Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 08:25 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
11e1cb4fbbe5336fb962a5231ca57b97.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
11e1cb4fbbe5336fb962a5231ca57b97.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
11e1cb4fbbe5336fb962a5231ca57b97.exe
-
Size
137KB
-
MD5
11e1cb4fbbe5336fb962a5231ca57b97
-
SHA1
4c9e749ff5fe09bf9428789240cab2fc44c42d95
-
SHA256
b7ece76d42b01a4ca626421f8eb1b1d2e67b24e5f48f8042b91547fce2e8e453
-
SHA512
106562525d819a7fd37f3f07ef1cd8289f5ba0703ae5ae840f484da069d2a471cbd48b9da5993784d43b83d01de8e9d30fca48974b39b88e81006cfbd66b3113
-
SSDEEP
3072:KbPN+Vmf91ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:KnJZJ1Gx9uwmy7g0biTj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3652 852 WerFault.exe 57
Processes
-
C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe"C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe"1⤵PID:852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 2922⤵
- Program crash
PID:3652
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 852 -ip 8521⤵PID:2964
Network
-
Remote address:8.8.8.8:53Request248.138.73.23.in-addr.arpaIN PTRResponse248.138.73.23.in-addr.arpaIN PTRa23-73-138-248deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request208.194.73.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request178.223.142.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.2.37.23.in-addr.arpaIN PTRResponse11.2.37.23.in-addr.arpaIN PTRa23-37-2-11deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.2.37.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTRResponse183.1.37.23.in-addr.arpaIN PTRa23-37-1-183deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request65.139.73.23.in-addr.arpaIN PTRResponse65.139.73.23.in-addr.arpaIN PTRa23-73-139-65deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request218.138.73.23.in-addr.arpaIN PTRResponse218.138.73.23.in-addr.arpaIN PTRa23-73-138-218deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request218.138.73.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTRResponse16.234.44.23.in-addr.arpaIN PTRa23-44-234-16deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.137.73.23.in-addr.arpaIN PTRResponse232.137.73.23.in-addr.arpaIN PTRa23-73-137-232deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request232.137.73.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request232.137.73.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request24.139.73.23.in-addr.arpaIN PTRResponse24.139.73.23.in-addr.arpaIN PTRa23-73-139-24deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request24.139.73.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 382840
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B31EF6E39C7C4672852ECF580C3754F3 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 149126
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F31AC37B337243E0A774826739445AC3 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 170119
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 18B3AA3769C34988A6CD07075A6F7D40 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 317587
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 995934C014684A4288664E87CBF02221 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 446334
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DABE492E06AE481698560749B556B604 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 347909
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED4CB723CD4E426E8B6D65BEF922DB86 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
date: Mon, 25 Dec 2023 21:35:36 GMT
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTR
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4tls, http268.2kB 1.8MB 1323 1330
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.4kB 16 15
-
1.2kB 8.4kB 16 15
-
1.2kB 8.4kB 16 15
-
1.2kB 8.4kB 16 15
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
72 B 137 B 1 1
DNS Request
248.138.73.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
208.194.73.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
178.223.142.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
138 B 131 B 2 1
DNS Request
11.2.37.23.in-addr.arpa
DNS Request
11.2.37.23.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
2.136.104.51.in-addr.arpa
DNS Request
2.136.104.51.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
198.187.3.20.in-addr.arpa
DNS Request
198.187.3.20.in-addr.arpa
-
140 B 133 B 2 1
DNS Request
183.1.37.23.in-addr.arpa
DNS Request
183.1.37.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
65.139.73.23.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
218.138.73.23.in-addr.arpa
DNS Request
218.138.73.23.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
16.234.44.23.in-addr.arpa
DNS Request
16.234.44.23.in-addr.arpa
-
144 B 316 B 2 2
DNS Request
48.229.111.52.in-addr.arpa
DNS Request
48.229.111.52.in-addr.arpa
-
216 B 137 B 3 1
DNS Request
232.137.73.23.in-addr.arpa
DNS Request
232.137.73.23.in-addr.arpa
DNS Request
232.137.73.23.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
24.139.73.23.in-addr.arpa
DNS Request
24.139.73.23.in-addr.arpa
-
124 B 346 B 2 2
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
DNS Response
204.79.197.20013.107.21.200
-
-
-
219 B 144 B 3 1
DNS Request
240.221.184.93.in-addr.arpa
DNS Request
240.221.184.93.in-addr.arpa
DNS Request
240.221.184.93.in-addr.arpa
-
-