Analysis
-
max time kernel
140s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 07:15 UTC
Static task
static1
Behavioral task
behavioral1
Sample
11e1f351761be053235e0c81838d30c3.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
11e1f351761be053235e0c81838d30c3.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
11e1f351761be053235e0c81838d30c3.exe
-
Size
298KB
-
MD5
11e1f351761be053235e0c81838d30c3
-
SHA1
07e9e0345dcb5220f8997246c4b07ca737353bcd
-
SHA256
5d3997c7f234df5fff4d3c8ca34628ea86b1661e52367df40ef97dc8b9fb7407
-
SHA512
fac6ba718581ed735251f6c02580a0993318f09f8a89f2df1a5a7ffcbd6562a394d8a8ae5225936f7f12973b1417efafb973af99843c6559a4e8117f719a1759
-
SSDEEP
6144:6qvh9fzMfF1/uISHy+m7CswhewVbsOLaWLaQ:6qTuF1/ufHy+m7ZwowmgaWLaQ
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\EasyTranslate.job 11e1f351761be053235e0c81838d30c3.exe
Processes
Network
-
Remote address:8.8.8.8:53Request4.181.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request4.181.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestget-multiple.linkIN AResponse
-
Remote address:8.8.8.8:53Requestget-multiple.linkIN A
-
Remote address:8.8.8.8:53Requestget-multiple.linkIN A
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcenter-ring.infoIN AResponse
-
Remote address:8.8.8.8:53Requestringmynorth.bizIN AResponse
-
Remote address:8.8.8.8:53Requestringmynorth.bizIN A
-
Remote address:8.8.8.8:53Request173.178.17.96.in-addr.arpaIN PTRResponse173.178.17.96.in-addr.arpaIN PTRa96-17-178-173deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request178.223.142.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN A
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN A
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN A
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 301043
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D5123855B3B4247A84CBA791AFAC992 Ref B: LON04EDGE0615 Ref C: 2024-01-01T08:16:09Z
date: Mon, 01 Jan 2024 08:16:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 272929
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5183804E849F40098CB74A5C338E169C Ref B: LON04EDGE0615 Ref C: 2024-01-01T08:16:09Z
date: Mon, 01 Jan 2024 08:16:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 396695
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9458980E3488444C8446A679FC9D0C11 Ref B: LON04EDGE0615 Ref C: 2024-01-01T08:16:12Z
date: Mon, 01 Jan 2024 08:16:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301536_1KEHL2APX3BZOFBAK&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301536_1KEHL2APX3BZOFBAK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 425124
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66C9DF2494B44C79A7928C45414BF0CA Ref B: LON04EDGE0615 Ref C: 2024-01-01T08:16:12Z
date: Mon, 01 Jan 2024 08:16:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 470736
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 979AFEE0469E454E960F9E0E213F1DBC Ref B: LON04EDGE0615 Ref C: 2024-01-01T08:16:12Z
date: Mon, 01 Jan 2024 08:16:11 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request131.109.69.13.in-addr.arpaIN PTRResponse
-
52 B 1
-
1.3kB 8.9kB 18 16
-
1.6kB 8.4kB 19 16
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4tls, http255.3kB 1.5MB 1145 1140
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301536_1KEHL2APX3BZOFBAK&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200 -
1.6kB 8.4kB 19 16
-
1.6kB 8.4kB 19 16
-
142 B 157 B 2 1
DNS Request
4.181.190.20.in-addr.arpa
DNS Request
4.181.190.20.in-addr.arpa
-
189 B 136 B 3 1
DNS Request
get-multiple.link
DNS Request
get-multiple.link
DNS Request
get-multiple.link
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
62 B 141 B 1 1
DNS Request
center-ring.info
-
122 B 123 B 2 1
DNS Request
ringmynorth.biz
DNS Request
ringmynorth.biz
-
72 B 137 B 1 1
DNS Request
173.178.17.96.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
178.223.142.52.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
58.99.105.20.in-addr.arpa
DNS Request
58.99.105.20.in-addr.arpa
-
248 B 173 B 4 1
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
144 B 137 B 2 1
DNS Request
194.178.17.96.in-addr.arpa
DNS Request
194.178.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
131.109.69.13.in-addr.arpa