Overview

overview

7

Static

static

3

47988d6b14...77.exe

windows7-x64

7

47988d6b14...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 00:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47988d6b141bfcdf74da78c599f80977.exe

  • Size

    169KB

  • MD5

    47988d6b141bfcdf74da78c599f80977

  • SHA1

    d4e5ca28440ea73f5c03cf520fdf5c0efaecf49f

  • SHA256

    1ebb874504be7c683e7064dadec0138d8835cbd6f2700a739afb8850b28cbaf3

  • SHA512

    4a8c3b120ddaa69b803090805b0736c5f09dfe1a4f4aabbfa4f61b2317c4b2fdd359ce07ea0afd21a599c881203c4823118918bacdf962f829b71005e9f3e642

  • SSDEEP

    3072:z5xJ5sydtOQQ5g7xfEF6cje/CbCvHz5LS74iE/cqopW9sz3GXZo0scMqF2DeP3mW:zJ5s8ti5gdEUcCamvl+4MY23GJo0scx5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47988d6b141bfcdf74da78c599f80977.exe
    "C:\Users\Admin\AppData\Local\Temp\47988d6b141bfcdf74da78c599f80977.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Users\Admin\AppData\Local\Temp\47988d6b141bfcdf74da78c599f80977.exe
      C:\Users\Admin\AppData\Local\Temp\47988d6b141bfcdf74da78c599f80977.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:740

Network

  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=306267502BFB6DCC34F374AA2A1B6CE0; domain=.bing.com; expires=Sun, 26-Jan-2025 08:01:05 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C80EBBF0C7934DCDB0BBE08E85B1069C Ref B: LON04EDGE1018 Ref C: 2024-01-02T08:01:05Z
    date: Tue, 02 Jan 2024 08:01:04 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=306267502BFB6DCC34F374AA2A1B6CE0
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=T-0XRYhZH2A3EHJpezIMtB0l-w-jtb6UPlTYwq7a06Y; domain=.bing.com; expires=Sun, 26-Jan-2025 08:01:05 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 44C3ECD346734B7CB0E09BDD91362538 Ref B: LON04EDGE1018 Ref C: 2024-01-02T08:01:05Z
    date: Tue, 02 Jan 2024 08:01:04 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=306267502BFB6DCC34F374AA2A1B6CE0; MSPTC=T-0XRYhZH2A3EHJpezIMtB0l-w-jtb6UPlTYwq7a06Y
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 39149C6B74884578BEED7478C0508993 Ref B: LON04EDGE1018 Ref C: 2024-01-02T08:01:05Z
    date: Tue, 02 Jan 2024 08:01:05 GMT
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    42.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.134.221.88.in-addr.arpa
    IN PTR
    Response
    42.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-42deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
    arc.msn.com
    IN CNAME
    arc.trafficmanager.net
    arc.trafficmanager.net
    IN CNAME
    iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
    iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
    IN A
    20.223.35.26
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 162579
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 23B1E81096B3480E9C1667962DCC6031 Ref B: LON04EDGE1217 Ref C: 2024-01-02T08:02:46Z
    date: Tue, 02 Jan 2024 08:02:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301195_10TKS815IX0MOD3NX&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301195_10TKS815IX0MOD3NX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 606299
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 92B2C390595240DD8C94B89EE7570939 Ref B: LON04EDGE1217 Ref C: 2024-01-02T08:02:46Z
    date: Tue, 02 Jan 2024 08:02:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 314922
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3C9C9A75AF9942B9AD189150158CA7AE Ref B: LON04EDGE1217 Ref C: 2024-01-02T08:02:46Z
    date: Tue, 02 Jan 2024 08:02:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301604_1H6WK0590WT095LZX&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301604_1H6WK0590WT095LZX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    64.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.134.221.88.in-addr.arpa
    IN PTR
    Response
    64.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-64deploystaticakamaitechnologiescom
  • flag-us
    DNS
    64.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.134.221.88.in-addr.arpa
    IN PTR
    Response
    64.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-64deploystaticakamaitechnologiescom
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    tls, http2
    2.1kB
     9.4kB
     23
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c9328f2e39074df9aa0b8d30ddf353e9&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.2kB
     16
    13
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    35.9kB
     973.5kB
     714
    707

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301195_10TKS815IX0MOD3NX&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301604_1H6WK0590WT095LZX&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.7kB
     17
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.7kB
     17
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.7kB
     17
    13
  • 96.17.178.176:80
  • 8.8.8.8:53
    17.160.190.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    17.160.190.20.in-addr.arpa

    DNS Request

    17.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    216 B
     146 B
     3
    1

    DNS Request

    15.164.165.52.in-addr.arpa

    DNS Request

    15.164.165.52.in-addr.arpa

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    360 B
     5

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    216 B
     137 B
     3
    1

    DNS Request

    174.178.17.96.in-addr.arpa

    DNS Request

    174.178.17.96.in-addr.arpa

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    42.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    42.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    dns
    175 B
     1

    DNS Response

    20.223.35.26

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     346 B
     2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    146 B
     278 B
     2
    2

    DNS Request

    217.135.221.88.in-addr.arpa

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    176.178.17.96.in-addr.arpa

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    64.134.221.88.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    64.134.221.88.in-addr.arpa

    DNS Request

    64.134.221.88.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\47988d6b141bfcdf74da78c599f80977.exe
    Filesize

    169KB

    MD5

    b9e97fb7e4705185095f174c7a07f38f

    SHA1

    191bfeddf6dbe583e5fce949451df33de19f4806

    SHA256

    732774e6483c7ac7e99f6dc7de042f74640ab82e3c17f0faa857d8fe75271911

    SHA512

    4be99b3fa8a8ffbc1f5b75c08fc352ac19f0d40cc8d861d210ad4b4d3889a7821d9241d2e675f6396aab7246b9e0584c44459109c2074a3021a97762c2a6d40f

    Download Submit

  • memory/740-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/740-14-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/740-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/740-21-0x0000000004D90000-0x0000000004DAB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4716-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4716-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4716-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4716-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.