Overview

overview

3

Static

static

3

brute12.exe

windows7-x64

1

brute12.exe

windows10-2004-x64

1

Resubmissions

12/10/2023, 11:17 UTC

231012-nd3b5afc4x 3

12/10/2023, 11:14 UTC

231012-ncgzsshb57 3

12/10/2023, 11:10 UTC

231012-m91mqsfa4z 3

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 11:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    brute12.exe

  • Size

    51KB

  • MD5

    2ad554f805ee5581af320427387727a3

  • SHA1

    1aa3702ff715ce3e3bfac1a1bc799593079117c8

  • SHA256

    d1bb9f200fa0d6d5df539a8be2904d7c4a8f9b13502b3927a4eb9b3187ecbc0d

  • SHA512

    527850cd30e6d4de9674a65f880ec7d27229b0ed6b5fd676c4e044fb426829e05257e6d8cc618d09abcce5be459e5c42ddf82e69ca7e6e38a0577d9bd3df8517

  • SSDEEP

    768:FJNUQQyas+YLkEQSYZMsiWNF60LS35323Taz06PiaROZYk/9wv05i84K9xTosqHB:FJ+bZjFh5hIUqcv/kt

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\brute12.exe
    "C:\Users\Admin\AppData\Local\Temp\brute12.exe"
    1⤵
      PID:3980

    Network

    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      120.208.253.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      120.208.253.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=01420CF783E76967157F1F5F82EF68F1; domain=.bing.com; expires=Tue, 05-Nov-2024 11:12:45 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DCFDAB97FCAD4E729352B3B9F1960747 Ref B: AMS04EDGE2920 Ref C: 2023-10-12T11:12:45Z
      date: Thu, 12 Oct 2023 11:12:44 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=01420CF783E76967157F1F5F82EF68F1
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 747E68D4181B4CEB9F27C0014D2897EA Ref B: AMS04EDGE2920 Ref C: 2023-10-12T11:12:46Z
      date: Thu, 12 Oct 2023 11:12:46 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=01420CF783E76967157F1F5F82EF68F1
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 266129066E97479BAE9B1B24CFE8F344 Ref B: AMS04EDGE2920 Ref C: 2023-10-12T11:12:46Z
      date: Thu, 12 Oct 2023 11:12:46 GMT
    • flag-us
      DNS
      145.175.53.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      145.175.53.84.in-addr.arpa
      IN PTR
      Response
      145.175.53.84.in-addr.arpa
      IN PTR
      a84-53-175-145deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.1.85.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.1.85.104.in-addr.arpa
      IN PTR
      Response
      198.1.85.104.in-addr.arpa
      IN PTR
      a104-85-1-198deploystaticakamaitechnologiescom
    • flag-us
      DNS
      7.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      7.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
      tls, http2
      1.9kB
       9.3kB
       22
      20

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4b40a1109a804c66a1325f2924bbaa22&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      120.208.253.8.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      120.208.253.8.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      71.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      71.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      145.175.53.84.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      145.175.53.84.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      350 B
       5

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      198.1.85.104.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      198.1.85.104.in-addr.arpa

    • 8.8.8.8:53
      7.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      7.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3980-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.