Overview

overview

10

Static

static

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...nt.exe

windows7-x64

10

bazaar.202...nt.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

bazaar.202...fa.exe

windows7-x64

10

bazaar.202...fa.exe

windows10-2004-x64

10

Resubmissions

03/02/2025, 21:57 UTC

250203-1t5hmsvmat 10

03/02/2025, 04:37 UTC

250203-e896saslgn 10

31/01/2025, 18:35 UTC

250131-w8gmxatmc1 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/01/2025, 18:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bazaar.2020.02/Trojan.MSIL.Agent.exe

  • Size

    203KB

  • MD5

    cc214d61ebb2b63d738e64cba831722e

  • SHA1

    0387a2073cab7fbd99cd9c9c951b9afa6ba1097c

  • SHA256

    0737463d0ed8addd2c9adf17c3289e48ea012750b5f826da5b33da8408341e3c

  • SHA512

    cdacc8971faceb69097b9a2053e059d061c65bad0c7e4141e8f0a6cadf740bd5537afc9f17e38be5e1eed60566b9fa6542dd1b3ead834ab16f23111060db684f

  • SSDEEP

    3072:szEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIm1b8Wd2H2hdHZVLdkj3:sLV6Bta6dtJmakIM5tfTzHTLaj3

Score
10/10
nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\Trojan.MSIL.Agent.exe
    "C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\Trojan.MSIL.Agent.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /create /f /tn "SMTP Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp6254.tmp"
      2⤵
      • System Location Discovery: System Language Discovery
      • Scheduled Task/Job: Scheduled Task
      PID:1140
    • C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /create /f /tn "SMTP Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp62B2.tmp"
      2⤵
      • System Location Discovery: System Language Discovery
      • Scheduled Task/Job: Scheduled Task
      PID:2136

Network

  • flag-us
    DNS
    128.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    128.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.153.16.2.in-addr.arpa
    IN PTR
    Response
    11.153.16.2.in-addr.arpa
    IN PTR
    a2-16-153-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    70.252.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    70.252.19.2.in-addr.arpa
    IN PTR
    Response
    70.252.19.2.in-addr.arpa
    IN PTR
    a2-19-252-70deploystaticakamaitechnologiescom
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.4.4:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    uniformmm.ddns.net
    Trojan.MSIL.Agent.exe
    Remote address:
    8.8.8.8:53
    Request
    uniformmm.ddns.net
    IN A
    Response
  • flag-us
    DNS
    28.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.73.42.20.in-addr.arpa
    IN PTR
    Response
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 127.0.0.1:1543
    Trojan.MSIL.Agent.exe
  • 8.8.8.8:53
    128.31.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    128.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    11.153.16.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    11.153.16.2.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    4.4.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    70.252.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    70.252.19.2.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    256 B
     124 B
     4
    1

    DNS Request

    uniformmm.ddns.net

    DNS Request

    uniformmm.ddns.net

    DNS Request

    uniformmm.ddns.net

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    128 B
     124 B
     2
    1

    DNS Request

    uniformmm.ddns.net

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.4.4:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    uniformmm.ddns.net
    dns
    Trojan.MSIL.Agent.exe
    64 B
     124 B
     1
    1

    DNS Request

    uniformmm.ddns.net

  • 8.8.8.8:53
    28.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    28.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp6254.tmp
    Filesize

    1KB

    MD5

    6d99895bd5066d9af389889bb39d0e07

    SHA1

    b2a9f4bf5aa2a4c9644cc963997979d6d42b9b8f

    SHA256

    0cc25103bb7a5cb0b4acd8e1a9d1976705706c46b4b4c13076befaf20c7fa347

    SHA512

    aa521d9d6ab6d59294eb319c6c369c0a0fd5227f1206b5a309e1cf06f5b4e3502acbdb9320aceb0643e0f04a91cf93291c069fb1e873cfd888f0e11f22e0af4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp62B2.tmp
    Filesize

    1KB

    MD5

    1129270510286b9e8bae6dc678757352

    SHA1

    f8f3af28a182023adb3efaaa79d034f399ec16d3

    SHA256

    6fe1bdf3d1dedec102ac61b47fff909c53e0df8903098c52f3843b1e11a2d863

    SHA512

    cec6863e4d3a431668cb2aa2fd6bbd032a3e1cc61698fcd9fe952fcffc6ebda0a87ead9090767365a473c143c8b32fd269a4af03454d0f34858252c4b767844f

    Download Submit

  • memory/4756-0-0x00000000748F2000-0x00000000748F3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4756-1-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4756-2-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4756-10-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4756-11-0x00000000748F2000-0x00000000748F3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4756-12-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4756-13-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4756-14-0x00000000748F0000-0x0000000074EA1000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.