Analysis
-
max time kernel
148s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 11:37 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6b531de6f2cf065a71df26dd1a83b395.exe
Resource
win7-20231215-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
6b531de6f2cf065a71df26dd1a83b395.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
6b531de6f2cf065a71df26dd1a83b395.exe
-
Size
905KB
-
MD5
6b531de6f2cf065a71df26dd1a83b395
-
SHA1
d4084c7df91751e4693b8daee1115573b2a1ea81
-
SHA256
13d7cc6a5df210830f6470d4412ea16159f25d4285cd9e76b92bc04d722d2d64
-
SHA512
c95f0c46a2d7fac057d0559c57ec1367274b299f0feb15e2d125b861ee49a0b66c36de8b56cde4cb4f5e10df543d03694d99f58a823bdef96ab10b21f998d3f9
-
SSDEEP
12288:sB0uRsxZAxhMarNu1n5gs0xJ26qF1ca36c9U:s6UsxihMr15gsQf2Xqc
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3472 2108 WerFault.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b531de6f2cf065a71df26dd1a83b395.exe"C:\Users\Admin\AppData\Local\Temp\6b531de6f2cf065a71df26dd1a83b395.exe"1⤵PID:2108
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 2802⤵
- Program crash
PID:3472
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 21081⤵PID:2188
Network
-
Remote address:8.8.8.8:53Request5.181.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requestg.bing.comIN A
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request179.178.17.96.in-addr.arpaIN PTRResponse179.178.17.96.in-addr.arpaIN PTRa96-17-178-179deploystaticakamaitechnologiescom
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7; domain=.bing.com; expires=Thu, 30-Jan-2025 12:15:07 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A10BC305E67D43A8AF2818E80C64E958 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
date: Sat, 06 Jan 2024 12:15:06 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=7og_3xcAQBiSJVMN8kn98G5K4SWy4dLNXMYvah-EPy0; domain=.bing.com; expires=Thu, 30-Jan-2025 12:15:07 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7573385D7E1C4CBDBC7875F10636EFA8 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
date: Sat, 06 Jan 2024 12:15:07 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7; MSPTC=7og_3xcAQBiSJVMN8kn98G5K4SWy4dLNXMYvah-EPy0
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DBBEB63277E0438F906169B9120256E7 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
date: Sat, 06 Jan 2024 12:15:07 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.241.123.92.in-addr.arpaIN PTRResponse104.241.123.92.in-addr.arpaIN PTRa92-123-241-104deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request174.178.17.96.in-addr.arpaIN PTRResponse174.178.17.96.in-addr.arpaIN PTRa96-17-178-174deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request32.134.221.88.in-addr.arpaIN PTRResponse32.134.221.88.in-addr.arpaIN PTRa88-221-134-32deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request81.171.91.138.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.171.91.138.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTRResponse176.178.17.96.in-addr.arpaIN PTRa96-17-178-176deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Responsenexusrules.officeapps.live.comIN CNAMEprod.nexusrules.live.com.akadns.netprod.nexusrules.live.com.akadns.netIN A52.111.227.14
-
Remote address:8.8.8.8:53Responsenexusrules.officeapps.live.comIN CNAMEprod.nexusrules.live.com.akadns.netprod.nexusrules.live.com.akadns.netIN A52.111.243.31
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 91993
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 474E5D1E50814117B8F892E133468788 Ref B: LON04EDGE0617 Ref C: 2024-01-06T12:16:48Z
date: Sat, 06 Jan 2024 12:16:48 GMT
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTR
-
156 B 3
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=tls, http22.6kB 9.3kB 21 15
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=HTTP Response
204 -
-
-
-
-
-
-
-
-
1.8kB 8.2kB 17 13
-
1.1kB 589 B 10 8
-
1.8kB 8.2kB 17 13
-
1.8kB 8.2kB 17 13
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4tls, http235.9kB 991.9kB 736 729
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4HTTP Response
200 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
71 B 157 B 1 1
DNS Request
5.181.190.20.in-addr.arpa
-
112 B 158 B 2 1
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
179.178.17.96.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
213 B 157 B 3 1
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
-
140 B 156 B 2 1
DNS Request
9.228.82.20.in-addr.arpa
DNS Request
9.228.82.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
104.241.123.92.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
119.110.54.20.in-addr.arpa
DNS Request
119.110.54.20.in-addr.arpa
-
146 B 139 B 2 1
DNS Request
217.135.221.88.in-addr.arpa
DNS Request
217.135.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
174.178.17.96.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
32.134.221.88.in-addr.arpa
-
144 B 292 B 2 2
DNS Request
81.171.91.138.in-addr.arpa
DNS Request
81.171.91.138.in-addr.arpa
-
-
144 B 137 B 2 1
DNS Request
176.178.17.96.in-addr.arpa
DNS Request
176.178.17.96.in-addr.arpa
-
282 B 2
DNS Response
52.111.227.14
DNS Response
52.111.243.31
-
-
124 B 346 B 2 2
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
DNS Response
204.79.197.20013.107.21.200
-
142 B 157 B 2 1
DNS Request
58.99.105.20.in-addr.arpa
DNS Request
58.99.105.20.in-addr.arpa