Analysis
-
max time kernel
145s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 09:40 UTC
Static task
static1
Behavioral task
behavioral1
Sample
14cef9f9cffdd5a7f63a4edbc0ea01f8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
14cef9f9cffdd5a7f63a4edbc0ea01f8.exe
Resource
win10v2004-20231215-en
General
-
Target
14cef9f9cffdd5a7f63a4edbc0ea01f8.exe
-
Size
1.5MB
-
MD5
14cef9f9cffdd5a7f63a4edbc0ea01f8
-
SHA1
4409699f1761d97933718ea005dcd7dbca160e3e
-
SHA256
9a692196c93b8851d5e5c13313f8e769dddf36e4dfb7315c8b553293ceaf62b6
-
SHA512
343cdb4ed626e7a7df4c0c98cd9e4ce9b0d63328fb9e8d91561d0ccb268232bfe9155f5709954b130a1305011f911555bf194f5184d9ff4e02abe1491712b08d
-
SSDEEP
24576:RT4UlqnbTiFeOJYod0+tG3DCcot3umm8XK1Zv0tLBe7FkvNYjMhmSoC8qTNqqnmB:ZqPuFGzCcot3LT6HyBIeNVoCXd1sxF
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2830D6E108E0653E3BDDC513090064BF; domain=.bing.com; expires=Sat, 18-Jan-2025 23:22:35 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87FA9EA9DF50454D82C43F8B3CFD37E7 Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
date: Mon, 25 Dec 2023 23:22:34 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2830D6E108E0653E3BDDC513090064BF
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=MoExSWIVtU7ZDDJul2pGcIDEXYFOGaI8Bv5nP9BOtRU; domain=.bing.com; expires=Sat, 18-Jan-2025 23:22:35 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 40C3DDC5F4D94939AA94123CB3185D5C Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
date: Mon, 25 Dec 2023 23:22:34 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2830D6E108E0653E3BDDC513090064BF; MSPTC=MoExSWIVtU7ZDDJul2pGcIDEXYFOGaI8Bv5nP9BOtRU
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3C36467E3874499F96F4539F81958C07 Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
date: Mon, 25 Dec 2023 23:22:34 GMT
-
Remote address:8.8.8.8:53Request21.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.134.221.88.in-addr.arpaIN PTRResponse41.134.221.88.in-addr.arpaIN PTRa88-221-134-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 375947
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1F76B99A69A40339D7D9E9748E5FD43 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:15Z
date: Mon, 25 Dec 2023 23:23:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 354350
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A01B83606E564BA0BF3384D3699ECCF8 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:15Z
date: Mon, 25 Dec 2023 23:23:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 241089
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 33530DE24D1542E686ED6FE1B2E6C539 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:16Z
date: Mon, 25 Dec 2023 23:23:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 340120
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E0BFBC78AEE04EB88E24048B7F7B73A9 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:16Z
date: Mon, 25 Dec 2023 23:23:15 GMT
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTRResponse183.1.37.23.in-addr.arpaIN PTRa23-37-1-183deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.171.91.138.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.134.221.88.in-addr.arpaIN PTRResponse67.134.221.88.in-addr.arpaIN PTRa88-221-134-67deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request67.134.221.88.in-addr.arpaIN PTRResponse67.134.221.88.in-addr.arpaIN PTRa88-221-134-67deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request64.134.221.88.in-addr.arpaIN PTRResponse64.134.221.88.in-addr.arpaIN PTRa88-221-134-64deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request64.134.221.88.in-addr.arpaIN PTRResponse64.134.221.88.in-addr.arpaIN PTRa88-221-134-64deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Response
-
52 B 1
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=tls, http22.4kB 9.7kB 24 21
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=HTTP Response
204 -
1.3kB 8.7kB 18 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4tls, http250.6kB 1.4MB 1006 999
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
21.177.190.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
41.134.221.88.in-addr.arpa
-
146 B 106 B 2 1
DNS Request
200.197.79.204.in-addr.arpa
DNS Request
200.197.79.204.in-addr.arpa
-
146 B 144 B 2 1
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
140 B 156 B 2 1
DNS Request
9.228.82.20.in-addr.arpa
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
140 B 133 B 2 1
DNS Request
183.1.37.23.in-addr.arpa
DNS Request
183.1.37.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.204.248.87.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
81.171.91.138.in-addr.arpa
-
144 B 274 B 2 2
DNS Request
67.134.221.88.in-addr.arpa
DNS Request
67.134.221.88.in-addr.arpa
-
144 B 274 B 2 2
DNS Request
64.134.221.88.in-addr.arpa
DNS Request
64.134.221.88.in-addr.arpa
-
147 B 1