Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2023 01:50

General

  • Target

    07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe

  • Size

    597KB

  • MD5

    95138e2d1e51d45f653eef0823ad3c89

  • SHA1

    a28285ea359d00e3d6769481e5db882807cd7796

  • SHA256

    07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2

  • SHA512

    3c132f6717da4518fb08dc5aa73721b211051822172f50721de77acd2b8663fe39e8f6f77a39614757873a318972c24ad679d67ab44dd07ecaf2a077c94eacfe

  • SSDEEP

    12288:DSHXS6dIkIYpPVpPE9NSn8V+Nu8Hx60PinBYqT:DS3Ik7P808QrU0PCe6

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

lnk1

rc4.plain
1
NEW_BLACK

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
    "C:\Users\Admin\AppData\Local\Temp\07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe"
    1⤵
      PID:3536

    Network

    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=34AF99393E526C781F898ABE3F1A6D26; domain=.bing.com; expires=Thu, 03-Oct-2024 01:50:26 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4D4043B136264ADCAC384F0DCC7EC242 Ref B: BRU30EDGE0907 Ref C: 2023-09-09T01:50:26Z
      date: Sat, 09 Sep 2023 01:50:26 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=34AF99393E526C781F898ABE3F1A6D26
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 18D01C1C5659452FA67742E998FE5AB5 Ref B: BRU30EDGE0907 Ref C: 2023-09-09T01:50:26Z
      date: Sat, 09 Sep 2023 01:50:26 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=34AF99393E526C781F898ABE3F1A6D26
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CFDBAF5E1D544736A6C68716B39D54C7 Ref B: BRU30EDGE0907 Ref C: 2023-09-09T01:50:26Z
      date: Sat, 09 Sep 2023 01:50:26 GMT
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      cmid1s1zeiu.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      Remote address:
      8.8.8.8:53
      Request
      cmid1s1zeiu.life
      IN A
      Response
      cmid1s1zeiu.life
      IN A
      172.86.68.166
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      itszko2ot5u.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      Remote address:
      8.8.8.8:53
      Request
      itszko2ot5u.life
      IN A
      Response
      itszko2ot5u.life
      IN A
      45.61.130.31
    • flag-us
      DNS
      8.3.197.209.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.3.197.209.in-addr.arpa
      IN PTR
      Response
      8.3.197.209.in-addr.arpa
      IN PTR
      vip0x008map2sslhwcdnnet
    • flag-us
      DNS
      3v1n35i5kwx.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      Remote address:
      8.8.8.8:53
      Request
      3v1n35i5kwx.life
      IN A
      Response
      3v1n35i5kwx.life
      IN A
      172.86.123.215
    • flag-us
      DNS
      newdnq1xnl9.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      Remote address:
      8.8.8.8:53
      Request
      newdnq1xnl9.life
      IN A
      Response
      newdnq1xnl9.life
      IN A
      88.198.203.50
    • flag-us
      DNS
      50.203.198.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.203.198.88.in-addr.arpa
      IN PTR
      Response
      50.203.198.88.in-addr.arpa
      IN PTR
      static 88-198-203-50clients your-serverde
    • flag-us
      DNS
      11.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=
      tls, http2
      1.9kB
      9.3kB
      22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=979af95091b34f5f91ea212833ece5a1&localId=w:1CCB9A0F-0FA7-2CAD-B05B-5D7DB29A4DF8&deviceId=6966549481367204&anid=

      HTTP Response

      204
    • 172.86.68.166:443
      cmid1s1zeiu.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      260 B
      5
    • 45.61.130.31:443
      itszko2ot5u.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      260 B
      5
    • 172.86.123.215:443
      3v1n35i5kwx.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      260 B
      5
    • 88.198.203.50:443
      newdnq1xnl9.life
      https
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      1.1kB
      866 B
      12
      13
    • 172.86.68.166:443
      cmid1s1zeiu.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      260 B
      5
    • 45.61.130.31:443
      itszko2ot5u.life
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      156 B
      3
    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      158 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      cmid1s1zeiu.life
      dns
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      62 B
      78 B
      1
      1

      DNS Request

      cmid1s1zeiu.life

      DNS Response

      172.86.68.166

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      itszko2ot5u.life
      dns
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      62 B
      78 B
      1
      1

      DNS Request

      itszko2ot5u.life

      DNS Response

      45.61.130.31

    • 8.8.8.8:53
      8.3.197.209.in-addr.arpa
      dns
      70 B
      111 B
      1
      1

      DNS Request

      8.3.197.209.in-addr.arpa

    • 8.8.8.8:53
      3v1n35i5kwx.life
      dns
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      62 B
      78 B
      1
      1

      DNS Request

      3v1n35i5kwx.life

      DNS Response

      172.86.123.215

    • 8.8.8.8:53
      newdnq1xnl9.life
      dns
      07e625d9acc7803be901c9b5cfbad7265c9ba0f5d617109584a77a32d8d153f2.exe
      62 B
      78 B
      1
      1

      DNS Request

      newdnq1xnl9.life

      DNS Response

      88.198.203.50

    • 8.8.8.8:53
      50.203.198.88.in-addr.arpa
      dns
      72 B
      129 B
      1
      1

      DNS Request

      50.203.198.88.in-addr.arpa

    • 8.8.8.8:53
      11.173.189.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3536-0-0x000001D56A9F0000-0x000001D56AA5D000-memory.dmp

      Filesize

      436KB

    • memory/3536-1-0x000001D56AB60000-0x000001D56AC67000-memory.dmp

      Filesize

      1.0MB

    • memory/3536-2-0x000001D56AB60000-0x000001D56AC67000-memory.dmp

      Filesize

      1.0MB

    • memory/3536-3-0x000001D56AB60000-0x000001D56AC67000-memory.dmp

      Filesize

      1.0MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.