491bcf9fa93f577f6635a71d1170fcd5c6962c6cb8ce92e3f541909978639df5

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 22:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcb5164245b5e78d5566bde2ab2506c6.exe
Size

1.1MB
MD5

fcb5164245b5e78d5566bde2ab2506c6
SHA1

759cec277132b66a8ee069b4b388f38b8c5c3d20
SHA256

491bcf9fa93f577f6635a71d1170fcd5c6962c6cb8ce92e3f541909978639df5
SHA512

1de8f2c5b194aa6e1fc10e344fd20f946a20dd2506d57cf7a74e986e22a6286964bdd1adc9fe5a42404bd9d6879f9f8ce86f62b66acbf51c1d9f28861561a56c
SSDEEP

24576:qKeyxTAJnMHn36sQ7H/yQQuYmlswByeiGZAw1m:qKeyRAJe3LqaCY4LyeLZbm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1800	ltsjfmqfsy.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe	fcb5164245b5e78d5566bde2ab2506c6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 1800	384	fcb5164245b5e78d5566bde2ab2506c6.exe	90
PID 384 wrote to memory of 1800	384	fcb5164245b5e78d5566bde2ab2506c6.exe	90
PID 384 wrote to memory of 1800	384	fcb5164245b5e78d5566bde2ab2506c6.exe	90

C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe
"C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe
  "C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe"
  2⤵
  - Executes dropped EXE
  PID:1800

Network

DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR
DNS

181.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.178.17.96.in-addr.arpa

IN PTR

Response

181.178.17.96.in-addr.arpa

IN PTR

a96-17-178-181deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1AB3843B12D669A721ED97C0136D684F; domain=.bing.com; expires=Mon, 27-Jan-2025 15:34:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65491A28CE85401F8A18571B84286E50 Ref B: LON04EDGE0917 Ref C: 2024-01-03T15:34:47Z
date: Wed, 03 Jan 2024 15:34:47 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1AB3843B12D669A721ED97C0136D684F

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=GmfkgEef3lB-2e0q_ao82uu63JcpvIPCUY4I66PZYDQ; domain=.bing.com; expires=Mon, 27-Jan-2025 15:34:47 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 887B6CD86FD94CD197CCF00FBDABA566 Ref B: LON04EDGE0917 Ref C: 2024-01-03T15:34:47Z
date: Wed, 03 Jan 2024 15:34:47 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1AB3843B12D669A721ED97C0136D684F; MSPTC=GmfkgEef3lB-2e0q_ao82uu63JcpvIPCUY4I66PZYDQ

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CAD136EBBBA04BD2A3ED5F8C8F4D16DD Ref B: LON04EDGE0917 Ref C: 2024-01-03T15:34:47Z
date: Wed, 03 Jan 2024 15:34:47 GMT
DNS

149.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.177.190.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 343312
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FCA10964D0441C692C5FE90EB76BE7A Ref B: LON04EDGE0822 Ref C: 2024-01-03T15:35:46Z
date: Wed, 03 Jan 2024 15:35:46 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301369_1O7BEOR7552R1X27X&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301369_1O7BEOR7552R1X27X&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 314827
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EA13E075D6BD439E979DC97B78847ED2 Ref B: LON04EDGE0822 Ref C: 2024-01-03T15:35:46Z
date: Wed, 03 Jan 2024 15:35:46 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300936_1O8NXM6HEQ2320VK5&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300936_1O8NXM6HEQ2320VK5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 425048
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A11349406EC458A9EF63A5010ED94B7 Ref B: LON04EDGE0822 Ref C: 2024-01-03T15:35:46Z
date: Wed, 03 Jan 2024 15:35:46 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 272652
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B213E943F53B4957981C2EA93CA7518F Ref B: LON04EDGE0822 Ref C: 2024-01-03T15:35:46Z
date: Wed, 03 Jan 2024 15:35:46 GMT
DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR

Response

178.178.17.96.in-addr.arpa

IN PTR

a96-17-178-178deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

195.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.178.17.96.in-addr.arpa

IN PTR

Response

195.178.17.96.in-addr.arpa

IN PTR

a96-17-178-195deploystaticakamaitechnologiescom
DNS

50.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.134.221.88.in-addr.arpa

IN PTR

Response

50.134.221.88.in-addr.arpa

IN PTR

a88-221-134-50deploystaticakamaitechnologiescom
DNS

50.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.134.221.88.in-addr.arpa

IN PTR
DNS

50.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.134.221.88.in-addr.arpa

IN PTR
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR

Response

208.178.17.96.in-addr.arpa

IN PTR

a96-17-178-208deploystaticakamaitechnologiescom

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

tls, http2

2.5kB
9.4kB
22
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1bdde0e6911e4304b1a7fc5c30fa8eb8&localId=w:E69C44C8-74AB-2316-FAE1-5827350BD28A&deviceId=6896190259398603&anid=

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

tls, http2

51.4kB
1.4MB
1038
1033

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301369_1O7BEOR7552R1X27X&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300936_1O8NXM6HEQ2320VK5&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
10.6kB
18
16
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
9.3kB
20
16

8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

158.240.127.40.in-addr.arpa

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

181.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

181.178.17.96.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

149.177.190.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

149.177.190.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

210 B
156 B
3
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

178.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

178.178.17.96.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

138 B
131 B
2
1

DNS Request

100.5.17.2.in-addr.arpa

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

213 B
116 B
3
1

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

195.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

195.178.17.96.in-addr.arpa
8.8.8.8:53

50.134.221.88.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

50.134.221.88.in-addr.arpa

DNS Request

50.134.221.88.in-addr.arpa

DNS Request

50.134.221.88.in-addr.arpa
8.8.8.8:53

208.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

208.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe

Filesize
1.1MB

MD5
ede8149cf0b08b81189c6993f94361b4

SHA1
02c702d4764ef03c1b812cd39a7e011570088252

SHA256
3ce2744b02e5d5dc2c171d59908733466c2d8a442faddd2fe200caa8976e17ff

SHA512
9c56914cc4fe64c1439fd10d8c1100d2f23ddee516c8f02b501181990aa864c6427cea3e1754a93feb38b5b5608c96e31b1372c340a6b61378298cebdcec0f9a

Download Submit
memory/384-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/384-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/384-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1800-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1800-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.