6b6e7c350416c243a071e746e620de926646f77bfd44e14ac0b1c3cf3a500d5e

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a1e944f26a88e2ab2b489dadd79148.exe
Size

348KB
MD5

38a1e944f26a88e2ab2b489dadd79148
SHA1

852b3fd34f21bd38f2e1c6f64ada2cbb19833705
SHA256

6b6e7c350416c243a071e746e620de926646f77bfd44e14ac0b1c3cf3a500d5e
SHA512

55b95ef2b57465e908e1fb9c814483108860f82f030566891ee5c0f5172d2ac8c180aa7079e079d06167d2751e79f2796af57f23111edcd51bba1b2dae033f9d
SSDEEP

6144:QDZXWOxvZ7NJ7O88LnKL5PtNVWg5sBbk9:QDzvZ/7RaKL5/AMMI9

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	4460	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\38a1e944f26a88e2ab2b489dadd79148.exe
"C:\Users\Admin\AppData\Local\Temp\38a1e944f26a88e2ab2b489dadd79148.exe"
1⤵
PID:4460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 304
  2⤵
  - Program crash
  PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4460 -ip 4460
1⤵
PID:736

Network

DNS

83.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.177.190.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0CCAC347386D66972A6FD745394A671B; domain=.bing.com; expires=Mon, 03-Feb-2025 19:07:45 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2E123FC7F2F4A7FBCDC92428D473F99 Ref B: LON04EDGE0611 Ref C: 2024-01-10T19:07:45Z
date: Wed, 10 Jan 2024 19:07:44 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CCAC347386D66972A6FD745394A671B

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Gnw8vS3sfdrfnGLfZQ1Cuh3lsbV88DAUTHgnA3tTXXQ; domain=.bing.com; expires=Mon, 03-Feb-2025 19:07:45 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F3FF6B9315194BC2A64706EFAD28D3E1 Ref B: LON04EDGE0611 Ref C: 2024-01-10T19:07:45Z
date: Wed, 10 Jan 2024 19:07:44 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CCAC347386D66972A6FD745394A671B; MSPTC=Gnw8vS3sfdrfnGLfZQ1Cuh3lsbV88DAUTHgnA3tTXXQ

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 849BE06CB96B45F498BE9E7587477DAB Ref B: LON04EDGE0611 Ref C: 2024-01-10T19:07:45Z
date: Wed, 10 Jan 2024 19:07:44 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR

Response

208.178.17.96.in-addr.arpa

IN PTR

a96-17-178-208deploystaticakamaitechnologiescom
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

tls, http2

2.0kB
9.5kB
22
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62630490dc3e427680787474293b640c&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204
20.231.121.79:80

52 B
1
192.229.221.95:80
96.16.110.114:80
138.91.171.81:80
20.73.194.208:443
20.73.194.208:443
13.85.23.206:443
13.85.23.206:443
2.18.110.57:80
52.142.223.178:80
104.77.160.23:80
23.37.1.183:80
23.37.1.183:80
20.54.110.119:443
13.85.23.206:443
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
88.221.134.18:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
88.221.134.18:80
87.248.205.0:80
87.248.205.0:80
88.221.134.18:80
88.221.134.18:80
96.17.178.188:80
96.17.178.175:80
88.221.134.18:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
87.248.205.0:80
88.221.134.18:80
88.221.134.18:80
96.17.178.188:80
96.17.178.175:80
96.17.178.188:80
96.17.178.175:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
52.111.236.22:443
96.17.178.188:80
96.17.178.188:80
96.17.178.188:80
88.221.135.217:80
88.221.135.217:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
20.199.58.43:443
20.199.58.43:443
20.199.58.43:443
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
204.79.197.200:443
204.79.197.200:443
204.79.197.200:443
204.79.197.200:443
204.79.197.200:443
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
96.17.178.206:80
13.85.23.206:443
104.77.160.28:80
104.77.160.28:80
104.77.160.28:80
96.17.178.179:80
104.77.160.28:80
96.17.178.179:80
104.77.160.28:80
104.77.160.28:80
96.17.178.179:80
96.17.178.179:80
96.17.178.179:80
96.17.178.179:80
96.17.179.75:80
96.17.179.75:80
104.77.160.28:80
104.77.160.28:80
96.17.178.179:80
96.17.178.179:80
96.17.178.179:80
13.85.23.206:443
104.77.160.28:80
96.17.178.179:80
96.17.178.179:80

8.8.8.8:53

83.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

83.177.190.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

2.136.104.51.in-addr.arpa

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

208.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

208.178.17.96.in-addr.arpa

DNS Request

208.178.17.96.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4460-0-0x00000000005A0000-0x00000000005C6000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.