hxxp://aax[.]amazon-adsystem[.]com/x/px/jiutr3lhd_lh_gd8vrbrdzaaaaghdq2cvweaaajyaqbhchnfdhhux2jpzdegicbhchnfdhhux2ltcdegicchpqst/{_type[:]malwareblock,c[:]dtb,tpbr[:]1,pid[:]w49uehwmpmn6h,info[:]{vendor[:]adl,data[:]{message[:]adl_blocked,siteid[:]lovetoknow,tagid[:]adltag_lge1ehtu_7e91pz6m95q,adunit[:]/1004147/wfw/wfw_games_0,adserverdetails[:]{advertiserid[:]5199475836,campaignid[:]3063511407,creativeid[:]138400422570,lineitemid[:]6082923974,adserver[:]dfp,prebidcreativeid[:]5233999,prebidbidder[:]onemobile,prebid[:]1},prebid[:]{adid[:]33507d12a997a6b29,bidresponse[:]{biddercode[:]onemobile,width[:]728,height[:]90,statusmessage[:]bid%20available,adid[:]33507d12a997a6b29,requestid[:]330998361c27bb373,transactionid[:]e1149b27-ebf1-40f9-baa9-04877e100135,auctionid[:]5ba6945e-9efa-4b2b-9331-6b51d38bebda,mediatype[:]banner,source[:]client,ad[:]<script%20type='text/javascript'>var%20adcontent%20=%20'';nadcontent%20+=%20'<div%20id=a-d53693>'%20+%20'n';nadcontent%20+=%20'<i'%20+%20'mg%20src=hxxps://prod-m-node-1113[.]ssp[.]yahoo[.]com/admax/adevent[.]do?tidi=770952781&dcn=8a9690ac017a7a396aac397be7d00007&posi=1540389&grp=%3f%3f%3f&nl=1681322921953&rts=1681322921746&pix=1&et=1&a=52ff6bd6289440f7bf3c14ca5a95c3af&m=axatmtatmjitmtyxltiz&p=mc4wmda2mti5mtm&b=mtmymtk7t0fusdewndiwmjawmdtmyw5kdwvslmnvbts7ozs0yje0nja0odcynwq0yjixywq2mji0yjdjzdyyyme4mjs0mjk3mzkwnzsxnjgxmziwnzq1ozswljawmdq5mdmzozswozs1mjmzotk5o2rkyzyzmmjlogvjmmu4zmmzzgi2yjdlymm5zgi3zdk3mweznjm3y2m7mtsxow[.][.]&uid=y-njesdshe2rpqysiqj[.]8uki1pr1jsqfgppxggpnxv[.]yt4z6fems9ipqcwm8zn81kejcyaphvfoyxjfxwr%7ea&xdi=q2hyb21lic0gv2luzg93c3xhb29nbgv8tlqgmtaumhwxn3xezxnrdg9w&xoi=mhxvu0e[.]&hb=true&type=0&af=2&dety=2%20style=display[:]none;width[:]1px;height[:]1px;border[:]0;%20width=1%20height=1%20alt=/><scr'%20+%20'ipt%20type=text/javascript%20src=hxxps://pn[.]ybp[.]yahoo[.]com/ab/secure/true/imp/zen1xje vendor=Zscaler hostname=aax[.]amazon-adsystem[.]com clientpublicIP=68[.]60[.]143[.]98 threatcategory=None threatname=JS[.]Exploit[.]XSS filetype=None appname=Amazon pagerisk=50 department=Security urlsupercategory=Advanced Security appclass=Consumer Apps dlpengine=None urlclass=Advanced Security Risk threatclass=None dlpdictionaries=None fileclass=None bwthrottle=NO servertranstime=11 contenttype=text/html unscannabletype=None devicehostname=ABH1LAP056 deviceowner=James[.]Summers

Sharing

Behavioral task

behavioral1

Sample

http://aax.amazon-adsystem.com/x/px/jiutr3lhd_lh_gd8vrbrdzaaaaghdq2cvweaaajyaqbhchnfdhhux2jpzdegicbhchnfdhhux2ltcdegicchpqst/{_type:malwareblock,c:dtb,tpbr:1,pid:w49uehwmpmn6h,info:{vendor:adl,data:{message:adl_blocked,siteid:lovetoknow,tagid:adltag_lge1ehtu_7e91pz6m95q,adunit:/1004147/wfw/wfw_games_0,adserverdetails:{advertiserid:5199475836,campaignid:3063511407,creativeid:138400422570,lineitemid:6082923974,adserver:dfp,prebidcreativeid:5233999,prebidbidder:onemobile,prebid:1},prebid:{adid:33507d12a997a6b29,bidresponse:{biddercode:onemobile,width:728,height:90,statusmessage:bid%20available,adid:33507d12a997a6b29,requestid:330998361c27bb373,transactionid:e1149b27-ebf1-40f9-baa9-04877e100135,auctionid:5ba6945e-9efa-4b2b-9331-6b51d38bebda,mediatype:banner,source:client,ad:<script%20type='text/javascript'>var%20adcontent%20=%20'';nadcontent%20+=%20'<div%20id=a-d53693>'%20+%20'n';nadcontent%20+=%20'<i'%20+%20'mg%20src=https://prod-m-node-1113.ssp.yahoo.com/admax/adevent.do?tidi=770952781&dcn=8a9690ac017a7a396aac397be7d00007&posi=1540389&grp=%3f%3f%3f&nl=1681322921953&rts=1681322921746&pix=1&et=1&a=52ff6bd6289440f7bf3c14ca5a95c3af&m=axatmtatmjitmtyxltiz&p=mc4wmda2mti5mtm&b=mtmymtk7t0fusdewndiwmjawmdtmyw5kdwvslmnvbts7ozs0yje0nja0odcynwq0yjixywq2mji0yjdjzdyyyme4mjs0mjk3mzkwnzsxnjgxmziwnzq1ozswljawmdq5mdmzozswozs1mjmzotk5o2rkyzyzmmjlogvjmmu4zmmzzgi2yjdlymm5zgi3zdk3mweznjm3y2m7mtsxow..&uid=y-njesdshe2rpqysiqj.8uki1pr1jsqfgppxggpnxv.yt4z6fems9ipqcwm8zn81kejcyaphvfoyxjfxwr%7ea&xdi=q2hyb21lic0gv2luzg93c3xhb29nbgv8tlqgmtaumhwxn3xezxnrdg9w&xoi=mhxvu0e.&hb=true&type=0&af=2&dety=2%20style=display:none;width:1px;height:1px;border:0;%20width=1%20height=1%20alt=/><scr'%20+%20'ipt%20type=text/javascript%20src=https://pn.ybp.yahoo.com/ab/secure/true/imp/zen1xje vendor=Zscaler hostname=aax.amazon-adsystem.com clientpublicIP=68.60.143.98 threatcategory=None threatname=JS.Exploit.XSS filetype=None appname=Amazon pagerisk=50 department=Security urlsupercategory=Advanced Security appclass=Consumer Apps dlpengine=None urlclass=Advanced Security Risk threatclass=None dlpdictionaries=None fileclass=None bwthrottle=NO servertranstime=11 contenttype=text/html unscannabletype=None devicehostname=ABH1LAP056 deviceowner=James.Summers

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

General

Target

http://aax.amazon-adsystem.com/x/px/jiutr3lhd_lh_gd8vrbrdzaaaaghdq2cvweaaajyaqbhchnfdhhux2jpzdegicbhchnfdhhux2ltcdegicchpqst/{_type:malwareblock,c:dtb,tpbr:1,pid:w49uehwmpmn6h,info:{vendor:adl,data:{message:adl_blocked,siteid:lovetoknow,tagid:adltag_lge1ehtu_7e91pz6m95q,adunit:/1004147/wfw/wfw_games_0,adserverdetails:{advertiserid:5199475836,campaignid:3063511407,creativeid:138400422570,lineitemid:6082923974,adserver:dfp,prebidcreativeid:5233999,prebidbidder:onemobile,prebid:1},prebid:{adid:33507d12a997a6b29,bidresponse:{biddercode:onemobile,width:728,height:90,statusmessage:bid%20available,adid:33507d12a997a6b29,requestid:330998361c27bb373,transactionid:e1149b27-ebf1-40f9-baa9-04877e100135,auctionid:5ba6945e-9efa-4b2b-9331-6b51d38bebda,mediatype:banner,source:client,ad:<script%20type='text/javascript'>var%20adcontent%20=%20'';nadcontent%20+=%20'<div%20id=a-d53693>'%20+%20'n';nadcontent%20+=%20'<i'%20+%20'mg%20src=https://prod-m-node-1113.ssp.yahoo.com/admax/adevent.do?tidi=770952781&dcn=8a9690ac017a7a396aac397be7d00007&posi=1540389&grp=%3f%3f%3f&nl=1681322921953&rts=1681322921746&pix=1&et=1&a=52ff6bd6289440f7bf3c14ca5a95c3af&m=axatmtatmjitmtyxltiz&p=mc4wmda2mti5mtm&b=mtmymtk7t0fusdewndiwmjawmdtmyw5kdwvslmnvbts7ozs0yje0nja0odcynwq0yjixywq2mji0yjdjzdyyyme4mjs0mjk3mzkwnzsxnjgxmziwnzq1ozswljawmdq5mdmzozswozs1mjmzotk5o2rkyzyzmmjlogvjmmu4zmmzzgi2yjdlymm5zgi3zdk3mweznjm3y2m7mtsxow..&uid=y-njesdshe2rpqysiqj.8uki1pr1jsqfgppxggpnxv.yt4z6fems9ipqcwm8zn81kejcyaphvfoyxjfxwr%7ea&xdi=q2hyb21lic0gv2luzg93c3xhb29nbgv8tlqgmtaumhwxn3xezxnrdg9w&xoi=mhxvu0e.&hb=true&type=0&af=2&dety=2%20style=display:none;width:1px;height:1px;border:0;%20width=1%20height=1%20alt=/><scr'%20+%20'ipt%20type=text/javascript%20src=https://pn.ybp.yahoo.com/ab/secure/true/imp/zen1xje vendor=Zscaler hostname=aax.amazon-adsystem.com clientpublicIP=68.60.143.98 threatcategory=None threatname=JS.Exploit.XSS filetype=None appname=Amazon pagerisk=50 department=Security urlsupercategory=Advanced Security appclass=Consumer Apps dlpengine=None urlclass=Advanced Security Risk threatclass=None dlpdictionaries=None fileclass=None bwthrottle=NO servertranstime=11 contenttype=text/html unscannabletype=None devicehostname=ABH1LAP056 deviceowner=James.Summers

Sharing

General

Malware Config

Signatures

Files