Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/12/2023, 20:43 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f6cecb2518c91954523e8a40fd2444f8.exe
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f6cecb2518c91954523e8a40fd2444f8.exe
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
f6cecb2518c91954523e8a40fd2444f8.exe
-
Size
9KB
-
MD5
f6cecb2518c91954523e8a40fd2444f8
-
SHA1
a99db66226827772c1cb30f4c5e4277c7ce56d75
-
SHA256
082d2a65150f07528c272f69dc8ac6e84743eacc3fbb762ee15c87fde2043f81
-
SHA512
bc4a0a6d33864315b3a523eab5ea0d54df014431e824fff31dbd171f06281c30eedb90a20a469a6d7aa7f8d8eb97f54347de8da1afe0f305fff182129daf58d1
-
SSDEEP
192:ssnK2NQf/RvFqaA1M0CJ3UNiPIPrngaGD:swbNkRvFqaA1MTENiIru
Score
1/10
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request84.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request201.178.17.96.in-addr.arpaIN PTRResponse201.178.17.96.in-addr.arpaIN PTRa96-17-178-201deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTRResponse16.234.44.23.in-addr.arpaIN PTRa23-44-234-16deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request195.233.44.23.in-addr.arpaIN PTRResponse195.233.44.23.in-addr.arpaIN PTRa23-44-233-195deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 316725
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43B7EA8CFB8D427DABEFA914B8EF46AE Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:57Z
date: Tue, 09 Jan 2024 19:50:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301262_1RDFU04FEHLX4BCDQ&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301262_1RDFU04FEHLX4BCDQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 330316
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E092DA3FD4F8435A8F61659C447315F8 Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:57Z
date: Tue, 09 Jan 2024 19:50:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 425280
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 894C9C34ABD041218C799F6F4D018EF6 Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:57Z
date: Tue, 09 Jan 2024 19:50:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301671_1BH92C2YLS6P8OGGR&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301671_1BH92C2YLS6P8OGGR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 239533
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0CC22A91A2E94F4BA49B4D65757ED47F Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:57Z
date: Tue, 09 Jan 2024 19:50:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301651_1F1H60KU4IQQHGWIG&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301651_1F1H60KU4IQQHGWIG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 265850
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 742525786B254C50902CB77E6E4B1A16 Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:58Z
date: Tue, 09 Jan 2024 19:50:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301242_1SRW05UUR0YI3F1X9&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301242_1SRW05UUR0YI3F1X9&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 244362
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE593FF4ACF14A7AB71D96B2B374F5FA Ref B: LON04EDGE1120 Ref C: 2024-01-09T19:50:58Z
date: Tue, 09 Jan 2024 19:50:58 GMT
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request134.71.91.104.in-addr.arpaIN PTRResponse134.71.91.104.in-addr.arpaIN PTRa104-91-71-134deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTRResponse183.1.37.23.in-addr.arpaIN PTRa23-37-1-183deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request183.1.37.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request9.179.17.96.in-addr.arpaIN PTRResponse9.179.17.96.in-addr.arpaIN PTRa96-17-179-9deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request46.179.17.96.in-addr.arpaIN PTRResponse46.179.17.96.in-addr.arpaIN PTRa96-17-179-46deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request46.179.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request29.179.17.96.in-addr.arpaIN PTRResponse29.179.17.96.in-addr.arpaIN PTRa96-17-179-29deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request29.179.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTRResponse140.71.91.104.in-addr.arpaIN PTRa104-91-71-140deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request10.179.17.96.in-addr.arpaIN PTRResponse10.179.17.96.in-addr.arpaIN PTRa96-17-179-10deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request143.178.17.96.in-addr.arpaIN PTRResponse143.178.17.96.in-addr.arpaIN PTRa96-17-178-143deploystaticakamaitechnologiescom
-
104 B 2
-
1.4kB 8.2kB 16 13
-
1.5kB 9.1kB 17 13
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301242_1SRW05UUR0YI3F1X9&pid=21.2&w=1920&h=1080&c=4tls, http267.3kB 1.8MB 1324 1314
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301262_1RDFU04FEHLX4BCDQ&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301671_1BH92C2YLS6P8OGGR&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301651_1F1H60KU4IQQHGWIG&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301242_1SRW05UUR0YI3F1X9&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200 -
1.7kB 8.3kB 18 14
-
1.6kB 8.5kB 19 16
-
72 B 158 B 1 1
DNS Request
84.177.190.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
201.178.17.96.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
16.234.44.23.in-addr.arpa
DNS Request
16.234.44.23.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
195.233.44.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
134.71.91.104.in-addr.arpa
-
140 B 133 B 2 1
DNS Request
183.1.37.23.in-addr.arpa
DNS Request
183.1.37.23.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
9.179.17.96.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
46.179.17.96.in-addr.arpa
DNS Request
46.179.17.96.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
119.110.54.20.in-addr.arpa
DNS Request
119.110.54.20.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
29.179.17.96.in-addr.arpa
DNS Request
29.179.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
-
360 B 137 B 5 1
DNS Request
140.71.91.104.in-addr.arpa
DNS Request
140.71.91.104.in-addr.arpa
DNS Request
140.71.91.104.in-addr.arpa
DNS Request
140.71.91.104.in-addr.arpa
DNS Request
140.71.91.104.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
10.179.17.96.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
143.178.17.96.in-addr.arpa