Overview

overview

10

Static

static

3

978bb9796b...2d.exe

windows7-x64

10

978bb9796b...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2025, 07:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    978bb9796b07766b43b78758b8bc31fef1d7bda18941c21ffe4371ff21814f2d.exe

  • Size

    78KB

  • MD5

    832f10834d64a76954d12175be83ba7c

  • SHA1

    4139efe1c43da2cfbc667a863b5de9aebd258716

  • SHA256

    978bb9796b07766b43b78758b8bc31fef1d7bda18941c21ffe4371ff21814f2d

  • SHA512

    24f4b97e07bed9567ccf7582838c46b459ea5b5a26e24a42ea6d24fa952bedc090479ebdada021e91e8d33a9426dacfa385e750f440e9f2f0002190dc8d927b9

  • SSDEEP

    1536:VStHFo6rdELT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQtL29/KKi:VStHFo8dSE2EwR4uY41HyvYL29/Q

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Signatures

  • MetamorpherRAT

    Metamorpherrat is a hacking tool that has been around for a while since 2013.

    trojanratstealermetamorpherrat
  • Metamorpherrat family
    metamorpherrat
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\978bb9796b07766b43b78758b8bc31fef1d7bda18941c21ffe4371ff21814f2d.exe
    "C:\Users\Admin\AppData\Local\Temp\978bb9796b07766b43b78758b8bc31fef1d7bda18941c21ffe4371ff21814f2d.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ysj88f8p.cmdline"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1440
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD1C1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD1C0.tmp"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2396
    • C:\Users\Admin\AppData\Local\Temp\tmpD0E6.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmpD0E6.tmp.exe" C:\Users\Admin\AppData\Local\Temp\978bb9796b07766b43b78758b8bc31fef1d7bda18941c21ffe4371ff21814f2d.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2652

Network

  • flag-us
    DNS
    bejnz.com
    tmpD0E6.tmp.exe
    Remote address:
    8.8.8.8:53
    Request
    bejnz.com
    IN A
    Response
    bejnz.com
    IN A
    44.221.84.105
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:45 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=efe7c41790e292b773970dfa6ca9d170|212.102.63.147|1741245885|1741245885|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    DNS
    rwkeith.no-ip.org
    tmpD0E6.tmp.exe
    Remote address:
    8.8.8.8:53
    Request
    rwkeith.no-ip.org
    IN A
    Response
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:47 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=e33b03156a1bd01dfd611a6a3a6f1a15|212.102.63.147|1741245887|1741245887|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:49 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=7509ffb07c983c3c4c208f8bd518fc9e|212.102.63.147|1741245889|1741245889|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:50 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=a0588c929781a78d5bdbe9a8d37e65dd|212.102.63.147|1741245890|1741245890|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:51 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=981f9b9b8a7090574c90526cae562210|212.102.63.147|1741245891|1741245891|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:52 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=1ca7736a9a1b6c4001603d2abcd4fc87|212.102.63.147|1741245892|1741245892|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:54 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=8869d777767d42c3151d8172f01b90f2|212.102.63.147|1741245894|1741245894|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:55 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=00b43ede17feb5d6218649a40a3a3dd1|212.102.63.147|1741245895|1741245895|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:56 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=6ed189f730aa4a4b1021c35f936b1126|212.102.63.147|1741245896|1741245896|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:58 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=05207d04a7499519c2af83680b53774b|212.102.63.147|1741245898|1741245898|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:24:59 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=ca4fa9e4ea98cf17673d90d545b645df|212.102.63.147|1741245899|1741245899|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:00 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=e49725b606e73a6bb5e5e0dfbf603aa7|212.102.63.147|1741245900|1741245900|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:01 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=125435edd16d1c0af10546deba888947|212.102.63.147|1741245901|1741245901|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:03 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=903dd5c422df4eb7f55e94f46fe2074d|212.102.63.147|1741245903|1741245903|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:04 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=4483e89b3903b99aa5296abf29fe73f9|212.102.63.147|1741245904|1741245904|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:05 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=66a1be7b9fd66b11a0a4b9491cfa8b4e|212.102.63.147|1741245905|1741245905|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:06 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=2d28e7c53491e4c1732f79047e769d3d|212.102.63.147|1741245906|1741245906|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:08 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=96c7b844899d14c693fe2818d4c118f8|212.102.63.147|1741245908|1741245908|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:09 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=57f3be43084604d18e07eebe790ead48|212.102.63.147|1741245909|1741245909|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:10 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=1f55a34d6b4da1908afaea10788f37a8|212.102.63.147|1741245910|1741245910|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://bejnz.com/IP.php
    tmpD0E6.tmp.exe
    Remote address:
    44.221.84.105:80
    Request
    GET /IP.php HTTP/1.1
    Host: bejnz.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 06 Mar 2025 07:25:12 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=f50a84c4e7cfd16dd43b3d886763592a|212.102.63.147|1741245912|1741245912|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=212.102.63.147; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    295 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    398 B
     637 B
     7
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     617 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     617 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     617 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     617 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     625 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     617 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     617 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    317 B
     625 B
     6
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    http://bejnz.com/IP.php
    http
    tmpD0E6.tmp.exe
    271 B
     617 B
     5
    5

    HTTP Request

    GET http://bejnz.com/IP.php

    HTTP Response

    200
  • 44.221.84.105:80
    bejnz.com
    tmpD0E6.tmp.exe
    304 B
     6
  • 44.221.84.105:80
    bejnz.com
    tmpD0E6.tmp.exe
    152 B
     3
  • 44.221.84.105:80
    bejnz.com
    tmpD0E6.tmp.exe
    152 B
     3
  • 44.221.84.105:80
    bejnz.com
    tmpD0E6.tmp.exe
    152 B
     3
  • 44.221.84.105:80
    bejnz.com
    tmpD0E6.tmp.exe
    104 B
     2
  • 8.8.8.8:53
    bejnz.com
    dns
    tmpD0E6.tmp.exe
    55 B
     71 B
     1
    1

    DNS Request

    bejnz.com

    DNS Response

    44.221.84.105

  • 8.8.8.8:53
    rwkeith.no-ip.org
    dns
    tmpD0E6.tmp.exe
    63 B
     123 B
     1
    1

    DNS Request

    rwkeith.no-ip.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RESD1C1.tmp
    Filesize

    1KB

    MD5

    0c6c79fad8d12e04a6600d16efad7c8d

    SHA1

    cf4919d0c36334d770216825960d39b7ebe1a2d8

    SHA256

    dfeebfb703d8f06e16c528f255b926a07f372d5390cc58d577e7e9ea352cd6fc

    SHA512

    baca359e6512120362a4a317d1546d5ebbf3e10e0c1629c230073b165510010f9a5760086651b1269b134e786a61e6de8092e63b12ba308066ff8c8a19bd785d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmpD0E6.tmp.exe
    Filesize

    78KB

    MD5

    4219126d77b8e7489a983f5cf6f33b78

    SHA1

    2f959f019e35fe8af9def956a6dfce616946ebcd

    SHA256

    441930c97fa5be57a0c2f153ee2d0f2dcb3fe1616e4f81e346d78b3657e49c30

    SHA512

    be6c3406353a77b0e049cf96cae0d29b8d67f12a2a69ca519e69f222ca3d4695ab0570eab5953767148f6e3775ad4f17eab38f091e8905399e52e096d4765dc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vbcD1C0.tmp
    Filesize

    660B

    MD5

    01eb55a7814580db239f3b1e11c16771

    SHA1

    958aa48701b8d86997a5327768a0b65477debf6e

    SHA256

    73224052e08b6665b33ead0bde046d3d2ef03793802586bf3a583614d9ac919a

    SHA512

    e976a785987bda4e23dcafe2ad3c168ceab98b608e9f4c0b85e0ef23afbb9981023bb3dccce4325ab944cba77908dd0534f76a05a522a7001978a9e3d206e3a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ysj88f8p.0.vb
    Filesize

    15KB

    MD5

    f7b13c4e272a8628574a02847536caea

    SHA1

    683bf4a6692ee140aef3081bd1ec9ad371c855aa

    SHA256

    ddd06dcede3835de433030125d0165c7311659e0f187a4e7f02663dcfb874312

    SHA512

    97f38e0fd8b46f210ce130e145dd7bd83dce69409656c802a901a4af4b499d268660ec9007e633f4b1dd4f731cf7a66ef5edd89c80bc564846efcecd657a65f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ysj88f8p.cmdline
    Filesize

    266B

    MD5

    9cae1e527d03e1f108581602b128b049

    SHA1

    4198ee0d2f373ad7696fccf705effed1ffa642a0

    SHA256

    ba1c5f1f30378a641227f7db23b33379ce3f5dac8e857ebe671d3e899fa1048f

    SHA512

    5ae92ee850da1cfe655a843874e371ada132f2de7a2776993dd10221fb9899cff3a1d7535366f24b2ceee54e774ea4787aecec349b2de07d2cc28e09f753f9a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zCom.resources
    Filesize

    62KB

    MD5

    6870a276e0bed6dd5394d178156ebad0

    SHA1

    9b6005e5771bb4afb93a8862b54fe77dc4d203ee

    SHA256

    69db906941dec2a7f1748ea1d15a058751c77d851ce54ea9e2ebdf1d6c7ed4f4

    SHA512

    3b6f412d4bdf0939677ab6890a6417da6f737376e13375d2a60871de195aa14344b8340d254b819c850d75a443629cbf26f35533e07aaba9532fdc5284132809

    Download Submit

  • memory/1440-8-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1440-18-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2172-0-0x0000000074DE1000-0x0000000074DE2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2172-1-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2172-2-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2172-24-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.