Overview

overview

3

Static

static

3

8b1bbd69b9...8a.dll

windows7-x64

1

8b1bbd69b9...8a.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    88s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 23:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b1bbd69b9386665009316baf4222c4cbd8414720f8b663b8c143024b1e5af8a.dll

  • Size

    6KB

  • MD5

    26985e2f85087d8f4c8eff739f19752a

  • SHA1

    bf0e8f9a8df57b56e7bd2d50bed5b3dd3ff2f64b

  • SHA256

    8b1bbd69b9386665009316baf4222c4cbd8414720f8b663b8c143024b1e5af8a

  • SHA512

    0b616bfc9433d785666666ea66e3940607379a7ece6d50df26fc73fb8d9bf16f827df9023278f977b2ecdbd7423186480188d1d644a8268b7be6197badd04f12

  • SSDEEP

    96:nEY2RrF1eqwi4CnzbWnc7PGa801VX+GlWK5FEmuTpPB+4Goc:EHRh1eppPcLX80zX+GEo4G/

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b1bbd69b9386665009316baf4222c4cbd8414720f8b663b8c143024b1e5af8a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4988
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b1bbd69b9386665009316baf4222c4cbd8414720f8b663b8c143024b1e5af8a.dll,#1
      2⤵
        PID:3700

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1AEC3349EA276A6536CC272DEB006B2A; domain=.bing.com; expires=Mon, 12-May-2025 23:56:44 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B17ADABAAE804B628418DA8CCDC5C174 Ref B: LON04EDGE0713 Ref C: 2024-04-17T23:56:44Z
      date: Wed, 17 Apr 2024 23:56:43 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1AEC3349EA276A6536CC272DEB006B2A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=lYsPz0-H0kfpuDn7D9ap7lY49ZYJHuHsSiwJPSdIID4; domain=.bing.com; expires=Mon, 12-May-2025 23:56:44 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0D1D7EF3D0194F479EAD6AD8AE51C92D Ref B: LON04EDGE0713 Ref C: 2024-04-17T23:56:44Z
      date: Wed, 17 Apr 2024 23:56:43 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1AEC3349EA276A6536CC272DEB006B2A; MSPTC=lYsPz0-H0kfpuDn7D9ap7lY49ZYJHuHsSiwJPSdIID4
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0C9D60F43FD349009E7FD804781AED45 Ref B: LON04EDGE0713 Ref C: 2024-04-17T23:56:44Z
      date: Wed, 17 Apr 2024 23:56:43 GMT
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-be
      GET
      https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
      Remote address:
      2.17.196.137:443
      Request
      GET /th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=1AEC3349EA276A6536CC272DEB006B2A; MSPTC=lYsPz0-H0kfpuDn7D9ap7lY49ZYJHuHsSiwJPSdIID4
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 5773
      date: Wed, 17 Apr 2024 23:56:45 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.85c41102.1713398205.2d85644d
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.32.209.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.32.209.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.114.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.114.53.23.in-addr.arpa
      IN PTR
      Response
      21.114.53.23.in-addr.arpa
      IN PTR
      a23-53-114-21deploystaticakamaitechnologiescom
    • flag-us
      DNS
      137.196.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      137.196.17.2.in-addr.arpa
      IN PTR
      Response
      137.196.17.2.in-addr.arpa
      IN PTR
      a2-17-196-137deploystaticakamaitechnologiescom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      31.121.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.121.18.2.in-addr.arpa
      IN PTR
      Response
      31.121.18.2.in-addr.arpa
      IN PTR
      a2-18-121-31deploystaticakamaitechnologiescom
    • flag-us
      DNS
      21.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.236.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      tls, http2
      2.0kB
       9.2kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=725614c5f45444b8ad669e6310b2c69f&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204
    • 2.17.196.137:443
      https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
      tls, http2
      1.8kB
       11.2kB
       22
      17

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

      HTTP Response

      200
    • 20.189.173.11:443
      322 B
       7
    • 199.232.210.172:80
      322 B
       7
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      198.32.209.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.32.209.4.in-addr.arpa

    • 8.8.8.8:53
      21.114.53.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      21.114.53.23.in-addr.arpa

    • 8.8.8.8:53
      137.196.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      137.196.17.2.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      31.121.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      31.121.18.2.in-addr.arpa

    • 8.8.8.8:53
      21.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.236.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.