8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 18:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bunifu.UI.WinForms.BunifuProgressBar.dll
Size

76KB
MD5

e08551ac64936f619d33d53de1baaf60
SHA1

254ce04897946348e25c45d9e22638bf64fec6ce
SHA256

7344febb0946f7555127a8dce09b4df3c430a3805bfd5964c477c36f98303be7
SHA512

17e220a1f3b9eb1017f34a9327cde9b8276d5db0eb10c1ad08c68ac2b1c60873c1f5f8dabb8af382ec4d1b83a767c5435837835ef0c2d341555fe21b8948cf4c
SSDEEP

768:zm6fVYmVH9VRninLAmjl/AurKv77XXwLsp4Ds5Y2XUTunDD+0bO1KNjh1ekrnDuh:E5QAx7NFpS2Ttm+BXQV0zXVVzXuQTT

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.UI.WinForms.BunifuProgressBar.dll,#1
1⤵
PID:3556

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

54.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.179.17.96.in-addr.arpa

IN PTR

Response

54.179.17.96.in-addr.arpa

IN PTR

a96-17-179-54deploystaticakamaitechnologiescom
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

68.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.179.17.96.in-addr.arpa

IN PTR

Response

68.179.17.96.in-addr.arpa

IN PTR

a96-17-179-68deploystaticakamaitechnologiescom
DNS

218.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.135.221.88.in-addr.arpa

IN PTR

Response

218.135.221.88.in-addr.arpa

IN PTR

a88-221-135-218deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 97327
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 252B2215082F45E4AC42BBB42DD8A913 Ref B: LON04EDGE1205 Ref C: 2024-03-20T18:21:06Z
date: Wed, 20 Mar 2024 18:21:06 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 371966
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B29EAAF49C48469CB07944233B6840DD Ref B: LON04EDGE1205 Ref C: 2024-03-20T18:21:06Z
date: Wed, 20 Mar 2024 18:21:06 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 448474
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C50AA566763C4D54AF78E1FCA27C74EE Ref B: LON04EDGE1205 Ref C: 2024-03-20T18:21:06Z
date: Wed, 20 Mar 2024 18:21:06 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR
DNS

55.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.179.17.96.in-addr.arpa

IN PTR

Response

55.179.17.96.in-addr.arpa

IN PTR

a96-17-179-55deploystaticakamaitechnologiescom
DNS

55.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.179.17.96.in-addr.arpa

IN PTR
DNS

10.73.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.73.50.20.in-addr.arpa

IN PTR

Response
DNS

10.73.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.73.50.20.in-addr.arpa

IN PTR

204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.0kB
16
11
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
15
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&w=1080&h=1920&c=4

tls, http2

22.6kB
606.0kB
452
449

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.1kB
17
13

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

54.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

54.179.17.96.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

138 B
131 B
2
1

DNS Request

100.5.17.2.in-addr.arpa

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

140 B
144 B
2
1

DNS Request

58.55.71.13.in-addr.arpa

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

68.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

68.179.17.96.in-addr.arpa
8.8.8.8:53

218.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

218.135.221.88.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

219 B
106 B
3
1

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

55.179.17.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

55.179.17.96.in-addr.arpa

DNS Request

55.179.17.96.in-addr.arpa
8.8.8.8:53

10.73.50.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

10.73.50.20.in-addr.arpa

DNS Request

10.73.50.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.