e1f47a3fd30dd8409502cf3337f9a851f15d5c6afc5f1e6ad2ec406ba7701a80

Analysis

max time kernel
139s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 00:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45552ea37c29dafaa4b9cf40b6781d91.exe
Size

451KB
MD5

45552ea37c29dafaa4b9cf40b6781d91
SHA1

33616d209d3a00b5a44a59246053667f440fc684
SHA256

e1f47a3fd30dd8409502cf3337f9a851f15d5c6afc5f1e6ad2ec406ba7701a80
SHA512

aaf577bd2e0281bf1ea6e71215cd9c803fbc0bad8b20a01b05cfa49649697ef666d579836453c50fa979acb943d111de5beb575103d818413d61adac97eaf8d8
SSDEEP

6144:DhwF5w6dLyCXlHWslyPlxPDHt/OE+WvwROFCD0u0i/lkv:1wFQCxlyfPDEWvwROFCD0u0i/lq

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\desktop.ini	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\desktop.ini	45552ea37c29dafaa4b9cf40b6781d91.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClient.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClientSideProviders.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsBase.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.DriveInfo.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Controls.Ribbon.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Primitives.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado20.tlb	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationFramework.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsBase.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\el.txt	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lij.txt	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\dotnet.exe	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Primitives.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationClient.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationClientSideProviders.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Xaml.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Classic.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Input.Manipulations.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ne.txt	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Xaml.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Extensions.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationProvider.dll	45552ea37c29dafaa4b9cf40b6781d91.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui	45552ea37c29dafaa4b9cf40b6781d91.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1572	1836	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\45552ea37c29dafaa4b9cf40b6781d91.exe
"C:\Users\Admin\AppData\Local\Temp\45552ea37c29dafaa4b9cf40b6781d91.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 560
  2⤵
  - Program crash
  PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1836 -ip 1836
1⤵
PID:4336

Network

DNS

82.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.177.190.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301115_1WV4BO8Q0W9O23TET&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301115_1WV4BO8Q0W9O23TET&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 179601
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3303A43909B4AC4B54A3F35530A8AF2 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:54:33Z
date: Tue, 02 Jan 2024 05:54:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 172727
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B273233845E499E900554B462529AD6 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:54:33Z
date: Tue, 02 Jan 2024 05:54:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301548_1L6E4C2XNVN578CJ7&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301548_1L6E4C2XNVN578CJ7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 253374
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 77F800060D324FDFBA1A1CB5602F4446 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:54:33Z
date: Tue, 02 Jan 2024 05:54:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 389297
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5983ADD3548E4D19B07E5173FB2F36D1 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:54:36Z
date: Tue, 02 Jan 2024 05:54:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 231701
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4430E2006ADF485EBDA5FF9E71033382 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:54:36Z
date: Tue, 02 Jan 2024 05:54:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 324072
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3BD0DC1909A4298B5F9786D49025B50 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:55:15Z
date: Tue, 02 Jan 2024 05:55:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 468644
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1C12517C97894C8386777A2EF9BEC79C Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:55:17Z
date: Tue, 02 Jan 2024 05:55:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 510426
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B6479AF7B1C47E2B9DCBAD970A0139F Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:55:17Z
date: Tue, 02 Jan 2024 05:55:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 314922
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19A7979EDF594E4CBFFCE072262573F4 Ref B: LON04EDGE0621 Ref C: 2024-01-02T05:55:17Z
date: Tue, 02 Jan 2024 05:55:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301071_1DQ5OX7SYTK2NY123&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301071_1DQ5OX7SYTK2NY123&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301504_19NAUZ2WGU7U78P7T&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301504_19NAUZ2WGU7U78P7T&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

200.201.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.201.50.20.in-addr.arpa

IN PTR

Response

138.91.171.81:80

52 B
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.9kB
8.2kB
18
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.9kB
8.2kB
18
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.4kB
16
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.4kB
16
15
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301504_19NAUZ2WGU7U78P7T&pid=21.2&w=1080&h=1920&c=4

tls, http2

98.9kB
2.8MB
2041
2036

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301115_1WV4BO8Q0W9O23TET&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301548_1L6E4C2XNVN578CJ7&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301071_1DQ5OX7SYTK2NY123&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301504_19NAUZ2WGU7U78P7T&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

8.8.8.8:53

82.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

82.177.190.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

210 B
156 B
3
1

DNS Request

50.23.12.20.in-addr.arpa

DNS Request

50.23.12.20.in-addr.arpa

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.201.50.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

200.201.50.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
227KB

MD5
cf3a73e6d5f8a83e7e949343897e85bd

SHA1
8c7304c5fa62e5777ad37dd1cf71763924291737

SHA256
804941370ad017bf1173569afc18edff9866da605ec71963094a2edeb06af356

SHA512
74c5f0eea2a2fd6960306d6666a760dc9e689ee2d1d7516b86abe3cbce4c99376665b08d2e17ca39675a6041b5db1e01f9d6e399018280cd92ef8804352e8f0c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1836-779-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-202-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-215-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-785-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-1170-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-1228-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-1232-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-137-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1836-1976-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.