Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    156s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 14:50 UTC

General

  • Target

    76e08852358fe15ac4629a70c6a02181.exe

  • Size

    313KB

  • MD5

    76e08852358fe15ac4629a70c6a02181

  • SHA1

    543a2ed11631d0fe3782a517f959baf62a0f5730

  • SHA256

    12a87e5cc3340eba13aeb92bc883f1619f73d782fe60ee683c128301ea31d722

  • SHA512

    a40e936c632409531bd2285790f1727a751d089408529991bb725e97edca72bfdd0f82d091e4fb4546c306ef286d70103f0816af78ce9ab69ac3354cbe0a6766

  • SSDEEP

    6144:3rK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0LL:3ryu6/eIo4vMResyEf0uP9d9UG0L

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76e08852358fe15ac4629a70c6a02181.exe
    "C:\Users\Admin\AppData\Local\Temp\76e08852358fe15ac4629a70c6a02181.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1648

Network

  • flag-us
    DNS
    23.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    193.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    193.178.17.96.in-addr.arpa
    IN PTR
    Response
    193.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-193deploystaticakamaitechnologiescom
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    167.109.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.109.18.2.in-addr.arpa
    IN PTR
    Response
    167.109.18.2.in-addr.arpa
    IN PTR
    a2-18-109-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    23.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    r1.getapplicationmy.info
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    108.59.12.100
  • flag-us
    DNS
    c1.getapplicationmy.info
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    94.229.72.116
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:27 GMT
    server: nginx
    set-cookie: sid=8a7d4c41-acba-11ee-a071-7612af087467; path=/; domain=.getapplicationmy.info; expires=Thu, 24 Jan 2092 20:53:35 GMT; max-age=2147483647; HttpOnly
  • flag-us
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    108.59.12.100:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1876
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:27 GMT
    server: nginx
    set-cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728; path=/; domain=.getapplicationmy.info; expires=Thu, 24 Jan 2092 20:53:35 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    c2.getapplicationmy.info
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.116
  • flag-us
    DNS
    r2.getapplicationmy.info
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    108.59.12.100
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=8a7d4c41-acba-11ee-a071-7612af087467
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:27 GMT
    server: nginx
  • flag-us
    DNS
    116.72.229.94.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    116.72.229.94.in-addr.arpa
    IN PTR
    Response
    116.72.229.94.in-addr.arpa
    IN PTR
    nordns ukserverscom
  • flag-us
    DNS
    100.12.59.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.12.59.108.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    http://r2.getapplicationmy.info/?report_version=5&
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    108.59.12.100:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r2.getapplicationmy.info
    Content-Length: 1876
    Cache-Control: no-cache
    Cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:35 GMT
    server: nginx
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:33 GMT
    server: nginx
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:33 GMT
    server: nginx
  • flag-us
    DNS
    8.192.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.192.122.92.in-addr.arpa
    IN PTR
    Response
    8.192.122.92.in-addr.arpa
    IN PTR
    a92-122-192-8deploystaticakamaitechnologiescom
  • flag-us
    DNS
    8.192.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.192.122.92.in-addr.arpa
    IN PTR
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:38 GMT
    server: nginx
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    76e08852358fe15ac4629a70c6a02181.exe
    Remote address:
    94.229.72.116:80
    Request
    GET /?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=8a8d0865-acba-11ee-aa65-77798e2db728
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sat, 06 Jan 2024 17:39:39 GMT
    server: nginx
  • flag-us
    DNS
    8.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301058_17JUKZU9RAC77URQ8&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301058_17JUKZU9RAC77URQ8&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 314827
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C4618FDD8D7B4D2593BEB8EEAE443CF9 Ref B: LON04EDGE0709 Ref C: 2024-01-06T17:40:22Z
    date: Sat, 06 Jan 2024 17:40:22 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 258667
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AE00703489594B7790F3CBE16FDF35A3 Ref B: LON04EDGE0709 Ref C: 2024-01-06T17:40:22Z
    date: Sat, 06 Jan 2024 17:40:22 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 272652
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7DC6823D3EEF497FA8BC8B85099116BE Ref B: LON04EDGE0709 Ref C: 2024-01-06T17:40:23Z
    date: Sat, 06 Jan 2024 17:40:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 361903
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3A963F8FD4344A02A8DDE44177EBF0E3 Ref B: LON04EDGE0709 Ref C: 2024-01-06T17:40:25Z
    date: Sat, 06 Jan 2024 17:40:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 425794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 369838E8553A40A79CEEBC188B604555 Ref B: LON04EDGE0709 Ref C: 2024-01-06T17:40:25Z
    date: Sat, 06 Jan 2024 17:40:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301491_1LL1FHWSDTTTRGIZC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301491_1LL1FHWSDTTTRGIZC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • 94.229.72.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    830 B
    560 B
    6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 108.59.12.100:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    76e08852358fe15ac4629a70c6a02181.exe
    2.4kB
    640 B
    8
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    1.2kB
    592 B
    13
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 108.59.12.100:80
    http://r2.getapplicationmy.info/?report_version=5&
    http
    76e08852358fe15ac4629a70c6a02181.exe
    4.0kB
    438 B
    11
    6

    HTTP Request

    POST http://r2.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    1.5kB
    398 B
    7
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 94.229.72.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    880 B
    398 B
    6
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 94.229.72.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    926 B
    398 B
    7
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 94.229.72.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=
    http
    76e08852358fe15ac4629a70c6a02181.exe
    1.6kB
    398 B
    8
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=3994996697908599196&publisher_id=947&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=6043975087415705142&external_id=0&session_id=9837018302780040121&hardware_id=9275814170099845931&installer=&_file_name=ToontrackVocalToolboxEZmixPackWORKIN&product=&_name=ToontrackVocalToolboxEZmixPackWORKING&q=&ToontrackVocalToolboxEZmixPackWORKING=&id=index.html&product_name=Your+File&filesize=

    HTTP Response

    429
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    8.7kB
    17
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301491_1LL1FHWSDTTTRGIZC&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    62.3kB
    1.6MB
    1178
    1172

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301058_17JUKZU9RAC77URQ8&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301491_1LL1FHWSDTTTRGIZC&pid=21.2&w=1080&h=1920&c=4
  • 8.8.8.8:53
    23.177.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    193.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    193.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    210 B
    156 B
    3
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    167.109.18.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    167.109.18.2.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    13.227.111.52.in-addr.arpa

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    23.181.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    76e08852358fe15ac4629a70c6a02181.exe
    70 B
    86 B
    1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    108.59.12.100

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    76e08852358fe15ac4629a70c6a02181.exe
    70 B
    86 B
    1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    94.229.72.116

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    76e08852358fe15ac4629a70c6a02181.exe
    70 B
    86 B
    1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.116

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    76e08852358fe15ac4629a70c6a02181.exe
    70 B
    86 B
    1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    108.59.12.100

  • 8.8.8.8:53
    116.72.229.94.in-addr.arpa
    dns
    72 B
    107 B
    1
    1

    DNS Request

    116.72.229.94.in-addr.arpa

  • 8.8.8.8:53
    100.12.59.108.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    100.12.59.108.in-addr.arpa

  • 8.8.8.8:53
    8.192.122.92.in-addr.arpa
    dns
    142 B
    135 B
    2
    1

    DNS Request

    8.192.122.92.in-addr.arpa

    DNS Request

    8.192.122.92.in-addr.arpa

  • 8.8.8.8:53
    8.173.189.20.in-addr.arpa
    dns
    142 B
    314 B
    2
    2

    DNS Request

    8.173.189.20.in-addr.arpa

    DNS Request

    8.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    146 B
    294 B
    2
    2

    DNS Request

    158.240.127.40.in-addr.arpa

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    346 B
    2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuD3B42E7E.dll

    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

  • C:\Users\Admin\AppData\Local\Temp\{58226EDF-FE42-4F84-AD6F-B66083C14C29}\Custom.dll

    Filesize

    91KB

    MD5

    c9d3d86ee95ae4d20c80de9ddaa8fa40

    SHA1

    5f0546ec86f3e27f0eec4d5d5451edc630907654

    SHA256

    b34ca5ec63459956e72289b6b1d85891377c4ef451b48f42d92ab7d1aad117a9

    SHA512

    ea895f339e31432497401782a17275cecda18286a158ad191dc1a5c2c3c541205c679689a74ff46c4e4861c7e6d87bf862e54049b419675cadaeea76c400b186

  • C:\Users\Admin\AppData\Local\Temp\{58226EDF-FE42-4F84-AD6F-B66083C14C29}\_Setup.dll

    Filesize

    170KB

    MD5

    1aabcda403b1a6801317ef9921e80c91

    SHA1

    082d05c392a00a6045afabc6aece91e5879cbdcc

    SHA256

    09cd996ee6e10242e7fa0052c7599b293f4ea28b235d270a6bc253d03ffff467

    SHA512

    a35975b65372335aff47565bb104f918f089c5bc452e5107a8d767b03350a2a7155e8632c54d28f7dc1d79eb637fabb9ad2e0975fef5c86f902d2f35dcd240ae

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.