Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

449db7ead2...5c.exe

windows7-x64

10

449db7ead2...5c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    193s
  • max time network
    217s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    449db7ead280736b0e7610b2a7a84e5c.exe

  • Size

    332KB

  • MD5

    449db7ead280736b0e7610b2a7a84e5c

  • SHA1

    cb2fef6c9eda407dec841e107315e09e25ef21bb

  • SHA256

    13e7f4b66b74a37a78fae79a7d4a0267efb42d622d7a0a883ff7990fc4448613

  • SHA512

    ea4a8f5bc3c1a06c70c888014bfc5d42c6b26ecff99ad951f513890c0474651e7af759a3740a85ffdf6121307d8aacf63c90eced14e0858636bf5ca5812c9da1

  • SSDEEP

    3072:7q9jSeaNxnuD7mEVSuekhGkYrQRVZq3eFo4ejLnlQISQLpyhZu6qyKtrlbHrs2OI:L5NxM2WGk1Y3nmQcuyKdFrs2OXuHNz

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 17 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\449db7ead280736b0e7610b2a7a84e5c.exe
    "C:\Users\Admin\AppData\Local\Temp\449db7ead280736b0e7610b2a7a84e5c.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\dyyauk.exe
      "C:\Users\Admin\dyyauk.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:540

Network

  • flag-us
    DNS
    16.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0E2E2F5EE11C664F12CE3CAAE03B67E8; domain=.bing.com; expires=Mon, 20-Jan-2025 00:34:30 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 993051D8F4634FF8ACA72A78457C69A7 Ref B: LON04EDGE0608 Ref C: 2023-12-27T00:34:30Z
    date: Wed, 27 Dec 2023 00:34:29 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0E2E2F5EE11C664F12CE3CAAE03B67E8
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=74TV4a1bRj5t4i1HRDpk2sBjZpS6hMnd_Iumr9lf0c8; domain=.bing.com; expires=Mon, 20-Jan-2025 00:34:46 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3B0C933097C34C1380771A9AC74A2EB1 Ref B: LON04EDGE0608 Ref C: 2023-12-27T00:34:46Z
    date: Wed, 27 Dec 2023 00:34:45 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0E2E2F5EE11C664F12CE3CAAE03B67E8; MSPTC=74TV4a1bRj5t4i1HRDpk2sBjZpS6hMnd_Iumr9lf0c8
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6F63882909D54479A5E0D45424FD074A Ref B: LON04EDGE0608 Ref C: 2023-12-27T00:34:46Z
    date: Wed, 27 Dec 2023 00:34:45 GMT
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    6.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301675_1C57W3XZQRPJ599J3&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301675_1C57W3XZQRPJ599J3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 367882
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BC48BE58541B45E8816206F0DACA5638 Ref B: LON04EDGE0814 Ref C: 2023-12-27T00:35:59Z
    date: Wed, 27 Dec 2023 00:35:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301412_1567NHQK9I5N2BTRV&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301412_1567NHQK9I5N2BTRV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 374006
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8C8BAACB4F144AE5B3AC0A138412CA5F Ref B: LON04EDGE0814 Ref C: 2023-12-27T00:35:59Z
    date: Wed, 27 Dec 2023 00:35:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 395561
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 777632ECA6FD444C82A9C7AD775D0EFB Ref B: LON04EDGE0814 Ref C: 2023-12-27T00:36:02Z
    date: Wed, 27 Dec 2023 00:36:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300979_17O5GM9WHR1UQCX2Q&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300979_17O5GM9WHR1UQCX2Q&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 289523
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AE7AA27B50F448B1BFC9883270366018 Ref B: LON04EDGE0814 Ref C: 2023-12-27T00:36:02Z
    date: Wed, 27 Dec 2023 00:36:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301266_19QUIUJHADCRM116R&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301266_19QUIUJHADCRM116R&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 418046
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 49CFACB632984F79BB0598F5DC99116F Ref B: LON04EDGE0814 Ref C: 2023-12-27T00:36:02Z
    date: Wed, 27 Dec 2023 00:36:02 GMT
  • flag-us
    DNS
    ns1.chopsuwey.com
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.com
    IN A
    Response
  • flag-us
    DNS
    ns1.chopsuwey.com
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.com
    IN A
  • flag-us
    DNS
    ns1.chopsuwey.net
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.net
    IN A
    Response
  • flag-us
    DNS
    ns1.chopsuwey.org
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.org
    IN A
    Response
  • flag-us
    DNS
    ns1.chopsuwey.biz
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.biz
    IN A
    Response
  • flag-us
    DNS
    ns1.chopsuwey.info
    449db7ead280736b0e7610b2a7a84e5c.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.chopsuwey.info
    IN A
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
    tls, http2
    2.2kB
     9.4kB
     23
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6193f568f6c7430eb0998e6bc6fc16d5&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301266_19QUIUJHADCRM116R&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    62.8kB
     1.8MB
     1293
    1285

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301675_1C57W3XZQRPJ599J3&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301412_1567NHQK9I5N2BTRV&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300979_17O5GM9WHR1UQCX2Q&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301266_19QUIUJHADCRM116R&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.2kB
     16
    13
  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    16.53.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    16.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    292 B
     144 B
     4
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    6.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    6.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    ns1.chopsuwey.com
    dns
    449db7ead280736b0e7610b2a7a84e5c.exe
    126 B
     136 B
     2
    1

    DNS Request

    ns1.chopsuwey.com

    DNS Request

    ns1.chopsuwey.com

  • 8.8.8.8:53
    ns1.chopsuwey.net
    dns
    449db7ead280736b0e7610b2a7a84e5c.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.chopsuwey.net

  • 8.8.8.8:53
    ns1.chopsuwey.org
    dns
    449db7ead280736b0e7610b2a7a84e5c.exe
    63 B
     145 B
     1
    1

    DNS Request

    ns1.chopsuwey.org

  • 8.8.8.8:53
    ns1.chopsuwey.biz
    dns
    449db7ead280736b0e7610b2a7a84e5c.exe
    63 B
     125 B
     1
    1

    DNS Request

    ns1.chopsuwey.biz

  • 8.8.8.8:53
    ns1.chopsuwey.info
    dns
    449db7ead280736b0e7610b2a7a84e5c.exe
    64 B
     143 B
     1
    1

    DNS Request

    ns1.chopsuwey.info

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\dyyauk.exe
    Filesize

    332KB

    MD5

    91e36bb5bf667b77a6ca8aab0cdfd7ba

    SHA1

    4cba9890b56836d055e74afcb9740eb7ef594e37

    SHA256

    ec83c0e29ddbe63255f27f83af64d4826704bd4462b0a93cf1746f830d2614ab

    SHA512

    f3aba2dd2dae25de76ed4250b5d09391843ef4503d94f68e39990174a2265468e5d833ea23bf1b977204adc0499ef0e1e1f9e0d628ff4888d1d0a36258e0a508

    Download Submit

  • C:\Users\Admin\dyyauk.exe
    Filesize

    292KB

    MD5

    6281c74f2c34fc01ca8361f86e1cfb83

    SHA1

    03ff6fdf27d1de7abe5d8dbbefdfc22b6ee81119

    SHA256

    866e5439b10deeb8f84888af86704a76233e00e8a3d0a17b15f8b52f7c0d9f9e

    SHA512

    d423de72a7ab1ec9d3a9975b92be7d8a24355c5ee194eb4d41c55da7395d6b5af1fd8a2d8574de7a32c0189b4cea4da5cf186e446a1777fe508e7807482dbb7e

    Download Submit

  • C:\Users\Admin\dyyauk.exe
    Filesize

    41KB

    MD5

    7a54a93d29d3421b43dbd1801d4e2032

    SHA1

    8bbbbeaf95fa0159b222bd545cca0e0a2fac64ba

    SHA256

    9a4db88af9106babaadba7432df6e9d6418e59bd38a7a35f08cadd36ac6c3a12

    SHA512

    c13ef8242a496991b0e6ef588d2f0661cc3ce7947df35e38d124c9593ab3191abf4174b87b92159653f1030e2029e6f4a9847190a4946bda1d0f5973f297e231

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.