29839d31663013c83c4185fac13f76bcdd464e70dafded50ad3b76c69a1b8935

Analysis

max time kernel
116s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 14:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b7ed7cbea668d74d4cd18450945a338.exe
Size

7KB
MD5

1b7ed7cbea668d74d4cd18450945a338
SHA1

f5700ba37d5381888bfd67b25339b80bb66ffa4b
SHA256

29839d31663013c83c4185fac13f76bcdd464e70dafded50ad3b76c69a1b8935
SHA512

32d09a70d4b40f45f13991014a3ee0fb9739324b82d4607642dbbb6a4666c20ae2e189b9c59303f29a12c5c512ca19406dc3b52650aac8a3378132ac85cb48d1
SSDEEP

192:i7NgB/3euYrnuT+WRlJkr+QUg/5E9Hwa99iGHQ+sMbF:ANglfNkiQQ9bn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1592	812	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\1b7ed7cbea668d74d4cd18450945a338.exe
"C:\Users\Admin\AppData\Local\Temp\1b7ed7cbea668d74d4cd18450945a338.exe"
1⤵
PID:812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 232
  2⤵
  - Program crash
  PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 812 -ip 812
1⤵
PID:3192

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=217B23202C396E153A4A30D92D826FC9; domain=.bing.com; expires=Sat, 25-Jan-2025 02:28:41 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CAE1A6F63FA24D13B34AEA4C37B2BF45 Ref B: LON04EDGE0813 Ref C: 2024-01-01T02:28:41Z
date: Mon, 01 Jan 2024 02:28:41 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=217B23202C396E153A4A30D92D826FC9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ZxZ8Ewn8aAiIeKIPxy6fpkDSfrE8R2fj3cN5W7Hlaqg; domain=.bing.com; expires=Sat, 25-Jan-2025 02:28:41 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A70C03E7A07F44509C049745A4FF9746 Ref B: LON04EDGE0813 Ref C: 2024-01-01T02:28:41Z
date: Mon, 01 Jan 2024 02:28:41 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=217B23202C396E153A4A30D92D826FC9; MSPTC=ZxZ8Ewn8aAiIeKIPxy6fpkDSfrE8R2fj3cN5W7Hlaqg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2C576236A7F44318794AC2F4546C8A6 Ref B: LON04EDGE0813 Ref C: 2024-01-01T02:28:42Z
date: Mon, 01 Jan 2024 02:28:41 GMT
DNS

3.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.181.190.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

tls, http2

2.5kB
10.8kB
26
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c107c654d6fd48519318ec56c38fee03&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204
204.79.197.200:443

g.bing.com

28.2kB
749.0kB
550
547
204.79.197.200:443

g.bing.com

731 B
2.7kB
10
9
40.127.169.103:443
96.16.110.41:443

tls

138 B
111 B
3
2
20.123.104.105:443
20.73.194.208:443
96.16.110.114:80
40.127.169.103:443
40.127.169.103:443
4.231.128.59:443
4.231.128.59:443
13.95.31.18:443
40.127.169.103:443
92.123.241.104:80
92.123.241.104:80
20.123.104.105:443
13.95.31.18:443
20.54.110.119:443
13.95.31.18:443
40.127.169.103:443
40.127.169.103:443
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
93.184.221.240:80
93.184.221.240:80
93.184.221.240:80
93.184.221.240:80
93.184.221.240:80
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
93.184.221.240:80
93.184.221.240:80
93.184.221.240:80
93.184.221.240:80
88.221.134.18:80
93.184.221.240:80
88.221.134.18:80
93.184.221.240:80
93.184.221.240:80

2.3kB
110.4kB
48
79
96.16.110.114:80
96.16.110.114:80
52.111.229.43:443
20.74.47.205:443
20.74.47.205:443
20.74.47.205:443
204.79.197.200:443

g.bing.com

46 B
1
204.79.197.200:443

g.bing.com

46 B
1
204.79.197.200:443

g.bing.com

46 B
1

8.8.8.8:53

g.bing.com

dns

112 B
158 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

3.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

3.181.190.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.