Overview

overview

8

Static

static

3

14931fb37d...c6.exe

windows7-x64

8

14931fb37d...c6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 09:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14931fb37de312d3c98cd938891a7ec6.exe

  • Size

    273KB

  • MD5

    14931fb37de312d3c98cd938891a7ec6

  • SHA1

    a9fb867106c5103f774dcbcfd4f44f032a840250

  • SHA256

    134a2d6078fe68ee4a8d9bdf5337997332737534ea00d80415811c47de164593

  • SHA512

    a8c14c0a9826b6287d9b05ba165260792f0eb5317a86999d31ad910ba577ded20861ece8323ec70208fa8c367098d03d533a0aefad301a5c51b8021cb0b3665f

  • SSDEEP

    6144:l4qMZvK7bFvUeTC6vCj1SMYtDi2BNgzUU+dsWgHiuQ0:d0qBv1LG1L7/UU+2WgHDQ0

Score
8/10
persistence

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 4 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe
    "C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "sc create "14931fb37de312d3c98cd938891a7ec6" binPath= "C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe" start= auto && sc start "14931fb37de312d3c98cd938891a7ec6" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:832
      • C:\Windows\SysWOW64\sc.exe
        sc create "14931fb37de312d3c98cd938891a7ec6" binPath= "C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe" start= auto
        3⤵
        • Launches sc.exe
        PID:404
      • C:\Windows\SysWOW64\sc.exe
        sc start "14931fb37de312d3c98cd938891a7ec6"
        3⤵
        • Launches sc.exe
        PID:4868
  • C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe
    C:\Users\Admin\AppData\Local\Temp\14931fb37de312d3c98cd938891a7ec6.exe
    1⤵
    • Loads dropped DLL
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:5100

Network

  • flag-us
    DNS
    83.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    83.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.179.17.96.in-addr.arpa
    IN PTR
    Response
    83.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=29F4BF653528646D0428AC9C34C8650B; domain=.bing.com; expires=Sat, 25-Jan-2025 19:33:06 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E82C2A10554D4713B7F029985035AC57 Ref B: LON04EDGE1020 Ref C: 2024-01-01T19:33:05Z
    date: Mon, 01 Jan 2024 19:33:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=29F4BF653528646D0428AC9C34C8650B
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=EpaDezpVnkiKHcTe9kvq8XAnTOHGvjNU-EH-3aJ2EqU; domain=.bing.com; expires=Sat, 25-Jan-2025 19:33:08 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9DCF8B9CEBEE4E8F84010CEB48CEA7E1 Ref B: LON04EDGE1020 Ref C: 2024-01-01T19:33:08Z
    date: Mon, 01 Jan 2024 19:33:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=29F4BF653528646D0428AC9C34C8650B; MSPTC=EpaDezpVnkiKHcTe9kvq8XAnTOHGvjNU-EH-3aJ2EqU
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2BE35E4FD8AC49F39DA1F59A36BE6410 Ref B: LON04EDGE1020 Ref C: 2024-01-01T19:33:09Z
    date: Mon, 01 Jan 2024 19:33:09 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    167.109.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.109.18.2.in-addr.arpa
    IN PTR
    Response
    167.109.18.2.in-addr.arpa
    IN PTR
    a2-18-109-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 532606
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C4AD35FA7CD94FA5ACE8BC06FA54D8D8 Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301067_1ZU6SE5I441HMK8LK&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301067_1ZU6SE5I441HMK8LK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 336484
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 50B58332895F462CB59F33BD776AEF6C Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 265561
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DD2FF099D772433C8393AE51474DB87A Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 460710
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D683B244D277488E85B466913D5944B4 Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301323_1AVULELNRKG9EH3DR&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301323_1AVULELNRKG9EH3DR&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 401946
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 29BD48CB899E4D55A842D2040D3065BC Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301500_1UAMZFMFEP1QV3EDL&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301500_1UAMZFMFEP1QV3EDL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 199000
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E85894139CF0459796371F55442FAC9C Ref B: LON04EDGE0908 Ref C: 2024-01-01T19:33:46Z
    date: Mon, 01 Jan 2024 19:33:45 GMT
  • flag-us
    DNS
    77.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.179.17.96.in-addr.arpa
    IN PTR
    Response
    77.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-77deploystaticakamaitechnologiescom
  • flag-us
    DNS
    185.13.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    185.13.222.173.in-addr.arpa
    IN PTR
    Response
    185.13.222.173.in-addr.arpa
    IN PTR
    a173-222-13-185deploystaticakamaitechnologiescom
  • flag-us
    DNS
    185.13.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    185.13.222.173.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    47.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.179.17.96.in-addr.arpa
    IN PTR
    Response
    47.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-47deploystaticakamaitechnologiescom
  • flag-us
    DNS
    47.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.179.17.96.in-addr.arpa
    IN PTR
    Response
    47.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-47deploystaticakamaitechnologiescom
  • flag-us
    DNS
    66.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.179.17.96.in-addr.arpa
    IN PTR
    Response
    66.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-66deploystaticakamaitechnologiescom
  • flag-us
    DNS
    66.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.179.17.96.in-addr.arpa
    IN PTR
    Response
    66.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-66deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
    Response
    23.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    32.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.179.17.96.in-addr.arpa
    IN PTR
    Response
    32.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.179.17.96.in-addr.arpa
    IN PTR
    Response
    32.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    90.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    90.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
    tls, http2
    2.4kB
     9.7kB
     25
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d061fdb13cfb4103845e503b5ac6fb75&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.3kB
     17
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301500_1UAMZFMFEP1QV3EDL&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    82.3kB
     2.3MB
     1663
    1660

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301067_1ZU6SE5I441HMK8LK&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301323_1AVULELNRKG9EH3DR&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301500_1UAMZFMFEP1QV3EDL&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.3kB
     18
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.3kB
     17
    14
  • 8.8.8.8:53
    83.177.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    83.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    83.179.17.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    83.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    167.109.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    167.109.18.2.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    206.23.85.13.in-addr.arpa

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     173 B
     2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    77.179.17.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    77.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    185.13.222.173.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    185.13.222.173.in-addr.arpa

    DNS Request

    185.13.222.173.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    146 B
     278 B
     2
    2

    DNS Request

    217.135.221.88.in-addr.arpa

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    47.179.17.96.in-addr.arpa
    dns
    142 B
     270 B
     2
    2

    DNS Request

    47.179.17.96.in-addr.arpa

    DNS Request

    47.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    66.179.17.96.in-addr.arpa
    dns
    142 B
     270 B
     2
    2

    DNS Request

    66.179.17.96.in-addr.arpa

    DNS Request

    66.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    23.160.77.104.in-addr.arpa
    dns
    216 B
     137 B
     3
    1

    DNS Request

    23.160.77.104.in-addr.arpa

    DNS Request

    23.160.77.104.in-addr.arpa

    DNS Request

    23.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    32.179.17.96.in-addr.arpa
    dns
    142 B
     270 B
     2
    2

    DNS Request

    32.179.17.96.in-addr.arpa

    DNS Request

    32.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    90.65.42.20.in-addr.arpa
    dns
    140 B
     312 B
     2
    2

    DNS Request

    90.65.42.20.in-addr.arpa

    DNS Request

    90.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dki6A24.tmp
    Filesize

    172KB

    MD5

    fe763c2d71419352141c77c310e600d2

    SHA1

    6bb51ebcbde9fe5556a74319b49bea37d5542d5e

    SHA256

    7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

    SHA512

    147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

    Download Submit

  • memory/1540-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1540-7-0x00000000021B0000-0x0000000002223000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1540-8-0x00000000021B0000-0x0000000002223000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1540-18-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1540-17-0x00000000021B0000-0x0000000002223000-memory.dmp

    Filesize

    460KB

    Download

  • memory/5100-9-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/5100-15-0x0000000000D80000-0x0000000000DF3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/5100-16-0x0000000000D80000-0x0000000000DF3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/5100-21-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.