Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 19:49
Static task
static1
Behavioral task
behavioral1
Sample
023ab5f6abb5ea4c858ba4e70914bd96.js
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
023ab5f6abb5ea4c858ba4e70914bd96.js
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
023ab5f6abb5ea4c858ba4e70914bd96.js
-
Size
17KB
-
MD5
023ab5f6abb5ea4c858ba4e70914bd96
-
SHA1
dac680944566aafc60ba156122d27f69ad623997
-
SHA256
e399f91572f3a0ade1787008566241bcc6856ff13c073872bad41fab604be257
-
SHA512
ec4735e4a69abb5239f12b2b1f2a9013f75059f151cdc2c25124c12109811a2bd4feb55894bec8e00c96c7605e576262ae4a1af136bd4d8f7d8faa75dac45395
-
SSDEEP
192:BheXdgBb9juRdwarkRZNb9ZOdiIZ8G26Q2oaefTg8gKPkrVGKVRuUYbo4YFHHLCQ:aRdYV9ZU2aefTg8g0QRuJ2xWC
Score
1/10
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request192.178.17.96.in-addr.arpaIN PTRResponse192.178.17.96.in-addr.arpaIN PTRa96-17-178-192deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request192.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request195.233.44.23.in-addr.arpaIN PTRResponse195.233.44.23.in-addr.arpaIN PTRa23-44-233-195deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTRResponse16.234.44.23.in-addr.arpaIN PTRa23-44-234-16deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request16.234.44.23.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request134.71.91.104.in-addr.arpaIN PTRResponse134.71.91.104.in-addr.arpaIN PTRa104-91-71-134deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 553003
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10564EAADD4C4E0787861E5EBFD5FAD6 Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:06Z
date: Fri, 29 Dec 2023 22:15:06 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 606299
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 40E66631ED9040FD912C716C4B1E870E Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:06Z
date: Fri, 29 Dec 2023 22:15:06 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 565229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 199107E3C9CE4D20B1A159CA1E01024A Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:07Z
date: Fri, 29 Dec 2023 22:15:07 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 455787
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DFB5D1234A1B459882F6164364E32DA2 Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:07Z
date: Fri, 29 Dec 2023 22:15:07 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 349825
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2556AFE368AD4FAF9DA06B3B07B779F3 Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:07Z
date: Fri, 29 Dec 2023 22:15:07 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 347833
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 359D3FCE001C427D865C17B490DAAD80 Ref B: LON04EDGE1007 Ref C: 2023-12-29T22:15:10Z
date: Fri, 29 Dec 2023 22:15:10 GMT
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request184.178.17.96.in-addr.arpaIN PTRResponse184.178.17.96.in-addr.arpaIN PTRa96-17-178-184deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request48.192.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.192.11.51.in-addr.arpaIN PTRResponse
-
104 B 2
-
1.6kB 8.4kB 18 15
-
2.1kB 8.3kB 18 14
-
1.6kB 9.2kB 17 14
-
1.3kB 9.7kB 17 15
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4tls, http2107.8kB 3.1MB 2238 2233
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301299_1C7NVMDZ5MJ9XIWCU&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301708_183LKCEVHRTRH2RVD&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
83.177.190.20.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
241.154.82.20.in-addr.arpa
DNS Request
241.154.82.20.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
192.178.17.96.in-addr.arpa
DNS Request
192.178.17.96.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
88.156.103.20.in-addr.arpa
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
195.233.44.23.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
2.136.104.51.in-addr.arpa
DNS Request
2.136.104.51.in-addr.arpa
-
142 B 135 B 2 1
DNS Request
16.234.44.23.in-addr.arpa
DNS Request
16.234.44.23.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
134.71.91.104.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
184.178.17.96.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
11.227.111.52.in-addr.arpa
DNS Request
11.227.111.52.in-addr.arpa
-
216 B 158 B 3 1
DNS Request
79.121.231.20.in-addr.arpa
DNS Request
79.121.231.20.in-addr.arpa
DNS Request
79.121.231.20.in-addr.arpa
-
142 B 314 B 2 2
DNS Request
48.192.11.51.in-addr.arpa
DNS Request
48.192.11.51.in-addr.arpa