Overview

overview

10

Static

static

3

3e965a35b6...7f.exe

windows7-x64

10

3e965a35b6...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    226s
  • max time network
    241s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 13:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e965a35b69836129f1d4d30b3c4117f.exe

  • Size

    340KB

  • MD5

    3e965a35b69836129f1d4d30b3c4117f

  • SHA1

    2a5a3a03d653442f58d3c403b7b57c9296087cfa

  • SHA256

    7dc34acf3cf4a41af8284ab263ea729c0e539db9c2539e6d6643d063b2b2d302

  • SHA512

    cd3ae3dc6cef62cb7079852a9e9ac8f2bf64ade3c3fa4dd2e0b7c086ab0a3a4054d313e249a0d180d6ef2817e376cd05155f6194901d6ab3146899bb42862c7f

  • SSDEEP

    3072:pmjTKNQnR0r8FIwQBNjXnAg0FuGksquMo3PHlzPX4XeOE6kl29vxCFb14tGKbu2z:pATKsRk8g5nAOraFaJEh2DWqG8U

Score
10/10
mylobotbotnetpersistence

Malware Config

Extracted

Family

mylobot

C2

op17.ru:6006

eakalra.ru:1281

zgclgdb.ru:8518

hpifnad.ru:3721

lbjcwix.ru:8326

rykacfb.ru:8483

benkofx.ru:3333

fpzskbc.ru:9364

ouxtjzd.ru:8658

schwpxp.ru:2956

pspkgya.ru:2675

lmlwtdm.ru:2768

rzwnsph.ru:5898

awtiwzk.ru:9816

pzljenb.ru:3486

yhjtpyf.ru:3565

ogkbsoq.ru:2553

rjngcbj.ru:5655

jlfeopz.ru:4698

wqcruiz.ru:2165

Signatures

  • Mylobot

    Botnet which first appeared in 2017 written in C++.

    botnetmylobot
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 9 IoCs
  • Checks SCSI registry key(s) 3 TTPs 2 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
    "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
      "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
      2⤵
        PID:3088
      • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
        "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
        2⤵
          PID:4932
        • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
          "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
          2⤵
            PID:2432
          • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
            "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
            2⤵
              PID:3784
            • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
              "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
              2⤵
              • Checks SCSI registry key(s)
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: MapViewOfSection
              PID:208
              • C:\Windows\SysWOW64\svchost.exe
                "C:\Windows\system32\svchost.exe"
                3⤵
                • Adds Run key to start application
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                PID:4308
            • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
              "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
              2⤵
                PID:3736
              • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
                "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
                2⤵
                  PID:1260
                • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
                  "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
                  2⤵
                    PID:4792
                  • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
                    "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
                    2⤵
                      PID:1088
                    • C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe
                      "C:\Users\Admin\AppData\Local\Temp\3e965a35b69836129f1d4d30b3c4117f.exe"
                      2⤵
                        PID:628

                    Network

                    • flag-us
                      DNS
                      76.32.126.40.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      76.32.126.40.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      0.205.248.87.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      0.205.248.87.in-addr.arpa
                      IN PTR
                      Response
                      0.205.248.87.in-addr.arpa
                      IN PTR
                      https-87-248-205-0lgwllnwnet
                    • flag-us
                      DNS
                      0.205.248.87.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      0.205.248.87.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      95.221.229.192.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      95.221.229.192.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      43.229.111.52.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      43.229.111.52.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      50.23.12.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      50.23.12.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      241.154.82.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      241.154.82.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      18.31.95.13.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      18.31.95.13.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      146.78.124.51.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      146.78.124.51.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      146.78.124.51.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      146.78.124.51.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      18.134.221.88.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      18.134.221.88.in-addr.arpa
                      IN PTR
                      Response
                      18.134.221.88.in-addr.arpa
                      IN PTR
                      a88-221-134-18deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      g.bing.com
                      Remote address:
                      8.8.8.8:53
                      Request
                      g.bing.com
                      IN A
                      Response
                      g.bing.com
                      IN CNAME
                      g-bing-com.a-0001.a-msedge.net
                      g-bing-com.a-0001.a-msedge.net
                      IN CNAME
                      dual-a-0001.a-msedge.net
                      dual-a-0001.a-msedge.net
                      IN A
                      204.79.197.200
                      dual-a-0001.a-msedge.net
                      IN A
                      13.107.21.200
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      set-cookie: MUID=0023E08CF2FA6DE21BC1F377F3DD6C1C; domain=.bing.com; expires=Mon, 27-Jan-2025 13:20:27 GMT; path=/; SameSite=None; Secure; Priority=High;
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 59C06EF92F74416D9ACD7334E46F0A29 Ref B: LON04EDGE0615 Ref C: 2024-01-03T13:20:27Z
                      date: Wed, 03 Jan 2024 13:20:27 GMT
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      cookie: MUID=0023E08CF2FA6DE21BC1F377F3DD6C1C
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      set-cookie: MSPTC=oIr3a2l7kBOcgJAVje9CfceIllWEWpe7FjVuTX9v6GY; domain=.bing.com; expires=Mon, 27-Jan-2025 13:20:27 GMT; path=/; Partitioned; secure; SameSite=None
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 63EDCFE58D874289B958CF24B73E6309 Ref B: LON04EDGE0615 Ref C: 2024-01-03T13:20:27Z
                      date: Wed, 03 Jan 2024 13:20:27 GMT
                    • flag-us
                      GET
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
                      host: g.bing.com
                      accept-encoding: gzip, deflate
                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                      cookie: MUID=0023E08CF2FA6DE21BC1F377F3DD6C1C; MSPTC=oIr3a2l7kBOcgJAVje9CfceIllWEWpe7FjVuTX9v6GY
                      Response
                      HTTP/2.0 204
                      cache-control: no-cache, must-revalidate
                      pragma: no-cache
                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                      access-control-allow-origin: *
                      x-cache: CONFIG_NOCACHE
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: B0AA930FAA9B447BB630B29AAEFEBF3A Ref B: LON04EDGE0615 Ref C: 2024-01-03T13:20:27Z
                      date: Wed, 03 Jan 2024 13:20:27 GMT
                    • flag-us
                      DNS
                      195.233.44.23.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      195.233.44.23.in-addr.arpa
                      IN PTR
                      Response
                      195.233.44.23.in-addr.arpa
                      IN PTR
                      a23-44-233-195deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      200.197.79.204.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      200.197.79.204.in-addr.arpa
                      IN PTR
                      Response
                      200.197.79.204.in-addr.arpa
                      IN PTR
                      a-0001a-msedgenet
                    • flag-us
                      DNS
                      205.47.74.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      205.47.74.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      9.228.82.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      9.228.82.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      tse1.mm.bing.net
                      Remote address:
                      8.8.8.8:53
                      Request
                      tse1.mm.bing.net
                      IN A
                      Response
                      tse1.mm.bing.net
                      IN CNAME
                      mm-mm.bing.net.trafficmanager.net
                      mm-mm.bing.net.trafficmanager.net
                      IN CNAME
                      dual-a-0001.a-msedge.net
                      dual-a-0001.a-msedge.net
                      IN A
                      204.79.197.200
                      dual-a-0001.a-msedge.net
                      IN A
                      13.107.21.200
                    • flag-us
                      DNS
                      tse1.mm.bing.net
                      Remote address:
                      8.8.8.8:53
                      Request
                      tse1.mm.bing.net
                      IN A
                    • flag-us
                      DNS
                      tse1.mm.bing.net
                      Remote address:
                      8.8.8.8:53
                      Request
                      tse1.mm.bing.net
                      IN A
                    • flag-us
                      DNS
                      tse1.mm.bing.net
                      Remote address:
                      8.8.8.8:53
                      Request
                      tse1.mm.bing.net
                      IN A
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 425794
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: C87B299157BF4534987E3BFD516D4498 Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:20:47Z
                      date: Wed, 03 Jan 2024 13:20:47 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 506566
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 1FB420363E0545A2B18616E75EDC0C46 Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:20:47Z
                      date: Wed, 03 Jan 2024 13:20:47 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301194_1BB7MER7NWV3AQK9M&pid=21.2&w=1920&h=1080&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301194_1BB7MER7NWV3AQK9M&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 308926
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 70A9A36CCED44439B8E6BAD4A55F0FD5 Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:20:47Z
                      date: Wed, 03 Jan 2024 13:20:47 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 481315
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: A099D157945443108B85D2188178006F Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:20:47Z
                      date: Wed, 03 Jan 2024 13:20:47 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 361903
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 6DFEFA9EAD664EA294AB164C7DDBDD00 Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:20:47Z
                      date: Wed, 03 Jan 2024 13:20:47 GMT
                    • flag-us
                      GET
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301603_1BR89K0OLV9RXH5TJ&pid=21.2&w=1080&h=1920&c=4
                      Remote address:
                      204.79.197.200:443
                      Request
                      GET /th?id=OADD2.10239317301603_1BR89K0OLV9RXH5TJ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                      host: tse1.mm.bing.net
                      accept: */*
                      accept-encoding: gzip, deflate, br
                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                      Response
                      HTTP/2.0 200
                      cache-control: public, max-age=2592000
                      content-length: 309212
                      content-type: image/jpeg
                      x-cache: TCP_HIT
                      access-control-allow-origin: *
                      access-control-allow-headers: *
                      access-control-allow-methods: GET, POST, OPTIONS
                      timing-allow-origin: *
                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      x-msedge-ref: Ref A: 2C5E0842D2B342EE9D331D95BBD3A9A1 Ref B: LON04EDGE0609 Ref C: 2024-01-03T13:21:18Z
                      date: Wed, 03 Jan 2024 13:21:18 GMT
                    • flag-us
                      DNS
                      4.173.189.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.173.189.20.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      4.173.189.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.173.189.20.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      4.173.189.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.173.189.20.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      4.173.189.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.173.189.20.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      4.173.189.20.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.173.189.20.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      66.134.221.88.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      66.134.221.88.in-addr.arpa
                      IN PTR
                      Response
                      66.134.221.88.in-addr.arpa
                      IN PTR
                      a88-221-134-66deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      202.135.221.88.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      202.135.221.88.in-addr.arpa
                      IN PTR
                      Response
                      202.135.221.88.in-addr.arpa
                      IN PTR
                      a88-221-135-202deploystaticakamaitechnologiescom
                    • flag-us
                      DNS
                      2.136.104.51.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      2.136.104.51.in-addr.arpa
                      IN PTR
                      Response
                    • flag-us
                      DNS
                      2.136.104.51.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      2.136.104.51.in-addr.arpa
                      IN PTR
                    • 204.79.197.200:443
                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
                      tls, http2
                      2.3kB
                       9.4kB
                       23
                      18

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

                      HTTP Response

                      204

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

                      HTTP Response

                      204

                      HTTP Request

                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6a9f72e5eeed44f1bd6ce28180967c53&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

                      HTTP Response

                      204
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.8kB
                       8.2kB
                       18
                      13
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.8kB
                       8.2kB
                       18
                      13
                    • 204.79.197.200:443
                      https://tse1.mm.bing.net/th?id=OADD2.10239317301603_1BR89K0OLV9RXH5TJ&pid=21.2&w=1080&h=1920&c=4
                      tls, http2
                      92.5kB
                       2.5MB
                       1841
                      1829

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&w=1920&h=1080&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301194_1BB7MER7NWV3AQK9M&pid=21.2&w=1920&h=1080&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&w=1080&h=1920&c=4

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Response

                      200

                      HTTP Request

                      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301603_1BR89K0OLV9RXH5TJ&pid=21.2&w=1080&h=1920&c=4

                      HTTP Response

                      200
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.8kB
                       9.6kB
                       19
                      14
                    • 204.79.197.200:443
                      tse1.mm.bing.net
                      tls, http2
                      1.8kB
                       9.6kB
                       19
                      14
                    • 8.8.8.8:53
                      76.32.126.40.in-addr.arpa
                      dns
                      71 B
                       157 B
                       1
                      1

                      DNS Request

                      76.32.126.40.in-addr.arpa

                    • 8.8.8.8:53
                      0.205.248.87.in-addr.arpa
                      dns
                      142 B
                       116 B
                       2
                      1

                      DNS Request

                      0.205.248.87.in-addr.arpa

                      DNS Request

                      0.205.248.87.in-addr.arpa

                    • 8.8.8.8:53
                      95.221.229.192.in-addr.arpa
                      dns
                      73 B
                       144 B
                       1
                      1

                      DNS Request

                      95.221.229.192.in-addr.arpa

                    • 8.8.8.8:53
                      43.229.111.52.in-addr.arpa
                      dns
                      72 B
                       158 B
                       1
                      1

                      DNS Request

                      43.229.111.52.in-addr.arpa

                    • 8.8.8.8:53
                      50.23.12.20.in-addr.arpa
                      dns
                      70 B
                       156 B
                       1
                      1

                      DNS Request

                      50.23.12.20.in-addr.arpa

                    • 8.8.8.8:53
                      241.154.82.20.in-addr.arpa
                      dns
                      72 B
                       158 B
                       1
                      1

                      DNS Request

                      241.154.82.20.in-addr.arpa

                    • 8.8.8.8:53
                      18.31.95.13.in-addr.arpa
                      dns
                      70 B
                       144 B
                       1
                      1

                      DNS Request

                      18.31.95.13.in-addr.arpa

                    • 8.8.8.8:53
                      146.78.124.51.in-addr.arpa
                      dns
                      144 B
                       158 B
                       2
                      1

                      DNS Request

                      146.78.124.51.in-addr.arpa

                      DNS Request

                      146.78.124.51.in-addr.arpa

                    • 8.8.8.8:53
                      18.134.221.88.in-addr.arpa
                      dns
                      72 B
                       137 B
                       1
                      1

                      DNS Request

                      18.134.221.88.in-addr.arpa

                    • 8.8.8.8:53
                      g.bing.com
                      dns
                      56 B
                       158 B
                       1
                      1

                      DNS Request

                      g.bing.com

                      DNS Response

                      204.79.197.200
                      13.107.21.200

                    • 8.8.8.8:53
                      195.233.44.23.in-addr.arpa
                      dns
                      72 B
                       137 B
                       1
                      1

                      DNS Request

                      195.233.44.23.in-addr.arpa

                    • 8.8.8.8:53
                      200.197.79.204.in-addr.arpa
                      dns
                      73 B
                       106 B
                       1
                      1

                      DNS Request

                      200.197.79.204.in-addr.arpa

                    • 8.8.8.8:53
                      205.47.74.20.in-addr.arpa
                      dns
                      71 B
                       157 B
                       1
                      1

                      DNS Request

                      205.47.74.20.in-addr.arpa

                    • 8.8.8.8:53
                      9.228.82.20.in-addr.arpa
                      dns
                      70 B
                       156 B
                       1
                      1

                      DNS Request

                      9.228.82.20.in-addr.arpa

                    • 8.8.8.8:53
                      tse1.mm.bing.net
                      dns
                      248 B
                       173 B
                       4
                      1

                      DNS Request

                      tse1.mm.bing.net

                      DNS Request

                      tse1.mm.bing.net

                      DNS Request

                      tse1.mm.bing.net

                      DNS Request

                      tse1.mm.bing.net

                      DNS Response

                      204.79.197.200
                      13.107.21.200

                    • 8.8.8.8:53
                      4.173.189.20.in-addr.arpa
                      dns
                      355 B
                       157 B
                       5
                      1

                      DNS Request

                      4.173.189.20.in-addr.arpa

                      DNS Request

                      4.173.189.20.in-addr.arpa

                      DNS Request

                      4.173.189.20.in-addr.arpa

                      DNS Request

                      4.173.189.20.in-addr.arpa

                      DNS Request

                      4.173.189.20.in-addr.arpa

                    • 8.8.8.8:53
                      66.134.221.88.in-addr.arpa
                      dns
                      72 B
                       137 B
                       1
                      1

                      DNS Request

                      66.134.221.88.in-addr.arpa

                    • 8.8.8.8:53
                      202.135.221.88.in-addr.arpa
                      dns
                      73 B
                       139 B
                       1
                      1

                      DNS Request

                      202.135.221.88.in-addr.arpa

                    • 8.8.8.8:53
                      2.136.104.51.in-addr.arpa
                      dns
                      142 B
                       157 B
                       2
                      1

                      DNS Request

                      2.136.104.51.in-addr.arpa

                      DNS Request

                      2.136.104.51.in-addr.arpa

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\ProgramData\{D623729A-5141-B4FF-73CB-321032C9B3AF}\7b9ca205.exe
                      Filesize

                      340KB

                      MD5

                      3e965a35b69836129f1d4d30b3c4117f

                      SHA1

                      2a5a3a03d653442f58d3c403b7b57c9296087cfa

                      SHA256

                      7dc34acf3cf4a41af8284ab263ea729c0e539db9c2539e6d6643d063b2b2d302

                      SHA512

                      cd3ae3dc6cef62cb7079852a9e9ac8f2bf64ade3c3fa4dd2e0b7c086ab0a3a4054d313e249a0d180d6ef2817e376cd05155f6194901d6ab3146899bb42862c7f

                      Download Submit

                    • memory/208-14-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/208-15-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/208-16-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/208-28-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/1260-4-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/2548-10-0x0000000004600000-0x0000000004601000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2548-3-0x0000000004610000-0x0000000004611000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2548-2-0x0000000004570000-0x0000000004571000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2548-0-0x00000000040C0000-0x00000000040C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2548-1-0x0000000004560000-0x0000000004561000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/3736-23-0x00000000001C0000-0x00000000001C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/3736-26-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/3736-25-0x0000000000400000-0x000000000042B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-18-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-24-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-22-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-21-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-20-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-19-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    • memory/4308-17-0x0000000001200000-0x000000000122B000-memory.dmp

                      Filesize

                      172KB

                      Download

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.