d89504dcd16ff4e93cd4858637b7b0e71c845e42b3ee9f59cf03b954ec6a1107

Resubmissions

06/03/2024, 14:41 UTC

240306-r2v5habg8w 7

06/03/2024, 14:35 UTC

240306-rybxfsbf4z 7

Analysis

max time kernel
505s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 14:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stardock.ObjectDock.Plus.v2.01.743 [PeskTop.com].rar
Size

15.1MB
MD5

691c687cd95f173ba579323df1b81caf
SHA1

5954fee906fe54f8e0e86e0effde1420e2cb5c73
SHA256

d89504dcd16ff4e93cd4858637b7b0e71c845e42b3ee9f59cf03b954ec6a1107
SHA512

12c0300958383159051b86f30989746d6e33874fadb49caa82ee334082528bd618e76b9514f189c654130b8196ae8c172094d7a6a4d5f51a390777a0c0742b1f
SSDEEP

393216:KH/u79aupAJuEfBU8LF2ygBcpugXMsZZFxljgE1bSh9:K/uxawgBU8x2yIcpuUVl8E1bS7

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	cmd.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	4228	7zFM.exe
Token: 35	4228	7zFM.exe
Token: SeManageVolumePrivilege	3652	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4228	7zFM.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 4228	4288	cmd.exe	89
PID 4288 wrote to memory of 4228	4288	cmd.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Stardock.ObjectDock.Plus.v2.01.743 [PeskTop.com].rar"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Stardock.ObjectDock.Plus.v2.01.743 [PeskTop.com].rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4228

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652

Network

DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=35FAE8A19FD56C050DA1FC9B9E356D65; domain=.bing.com; expires=Mon, 31-Mar-2025 15:52:32 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E9DCDFDC78CB4D0A9B7553EDA1AFD1A2 Ref B: LON04EDGE1120 Ref C: 2024-03-06T15:52:32Z
date: Wed, 06 Mar 2024 15:52:31 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35FAE8A19FD56C050DA1FC9B9E356D65

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=RyLb7YI4SfkMImFWfykI5keys4dJ98xNMV3KHMDJ4R4; domain=.bing.com; expires=Mon, 31-Mar-2025 15:52:32 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65EC9D119D4B49D6B8FDF9B0C9225066 Ref B: LON04EDGE1120 Ref C: 2024-03-06T15:52:32Z
date: Wed, 06 Mar 2024 15:52:31 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35FAE8A19FD56C050DA1FC9B9E356D65; MSPTC=RyLb7YI4SfkMImFWfykI5keys4dJ98xNMV3KHMDJ4R4

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 086E50E9FB4D4A7EA7D7F4DDB2F7F508 Ref B: LON04EDGE1120 Ref C: 2024-03-06T15:52:32Z
date: Wed, 06 Mar 2024 15:52:31 GMT
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

190.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.178.17.96.in-addr.arpa

IN PTR

Response

190.178.17.96.in-addr.arpa

IN PTR

a96-17-178-190deploystaticakamaitechnologiescom
DNS

190.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.178.17.96.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR

Response

174.178.17.96.in-addr.arpa

IN PTR

a96-17-178-174deploystaticakamaitechnologiescom
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR
DNS

193.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.178.17.96.in-addr.arpa

IN PTR

Response

193.178.17.96.in-addr.arpa

IN PTR

a96-17-178-193deploystaticakamaitechnologiescom
DNS

193.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.178.17.96.in-addr.arpa

IN PTR

Response

193.178.17.96.in-addr.arpa

IN PTR

a96-17-178-193deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 235332
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 20A80393E44D40779FEA76EB1F950870 Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:15Z
date: Wed, 06 Mar 2024 15:54:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 531870
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AE4399ADFDA7488FB4D56B905EE8D574 Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:15Z
date: Wed, 06 Mar 2024 15:54:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 232086
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 062D7BED4A964FAE83EA878B52F2C9A1 Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:15Z
date: Wed, 06 Mar 2024 15:54:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 152915
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1640A8E0D134AEBB9EC9662A342ADFE Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:15Z
date: Wed, 06 Mar 2024 15:54:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 600567
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE575ECB373D4DCEA22356330B76BC35 Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:15Z
date: Wed, 06 Mar 2024 15:54:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 238234
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 23EFF2B6ABB44621A19F801AEC298068 Ref B: LON04EDGE0914 Ref C: 2024-03-06T15:54:22Z
date: Wed, 06 Mar 2024 15:54:22 GMT
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

34.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.134.221.88.in-addr.arpa

IN PTR

Response

34.134.221.88.in-addr.arpa

IN PTR

a88-221-134-34deploystaticakamaitechnologiescom
DNS

34.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.134.221.88.in-addr.arpa

IN PTR

Response

34.134.221.88.in-addr.arpa

IN PTR

a88-221-134-34deploystaticakamaitechnologiescom
DNS

26.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.73.42.20.in-addr.arpa

IN PTR

Response
DNS

26.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.73.42.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

tls, http2

3.0kB
9.2kB
23
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ecc09c06e8674c61a9203064456d49be&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.4kB
16
12
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.1kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.1kB
19
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&w=1080&h=1920&c=4

tls, http2

74.9kB
2.1MB
1555
1547

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.7kB
8.2kB
20
14

8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

210.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

210.178.17.96.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

13.86.106.20.in-addr.arpa

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

284 B
145 B
4
1

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

190.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

190.178.17.96.in-addr.arpa

DNS Request

190.178.17.96.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

174.178.17.96.in-addr.arpa

dns

288 B
137 B
4
1

DNS Request

174.178.17.96.in-addr.arpa

DNS Request

174.178.17.96.in-addr.arpa

DNS Request

174.178.17.96.in-addr.arpa

DNS Request

174.178.17.96.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

29.243.111.52.in-addr.arpa

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

193.178.17.96.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

193.178.17.96.in-addr.arpa

DNS Request

193.178.17.96.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

26.35.223.20.in-addr.arpa

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

206.178.17.96.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

206.178.17.96.in-addr.arpa

DNS Request

206.178.17.96.in-addr.arpa
8.8.8.8:53

34.134.221.88.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

34.134.221.88.in-addr.arpa

DNS Request

34.134.221.88.in-addr.arpa
8.8.8.8:53

26.73.42.20.in-addr.arpa

dns

140 B
312 B
2
2

DNS Request

26.73.42.20.in-addr.arpa

DNS Request

26.73.42.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3652-0-0x00000297CF640000-0x00000297CF650000-memory.dmp

Filesize
64KB

Download
memory/3652-16-0x00000297CF740000-0x00000297CF750000-memory.dmp

Filesize
64KB

Download
memory/3652-32-0x00000297D7A90000-0x00000297D7A91000-memory.dmp

Filesize
4KB

Download
memory/3652-34-0x00000297D7AC0000-0x00000297D7AC1000-memory.dmp

Filesize
4KB

Download
memory/3652-35-0x00000297D7AC0000-0x00000297D7AC1000-memory.dmp

Filesize
4KB

Download
memory/3652-36-0x00000297D7BD0000-0x00000297D7BD1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.