed5f07e7e55babfbd433deee3d6dfe5b4569b60fba8a42

SHA512
fee4d3599764aee0fbef6a8809664d922170092c7df3f91888315bb1b22c3ea6b32656d84357c73efc674a29f27b679efbcd250de2b797de6787a7fdecdeaa59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
574470fdd893b5aef8f4720dfdde9203

SHA1
27a8f124d6d19f51232fba6898bd0d5a79c78edc

SHA256
467cd73721c78ce12adbd17bf62ccd48f890e7a740f5cc440346ac3d1598b205

SHA512
f312473b4b4f384f4efc558be56a790a1694bd0d15aa4b232c7fa27aade3f2efaf92c10d877d27dc610802184e17fa9a47149e162541cf9cb1bbd10e9b3c93ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30167e6075432c9d349b5b0b51a34085

SHA1
79dd31cebc112c31c00f06f5e78deed16ed4e487

SHA256
bf5b7c6a1069a774f610783b2b2ce69544cec70be137c6387d3a531d1c07bd95

SHA512
e6bbf1654afa657eb4cb2995a047259bf46559eb44d13a0c4fc46480ab6a598e2cded790729c5684841766e85216f2f744725524c6353723b4bb05b2994415f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c75cbe20-7565-4dd6-bc8b-7aafa6597cab.tmp

Filesize
814B

MD5
abd548cb2d3fa87ffaed1e42ac397ea3

SHA1
a40a540e67509742b9cc7b09bf77ff2b2e885123

SHA256
c30a6e0aa87c4c3d897d40c786d27e31729131ed35aeb7dfbffb310625b19269

SHA512
96617ff1e489499141f17fdd8652dea8bc009765df5920eda12a209d5bf330484690e3d2633b3f59a19a51ab93f327fd48d228d1a94a719f1526a33b5e3d0818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
67ea8971293c423d0886a89a8c451ad2

SHA1
d0379581d7ed63001e91cea645710f7fd32f7ab0

SHA256
93ab226e170ee017506f5ab0d08ad8c458dd5f547ea7d2c23bc60545db344cb9

SHA512
feca1ca8823669e70d582b059ca45ca74d799dc418b64ea8b0250b99de950a72a8ef75c5b8a4506e39680ec1f9b3697025ae76f5bfbc19a37f91ef57c20949ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
47025922e91d4acf4a171f01a35215aa

SHA1
729054a8014d3ede226817e258b61a1c8f69db57

SHA256
b9375e245e62d5ec657c2e62853833eef48a245482e3dc4461a2fb9c4f210e9f

SHA512
1982b90933aa5dcd7f7b5d79e520247f54cdd48e5b517d60f819e30a8813d992f654708d51cd5c53289f10015798baa7fd1a902c5ec3fa8c203259c54dd923be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.