Overview

overview

3

Static

static

3

28bf3281a9...xe.exe

windows7-x64

1

28bf3281a9...xe.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    174s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 17:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28bf3281a92f4c95bef7a0b410e4eb1ac4c829732793f6ccdc8cf6002669ea9dexe.exe

  • Size

    5.1MB

  • MD5

    5ba0b60a3100b6ff38752ea4132deb99

  • SHA1

    1583c67a2524d0372a838aacf27d48f4f79267dd

  • SHA256

    28bf3281a92f4c95bef7a0b410e4eb1ac4c829732793f6ccdc8cf6002669ea9d

  • SHA512

    fa23fccc45dad6f908c830165144253792c1609f7b872b513476d5bbc5fbf0fda85d82b3c5d8da1b840e20844d97f1f77a5925b84a9c93d2247409e90fc25123

  • SSDEEP

    98304:t+dCEaO8lppqkL1UC5gBoLhhqTr5O0xdp+mgulfa2FMIRavY9J+:tjEalnp7uCqBoFh2vxdp+mgulfa2FMIo

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28bf3281a92f4c95bef7a0b410e4eb1ac4c829732793f6ccdc8cf6002669ea9dexe.exe
    "C:\Users\Admin\AppData\Local\Temp\28bf3281a92f4c95bef7a0b410e4eb1ac4c829732793f6ccdc8cf6002669ea9dexe.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4532

Network

  • flag-us
    DNS
    150.1.37.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    150.1.37.23.in-addr.arpa
    IN PTR
    Response
    150.1.37.23.in-addr.arpa
    IN PTR
    a23-37-1-150deploystaticakamaitechnologiescom
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    193.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    193.178.17.96.in-addr.arpa
    IN PTR
    Response
    193.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-193deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.2.37.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.2.37.23.in-addr.arpa
    IN PTR
    Response
    11.2.37.23.in-addr.arpa
    IN PTR
    a23-37-2-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.2.37.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.2.37.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    100.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.5.17.2.in-addr.arpa
    IN PTR
    Response
    100.5.17.2.in-addr.arpa
    IN PTR
    a2-17-5-100deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 535476
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8E608FDA24A94CE5BB763AD9AD9E18ED Ref B: LON04EDGE1106 Ref C: 2024-01-11T17:46:39Z
    date: Thu, 11 Jan 2024 17:46:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388247_1VLVYXUUBH58X0FG3&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388247_1VLVYXUUBH58X0FG3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 315071
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F736319628FA4BE694A6ECB3211BB308 Ref B: LON04EDGE1106 Ref C: 2024-01-11T17:46:39Z
    date: Thu, 11 Jan 2024 17:46:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388246_150XTID8S9G2GCO3C&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388246_150XTID8S9G2GCO3C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    64.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.134.221.88.in-addr.arpa
    IN PTR
    Response
    64.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-64deploystaticakamaitechnologiescom
  • flag-us
    DNS
    64.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    204.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.178.17.96.in-addr.arpa
    IN PTR
    Response
    204.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-204deploystaticakamaitechnologiescom
  • flag-us
    DNS
    204.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.179.89.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.179.89.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    184.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    184.178.17.96.in-addr.arpa
    IN PTR
    Response
    184.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-184deploystaticakamaitechnologiescom
  • flag-us
    DNS
    184.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    184.178.17.96.in-addr.arpa
    IN PTR
    Response
    184.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-184deploystaticakamaitechnologiescom
  • 20.231.121.79:80
    104 B
     2
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    36.0kB
     1.0MB
     744
    737

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388247_1VLVYXUUBH58X0FG3&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388246_150XTID8S9G2GCO3C&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.4kB
     18
    15
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.7kB
     18
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.1kB
     8.2kB
     14
    11
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.7kB
     18
    13
  • 8.8.8.8:53
    150.1.37.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    150.1.37.23.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    193.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    193.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    11.2.37.23.in-addr.arpa
    dns
    138 B
     131 B
     2
    1

    DNS Request

    11.2.37.23.in-addr.arpa

    DNS Request

    11.2.37.23.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    241.154.82.20.in-addr.arpa

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    217.135.221.88.in-addr.arpa

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    100.5.17.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    100.5.17.2.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     173 B
     2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    146 B
     212 B
     2
    2

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    64.134.221.88.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    64.134.221.88.in-addr.arpa

    DNS Request

    64.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    204.178.17.96.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    204.178.17.96.in-addr.arpa

    DNS Request

    204.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    8.179.89.13.in-addr.arpa
    dns
    140 B
     144 B
     2
    1

    DNS Request

    8.179.89.13.in-addr.arpa

    DNS Request

    8.179.89.13.in-addr.arpa

  • 8.8.8.8:53
    184.178.17.96.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    184.178.17.96.in-addr.arpa

    DNS Request

    184.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.