af277117f93fbe518b20b27504d9607df8389027daa848178dcf24355b33bd82

Resubmissions

15/03/2024, 17:57 UTC

240315-wjxylafa5y 8

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 17:57 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/nsis7z.dll
Size

424KB
MD5

80e44ce4895304c6a3a831310fbf8cd0
SHA1

36bd49ae21c460be5753a904b4501f1abca53508
SHA256

b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512

c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
SSDEEP

6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
64	3700	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 3700	4520	rundll32.exe	89
PID 4520 wrote to memory of 3700	4520	rundll32.exe	89
PID 4520 wrote to memory of 3700	4520	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
  2⤵
  PID:3700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 612
    3⤵
    - Program crash
    PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3700 -ip 3700
1⤵
PID:4044

Network

DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR

Response

185.178.17.96.in-addr.arpa

IN PTR

a96-17-178-185deploystaticakamaitechnologiescom
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

195.177.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.177.78.104.in-addr.arpa

IN PTR

Response

195.177.78.104.in-addr.arpa

IN PTR

a104-78-177-195deploystaticakamaitechnologiescom
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR

Response

178.178.17.96.in-addr.arpa

IN PTR

a96-17-178-178deploystaticakamaitechnologiescom
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR
DNS

178.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.178.17.96.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

176.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.178.17.96.in-addr.arpa

IN PTR

Response

176.178.17.96.in-addr.arpa

IN PTR

a96-17-178-176deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

75.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.134.221.88.in-addr.arpa

IN PTR

Response

75.134.221.88.in-addr.arpa

IN PTR

a88-221-134-75deploystaticakamaitechnologiescom
DNS

75.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.134.221.88.in-addr.arpa

IN PTR
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR

Response

208.178.17.96.in-addr.arpa

IN PTR

a96-17-178-208deploystaticakamaitechnologiescom
DNS

208.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.178.17.96.in-addr.arpa

IN PTR

Response

208.178.17.96.in-addr.arpa

IN PTR

a96-17-178-208deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 276068
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E158500998514B63A4FADE2E5448881A Ref B: LON04EDGE1005 Ref C: 2024-03-15T18:01:36Z
date: Fri, 15 Mar 2024 18:01:36 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 295842
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9AE88CDA3C3B4206BBE162DE23D4E5FF Ref B: LON04EDGE1005 Ref C: 2024-03-15T18:01:36Z
date: Fri, 15 Mar 2024 18:01:36 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 340835
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 862931B6297841F4B7671B53D0EA9781 Ref B: LON04EDGE1005 Ref C: 2024-03-15T18:01:36Z
date: Fri, 15 Mar 2024 18:01:36 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 354107
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6C28FC2BA21949768F74851612DC6117 Ref B: LON04EDGE1005 Ref C: 2024-03-15T18:01:38Z
date: Fri, 15 Mar 2024 18:01:38 GMT
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR

Response

174.178.17.96.in-addr.arpa

IN PTR

a96-17-178-174deploystaticakamaitechnologiescom
DNS

174.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.178.17.96.in-addr.arpa

IN PTR
DNS

34.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.56.20.217.in-addr.arpa

IN PTR

Response
DNS

34.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.56.20.217.in-addr.arpa

IN PTR

Response
DNS

104.116.69.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.116.69.13.in-addr.arpa

IN PTR

Response
DNS

104.116.69.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.116.69.13.in-addr.arpa

IN PTR

Response

204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
9.5kB
18
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4

tls, http2

47.4kB
1.3MB
973
968

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
9.5kB
18
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

2.0kB
9.5kB
20
14

8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

185.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

185.178.17.96.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

195.177.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

195.177.78.104.in-addr.arpa
8.8.8.8:53

178.178.17.96.in-addr.arpa

dns

288 B
137 B
4
1

DNS Request

178.178.17.96.in-addr.arpa

DNS Request

178.178.17.96.in-addr.arpa

DNS Request

178.178.17.96.in-addr.arpa

DNS Request

178.178.17.96.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

176.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

176.178.17.96.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

75.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

75.134.221.88.in-addr.arpa

DNS Request

75.134.221.88.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

19.229.111.52.in-addr.arpa

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

208.178.17.96.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

208.178.17.96.in-addr.arpa

DNS Request

208.178.17.96.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

174.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

174.178.17.96.in-addr.arpa

DNS Request

174.178.17.96.in-addr.arpa
8.8.8.8:53

34.56.20.217.in-addr.arpa

dns

142 B
262 B
2
2

DNS Request

34.56.20.217.in-addr.arpa

DNS Request

34.56.20.217.in-addr.arpa
8.8.8.8:53

104.116.69.13.in-addr.arpa

dns

144 B
292 B
2
2

DNS Request

104.116.69.13.in-addr.arpa

DNS Request

104.116.69.13.in-addr.arpa

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.