Overview

overview

3

Static

static

3

0ff0568f32...c5.exe

windows7-x64

3

0ff0568f32...c5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 20:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ff0568f320e3c9b898e4b802faa86c5.exe

  • Size

    422KB

  • MD5

    0ff0568f320e3c9b898e4b802faa86c5

  • SHA1

    f5749139e4f45f3260896df9d2f14ded9e27eeee

  • SHA256

    6b900badfbd076bdf8120d7dc78778b6fe7b67283e1506b318551e27c5ca1b43

  • SHA512

    aab33044824b81cdef9fcd8f403621a65950059ee4c3a9128960a42bc1a0d39bb3e64e7851518c1a63eec41497e941b84759448c113554f04b8f0d33929594c8

  • SSDEEP

    6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ff0568f320e3c9b898e4b802faa86c5.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff0568f320e3c9b898e4b802faa86c5.exe"
    1⤵
      PID:628
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 332
        2⤵
        • Program crash
        PID:1216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 628 -ip 628
      1⤵
        PID:3384

      Network

      • flag-us
        DNS
        83.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        83.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        83.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        83.177.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        208.194.73.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.194.73.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 160252
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0DD1D5AF3ED745D98D3478426789703D Ref B: LON04EDGE0911 Ref C: 2023-12-25T14:03:30Z
        date: Mon, 25 Dec 2023 14:03:30 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 342351
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7625A6639E1E4598BE0E0FAFEB220D51 Ref B: LON04EDGE0911 Ref C: 2023-12-25T14:03:30Z
        date: Mon, 25 Dec 2023 14:03:30 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301545_129BRRWGUSUVO8RP7&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301545_129BRRWGUSUVO8RP7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 325965
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 54CD0A5470A942D591625DD35680D235 Ref B: LON04EDGE0911 Ref C: 2023-12-25T14:03:30Z
        date: Mon, 25 Dec 2023 14:03:30 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301112_1T8Y9CD8YMSDNE5RU&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301112_1T8Y9CD8YMSDNE5RU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
        Response
        217.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-217deploystaticakamaitechnologiescom
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        19.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.204.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.204.248.87.in-addr.arpa
        IN PTR
        Response
        0.204.248.87.in-addr.arpa
        IN PTR
        https-87-248-204-0lhrllnwnet
      • flag-us
        DNS
        104.241.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.241.123.92.in-addr.arpa
        IN PTR
        Response
        104.241.123.92.in-addr.arpa
        IN PTR
        a92-123-241-104deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        210.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.178.17.96.in-addr.arpa
        IN PTR
        Response
        210.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-210deploystaticakamaitechnologiescom
      • flag-us
        DNS
        50.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.134.221.88.in-addr.arpa
        IN PTR
        Response
        50.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-50deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.178.17.96.in-addr.arpa
        IN PTR
        Response
        211.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-211deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.178.17.96.in-addr.arpa
        IN PTR
        Response
        211.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-211deploystaticakamaitechnologiescom
      • flag-us
        DNS
        63.141.182.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        63.141.182.52.in-addr.arpa
        IN PTR
        Response
      • 20.231.121.79:80
        104 B
         2
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.5kB
         8.3kB
         17
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.2kB
         14
        12
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        10.9kB
         252.8kB
         198
        194

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301303_1EAOJAYMFAD8YIR5A&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301545_129BRRWGUSUVO8RP7&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301112_1T8Y9CD8YMSDNE5RU&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301712_1VAFFW2XLOWABA0CF&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&w=1080&h=1920&c=4
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.4kB
         8.4kB
         17
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.4kB
         8.6kB
         15
        14
      • 8.8.8.8:53
        83.177.190.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        83.177.190.20.in-addr.arpa

        DNS Request

        83.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        146 B
         144 B
         2
        1

        DNS Request

        95.221.229.192.in-addr.arpa

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        208.194.73.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        208.194.73.20.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        186 B
         173 B
         3
        1

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        144 B
         146 B
         2
        1

        DNS Request

        15.164.165.52.in-addr.arpa

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        217.135.221.88.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        217.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        142 B
         135 B
         2
        1

        DNS Request

        41.110.16.96.in-addr.arpa

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        19.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        19.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        0.204.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.204.248.87.in-addr.arpa

      • 8.8.8.8:53
        104.241.123.92.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        104.241.123.92.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        81.171.91.138.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        81.171.91.138.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        210.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        210.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        50.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        50.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        211.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        211.178.17.96.in-addr.arpa

        DNS Request

        211.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        63.141.182.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        63.141.182.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/628-0-0x00000000001D0000-0x000000000023E000-memory.dmp

        Filesize

        440KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.