Overview

overview

10

Static

static

10

08751be484...2d.dll

windows7-x64

10

0a9f79abd4...51.exe

windows7-x64

3

0di3x.exe

windows7-x64

10

2019-09-02...10.exe

windows7-x64

10

2c01b00772...eb.exe

windows7-x64

7

31.exe

windows7-x64

10

3DMark 11 ...on.exe

windows7-x64

3

42f9729255...61.exe

windows7-x64

10

5da0116af4...18.exe

windows7-x64

7

69c56d12ed...6b.exe

windows7-x64

10

905d572f23...50.exe

windows7-x64

10

948340be97...54.exe

windows7-x64

10

95560f1a46...f9.dll

windows7-x64

3

Archive.zi...3e.exe

windows7-x64

8

DiskIntern...en.exe

windows7-x64

3

ForceOp 2....ce.exe

windows7-x64

7

HYDRA.exe

windows7-x64

10

KLwC6vii.exe

windows7-x64

1

Keygen.exe

windows7-x64

10

Lonelyscre...ox.exe

windows7-x64

3

LtHv0O2KZDK4M637.exe

windows7-x64

10

Magic_File...ja.exe

windows7-x64

3

OnlineInstaller.exe

windows7-x64

8

Remouse.Mi...cg.exe

windows7-x64

3

SecuriteIn...dE.exe

windows7-x64

10

SecuriteIn...ee.dll

windows7-x64

10

SecurityTa...up.exe

windows7-x64

4

Treasure.V...ox.exe

windows7-x64

3

VyprVPN.exe

windows7-x64

10

WSHSetup[1].exe

windows7-x64

3

Yard.dll

windows7-x64

10

b2bd3de3e5...2).exe

windows7-x64

10

Resubmissions

20/04/2025, 00:10 UTC

250420-agcc8axyax 10

16/04/2025, 11:04 UTC

250416-m58gsaz1ay 10

15/04/2025, 17:34 UTC

250415-v5ylksypw9 10

15/04/2025, 06:16 UTC

250415-g1p7ras1dw 10

14/04/2025, 08:06 UTC

250414-jzpwpstxhx 10

14/04/2025, 07:59 UTC

250414-jvg1assky4 10

14/04/2025, 07:22 UTC

250414-h7g1dss1h1 10

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2025, 00:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe

  • Size

    372KB

  • MD5

    2c959a0f9af72398f115f839397c3396

  • SHA1

    80b078a6b74a17e6147321f3b3104bf91b4262f2

  • SHA256

    cc0c949be6493aa98619cd591e6b4a0488eef3227b53fbaeac4309fab9efd206

  • SHA512

    511bd3992e5345c7d2b0a728f2f8ce7d18ebbc46ee41afaa4a6e4dfa937c28ca799361d286196b327e01df81981bfbc88b15ca1ad0d49fdaad46436e5735170c

  • SSDEEP

    3072:/drfV7YqW8waq6ciakIC/BwdrZ4P8Y5gla79yQ1yAnYgoFC3Wxl2G7mr3HWJtRIn:FrV7YqW83q6ciH/B6QZn8nTI

Score
10/10
icedidbankerdiscoveryloadertrojan

Malware Config

Extracted

Family

icedid

C2

knockaddress.xyz

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Icedid family
    icedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2540

Network

  • flag-us
    DNS
    support.microsoft.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.microsoft.com
    IN A
    Response
    support.microsoft.com
    IN CNAME
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    IN CNAME
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    IN CNAME
    s-part-0037.t-0009.t-msedge.net
    s-part-0037.t-0009.t-msedge.net
    IN A
    13.107.246.65
  • flag-us
    DNS
    help.twitter.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    help.twitter.com
    IN A
    Response
    help.twitter.com
    IN CNAME
    help.twitter.com.cdn.cloudflare.net
    help.twitter.com.cdn.cloudflare.net
    IN A
    172.64.151.237
    help.twitter.com.cdn.cloudflare.net
    IN A
    104.18.36.19
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
    Response
    support.oracle.com
    IN CNAME
    support.oracle.com.edgekey.net
    support.oracle.com.edgekey.net
    IN CNAME
    e870.x.akamaiedge.net
    e870.x.akamaiedge.net
    IN A
    72.246.149.189
  • flag-us
    DNS
    knockaddress.xyz
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    knockaddress.xyz
    IN A
    Response
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
    Response
    support.apple.com
    IN CNAME
    prod-support.apple-support.akadns.net
    prod-support.apple-support.akadns.net
    IN CNAME
    support-lb.apple-support.akadns.net
    support-lb.apple-support.akadns.net
    IN CNAME
    support.apple.com.edgekey.net
    support.apple.com.edgekey.net
    IN CNAME
    e2063.e9.akamaiedge.net
    e2063.e9.akamaiedge.net
    IN A
    104.78.163.36
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
    Response
    www.intel.com
    IN CNAME
    intel11.cn.edgekey.net
    intel11.cn.edgekey.net
    IN CNAME
    e7842.dsca.akamaiedge.net
    e7842.dsca.akamaiedge.net
    IN A
    23.64.37.96
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
  • flag-us
    DNS
    support.microsoft.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.microsoft.com
    IN A
    Response
    support.microsoft.com
    IN CNAME
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    IN CNAME
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    IN CNAME
    s-part-0037.t-0009.t-msedge.net
    s-part-0037.t-0009.t-msedge.net
    IN A
    13.107.246.65
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
    Response
    support.oracle.com
    IN CNAME
    support.oracle.com.edgekey.net
    support.oracle.com.edgekey.net
    IN CNAME
    e870.x.akamaiedge.net
    e870.x.akamaiedge.net
    IN A
    72.246.149.189
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
    Response
    support.apple.com
    IN CNAME
    prod-support.apple-support.akadns.net
    prod-support.apple-support.akadns.net
    IN CNAME
    support-lb.apple-support.akadns.net
    support-lb.apple-support.akadns.net
    IN CNAME
    support.apple.com.edgekey.net
    support.apple.com.edgekey.net
    IN CNAME
    e2063.e9.akamaiedge.net
    e2063.e9.akamaiedge.net
    IN A
    104.78.163.36
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
    Response
    www.intel.com
    IN CNAME
    intel11.cn.edgekey.net
    intel11.cn.edgekey.net
    IN CNAME
    e7842.dsca.akamaiedge.net
    e7842.dsca.akamaiedge.net
    IN A
    23.64.37.96
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
    Response
    support.oracle.com
    IN CNAME
    support.oracle.com.edgekey.net
    support.oracle.com.edgekey.net
    IN CNAME
    e870.x.akamaiedge.net
    e870.x.akamaiedge.net
    IN A
    72.246.149.189
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    support.apple.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.apple.com
    IN A
  • flag-us
    DNS
    www.intel.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    www.intel.com
    IN A
    Response
    www.intel.com
    IN CNAME
    intel11.cn.edgekey.net
    intel11.cn.edgekey.net
    IN CNAME
    e7842.dsca.akamaiedge.net
    e7842.dsca.akamaiedge.net
    IN A
    23.64.37.96
  • flag-us
    DNS
    support.microsoft.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.microsoft.com
    IN A
    Response
    support.microsoft.com
    IN CNAME
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    emerald-prod-asgth3agbdfbhpgz.b02.azurefd.net
    IN CNAME
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    shed.dual-low.s-part-0037.t-0009.t-msedge.net
    IN CNAME
    s-part-0037.t-0009.t-msedge.net
    s-part-0037.t-0009.t-msedge.net
    IN A
    13.107.246.65
  • flag-us
    DNS
    help.twitter.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    help.twitter.com
    IN A
    Response
    help.twitter.com
    IN CNAME
    help.twitter.com.cdn.cloudflare.net
    help.twitter.com.cdn.cloudflare.net
    IN A
    172.64.151.237
    help.twitter.com.cdn.cloudflare.net
    IN A
    104.18.36.19
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
    Response
    support.oracle.com
    IN CNAME
    support.oracle.com.edgekey.net
    support.oracle.com.edgekey.net
    IN CNAME
    e870.x.akamaiedge.net
    e870.x.akamaiedge.net
    IN A
    72.246.149.189
  • flag-us
    DNS
    support.oracle.com
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    Remote address:
    8.8.8.8:53
    Request
    support.oracle.com
    IN A
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    520 B
     219 B
     6
    5
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    510 B
     219 B
     6
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    352 B
     219 B
     5
    5
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 104.78.163.36:443
    support.apple.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    512 B
     219 B
     6
    5
  • 104.78.163.36:443
    support.apple.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    347 B
     219 B
     5
    5
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    401 B
     179 B
     6
    4
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    402 B
     219 B
     6
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    334 B
     219 B
     6
    5
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    450 B
     271 B
     7
    6
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 104.78.163.36:443
    support.apple.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    351 B
     219 B
     5
    5
  • 104.78.163.36:443
    support.apple.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    347 B
     219 B
     5
    5
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    438 B
     271 B
     7
    6
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    658 B
     219 B
     9
    5
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    386 B
     219 B
     7
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    402 B
     219 B
     6
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    386 B
     219 B
     6
    5
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    352 B
     219 B
     5
    5
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     179 B
     5
    4
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    347 B
     219 B
     5
    5
  • 23.64.37.96:443
    www.intel.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    722 B
     323 B
     10
    7
  • 13.107.246.65:443
    support.microsoft.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    288 B
     219 B
     5
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    350 B
     219 B
     5
    5
  • 172.64.151.237:443
    help.twitter.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    380 B
     259 B
     7
    6
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    444 B
     259 B
     7
    6
  • 72.246.149.189:443
    support.oracle.com
    tls
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    490 B
     271 B
     8
    6
  • 8.8.8.8:53
    support.microsoft.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    67 B
     212 B
     1
    1

    DNS Request

    support.microsoft.com

    DNS Response

    13.107.246.65

  • 8.8.8.8:53
    help.twitter.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    62 B
     143 B
     1
    1

    DNS Request

    help.twitter.com

    DNS Response

    172.64.151.237
    104.18.36.19

  • 8.8.8.8:53
    support.oracle.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    64 B
     156 B
     1
    1

    DNS Request

    support.oracle.com

    DNS Response

    72.246.149.189

  • 8.8.8.8:53
    knockaddress.xyz
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    62 B
     127 B
     1
    1

    DNS Request

    knockaddress.xyz

  • 8.8.8.8:53
    support.apple.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    63 B
     229 B
     1
    1

    DNS Request

    support.apple.com

    DNS Response

    104.78.163.36

  • 8.8.8.8:53
    www.intel.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    236 B
     147 B
     4
    1

    DNS Request

    www.intel.com

    DNS Request

    www.intel.com

    DNS Request

    www.intel.com

    DNS Request

    www.intel.com

    DNS Response

    23.64.37.96

  • 8.8.8.8:53
    support.microsoft.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    67 B
     212 B
     1
    1

    DNS Request

    support.microsoft.com

    DNS Response

    13.107.246.65

  • 8.8.8.8:53
    support.oracle.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    128 B
     156 B
     2
    1

    DNS Request

    support.oracle.com

    DNS Request

    support.oracle.com

    DNS Response

    72.246.149.189

  • 8.8.8.8:53
    support.apple.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    126 B
     229 B
     2
    1

    DNS Request

    support.apple.com

    DNS Request

    support.apple.com

    DNS Response

    104.78.163.36

  • 8.8.8.8:53
    www.intel.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    59 B
     147 B
     1
    1

    DNS Request

    www.intel.com

    DNS Response

    23.64.37.96

  • 8.8.8.8:53
    support.oracle.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    128 B
     156 B
     2
    1

    DNS Request

    support.oracle.com

    DNS Request

    support.oracle.com

    DNS Response

    72.246.149.189

  • 8.8.8.8:53
    support.apple.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    315 B
     5

    DNS Request

    support.apple.com

    DNS Request

    support.apple.com

    DNS Request

    support.apple.com

    DNS Request

    support.apple.com

    DNS Request

    support.apple.com

  • 8.8.8.8:53
    www.intel.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    59 B
     147 B
     1
    1

    DNS Request

    www.intel.com

    DNS Response

    23.64.37.96

  • 8.8.8.8:53
    support.microsoft.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    67 B
     212 B
     1
    1

    DNS Request

    support.microsoft.com

    DNS Response

    13.107.246.65

  • 8.8.8.8:53
    help.twitter.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    62 B
     143 B
     1
    1

    DNS Request

    help.twitter.com

    DNS Response

    172.64.151.237
    104.18.36.19

  • 8.8.8.8:53
    support.oracle.com
    dns
    SecuriteInfo.com.Gen.NN.ZexaF.34108.xy1@amqiedE.exe
    128 B
     156 B
     2
    1

    DNS Request

    support.oracle.com

    DNS Request

    support.oracle.com

    DNS Response

    72.246.149.189

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2540-0-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2540-3-0x00000000003B0000-0x00000000003B3000-memory.dmp

    Filesize

    12KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.