Overview

overview

7

Static

static

7

242a6684cc...6b.exe

windows7-x64

7

242a6684cc...6b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    8s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    242a6684ccec9f5268c3e51492370a6b.exe

  • Size

    5.5MB

  • MD5

    242a6684ccec9f5268c3e51492370a6b

  • SHA1

    aa76ba821956eba61511786b558b64cdf4e28f7c

  • SHA256

    ff7ba9cb6800a28f7f721f8bd709278b7d984ed9c3b74d57451a6569046aebdd

  • SHA512

    954c1689578c0042af8dffaea0073ab063da6a9306f7bf326af862a54626ad8dbfd13c2c12f5bd21e79359d460c216e0f20c4894f85841e5121a56a73c649cf1

  • SSDEEP

    49152:Q6nZ1EAF1uIXFa7/rkGFXYifz7R2ySQZHttMay3vRmCFOGNj8mW4JH53R+wVG+l+:nnbaYw6ySsE35mCckFR+vicS43

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\242a6684ccec9f5268c3e51492370a6b.exe
    "C:\Users\Admin\AppData\Local\Temp\242a6684ccec9f5268c3e51492370a6b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Users\Admin\AppData\Local\Temp\242a6684ccec9f5268c3e51492370a6b.exe
      C:\Users\Admin\AppData\Local\Temp\242a6684ccec9f5268c3e51492370a6b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2424

Network

  • flag-us
    DNS
    cutit.org
    242a6684ccec9f5268c3e51492370a6b.exe
    Remote address:
    8.8.8.8:53
    Request
    cutit.org
    IN A
    Response
    cutit.org
    IN A
    64.91.240.248
  • flag-us
    GET
    https://cutit.org/oxgBR
    242a6684ccec9f5268c3e51492370a6b.exe
    Remote address:
    64.91.240.248:443
    Request
    GET /oxgBR HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: cutit.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 01 Jan 2024 22:16:48 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
    X-Powered-By: PHP/5.4.16
    Connection: close
    Cache-Control: no-cache
    Pragma: no-cache
    Location: http://ww12.cutit.org/oxgBR?usid=25&utid=4523948898
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    21.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    248.240.91.64.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    248.240.91.64.in-addr.arpa
    IN PTR
    Response
    248.240.91.64.in-addr.arpa
    IN PTR
    crocodile parklogiccom
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470736
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 09D40625ED7C48BCBED4002ADC5C9895 Ref B: LON04EDGE0913 Ref C: 2024-01-01T22:16:41Z
    date: Mon, 01 Jan 2024 22:16:41 GMT
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    40.13.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.13.222.173.in-addr.arpa
    IN PTR
    Response
    40.13.222.173.in-addr.arpa
    IN PTR
    a173-222-13-40deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0674A7F3E0D96465005EB40AE16265EA; domain=.bing.com; expires=Sat, 25-Jan-2025 22:16:42 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7BA1AC2D40E54AB595CA6C22EED94FC6 Ref B: LON04EDGE0813 Ref C: 2024-01-01T22:16:42Z
    date: Mon, 01 Jan 2024 22:16:41 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0674A7F3E0D96465005EB40AE16265EA
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=9wUa3xTy3n5XcM55reSyZoL97_thqlT3fUp0aq91YCg; domain=.bing.com; expires=Sat, 25-Jan-2025 22:16:42 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 80FC4CDB7DF647C89B7B0AC0B09189CA Ref B: LON04EDGE0813 Ref C: 2024-01-01T22:16:42Z
    date: Mon, 01 Jan 2024 22:16:41 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0674A7F3E0D96465005EB40AE16265EA; MSPTC=9wUa3xTy3n5XcM55reSyZoL97_thqlT3fUp0aq91YCg
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 76EA17E57A0D40FFBDF33F6EF98A72B9 Ref B: LON04EDGE0813 Ref C: 2024-01-01T22:16:42Z
    date: Mon, 01 Jan 2024 22:16:41 GMT
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    193.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    193.179.17.96.in-addr.arpa
    IN PTR
    Response
    193.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-193deploystaticakamaitechnologiescom
  • flag-us
    DNS
    ww12.cutit.org
    242a6684ccec9f5268c3e51492370a6b.exe
    Remote address:
    8.8.8.8:53
    Request
    ww12.cutit.org
    IN A
    Response
    ww12.cutit.org
    IN CNAME
    726512.parkingcrew.net
    726512.parkingcrew.net
    IN A
    76.223.26.96
    726512.parkingcrew.net
    IN A
    13.248.148.254
  • flag-us
    GET
    http://ww12.cutit.org/oxgBR?usid=25&utid=4523948898
    242a6684ccec9f5268c3e51492370a6b.exe
    Remote address:
    76.223.26.96:80
    Request
    GET /oxgBR?usid=25&utid=4523948898 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Cache-Control: no-cache
    Host: ww12.cutit.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 01 Jan 2024 22:16:48 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Vary: Accept-Encoding
    Vary: Accept-Encoding
    X-Buckets: bucket011
    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_I8LEXtaBeiLeCXFalKdGA2WBHBTa/G2kQ2g33HuI+j3LndLyvksrmqsFdXuyI2bzdzr544EIHR6ABMa6bmYf5w==
    X-Template: tpl_CleanPeppermintBlack_twoclick
    X-Language: english
    Accept-CH: viewport-width
    Accept-CH: dpr
    Accept-CH: device-memory
    Accept-CH: rtt
    Accept-CH: downlink
    Accept-CH: ect
    Accept-CH: ua
    Accept-CH: ua-full-version
    Accept-CH: ua-platform
    Accept-CH: ua-platform-version
    Accept-CH: ua-arch
    Accept-CH: ua-model
    Accept-CH: ua-mobile
    Accept-CH-Lifetime: 30
    X-Domain: cutit.org
    X-Subdomain: ww12
  • flag-us
    DNS
    96.26.223.76.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.26.223.76.in-addr.arpa
    IN PTR
    Response
    96.26.223.76.in-addr.arpa
    IN PTR
    aba1c1ff9d2ec5376awsglobalacceleratorcom
  • flag-us
    DNS
    96.26.223.76.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.26.223.76.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    167.109.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.109.18.2.in-addr.arpa
    IN PTR
    Response
    167.109.18.2.in-addr.arpa
    IN PTR
    a2-18-109-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    183.1.37.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.1.37.23.in-addr.arpa
    IN PTR
    Response
    183.1.37.23.in-addr.arpa
    IN PTR
    a23-37-1-183deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    17.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.134.221.88.in-addr.arpa
    IN PTR
    Response
    17.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    17.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.134.221.88.in-addr.arpa
    IN PTR
    Response
    17.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    187.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.178.17.96.in-addr.arpa
    IN PTR
    Response
    187.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-187deploystaticakamaitechnologiescom
  • flag-us
    DNS
    187.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.178.17.96.in-addr.arpa
    IN PTR
    Response
    187.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-187deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • 64.91.240.248:443
    https://cutit.org/oxgBR
    tls, http
    242a6684ccec9f5268c3e51492370a6b.exe
    1.1kB
     3.9kB
     14
    9

    HTTP Request

    GET https://cutit.org/oxgBR

    HTTP Response

    302
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    13.3kB
     362.2kB
     269
    267

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301103_1AT2QBQ1Q6ANODZ4C&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    tls, http2
    2.4kB
     9.7kB
     24
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ec236ee81065447b8680e3667db921a2&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204
  • 76.223.26.96:80
    http://ww12.cutit.org/oxgBR?usid=25&utid=4523948898
    http
    242a6684ccec9f5268c3e51492370a6b.exe
    1.1kB
     17.8kB
     20
    18

    HTTP Request

    GET http://ww12.cutit.org/oxgBR?usid=25&utid=4523948898

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls
    1.3kB
     10.5kB
     17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls
    85.3kB
     2.4MB
     1762
    1755
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls
    1.3kB
     10.5kB
     17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls
    1.2kB
     8.2kB
     15
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls
    1.3kB
     10.5kB
     17
    14
  • 8.8.8.8:53
    cutit.org
    dns
    242a6684ccec9f5268c3e51492370a6b.exe
    55 B
     71 B
     1
    1

    DNS Request

    cutit.org

    DNS Response

    64.91.240.248

  • 8.8.8.8:53
    21.177.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    248.240.91.64.in-addr.arpa
    dns
    72 B
     109 B
     1
    1

    DNS Request

    248.240.91.64.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    g.bing.com
    dns
    112 B
     158 B
     2
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    40.13.222.173.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    40.13.222.173.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    193.179.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    193.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    ww12.cutit.org
    dns
    242a6684ccec9f5268c3e51492370a6b.exe
    60 B
     128 B
     1
    1

    DNS Request

    ww12.cutit.org

    DNS Response

    76.223.26.96
    13.248.148.254

  • 8.8.8.8:53
    96.26.223.76.in-addr.arpa
    dns
    142 B
     127 B
     2
    1

    DNS Request

    96.26.223.76.in-addr.arpa

    DNS Request

    96.26.223.76.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    167.109.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    167.109.18.2.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    183.1.37.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    183.1.37.23.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    17.134.221.88.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    17.134.221.88.in-addr.arpa

    DNS Request

    17.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    187.178.17.96.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    187.178.17.96.in-addr.arpa

    DNS Request

    187.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    146 B
     144 B
     2
    1

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    21.236.111.52.in-addr.arpa

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     346 B
     2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/808-1-0x0000000002260000-0x00000000024BA000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/808-2-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/808-13-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/808-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2424-16-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2424-19-0x0000000002160000-0x00000000023BA000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2424-31-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.