Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 04:44

General

  • Target

    Win32/mimispool.dll

  • Size

    10KB

  • MD5

    dab7a18b02399053ba3ff1e568789fce

  • SHA1

    ceee090c9ee8279d6410d8d450d55acb81d34766

  • SHA256

    05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0

  • SHA512

    6dd0ade4112d7ed44c090f81614ed2f1d84cfcb25a45b08d22b3fa74e4e3f9b99f719f8bca9c1f03d13757f38eac072bb4d55e229c478524bf348f76fc3e36dd

  • SSDEEP

    192:I191rqbIcL9uD3nhKlWUEHRl1RtnIDKwIb/DtC0uolZC7:RRgDXhKAUQlftO6tC0uols

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Win32\mimispool.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Win32\mimispool.dll,#1
      2⤵
        PID:2820

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0482D957209A661B1114CD2621BD6751; domain=.bing.com; expires=Sun, 25-May-2025 04:45:54 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 01A293FF4C3441659F726D72A9B99BFE Ref B: LON04EDGE0622 Ref C: 2024-04-30T04:45:54Z
      date: Tue, 30 Apr 2024 04:45:54 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0482D957209A661B1114CD2621BD6751; _EDGE_S=SID=0C9339A53BBA6CC610E62DD43AD66DEE
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=wCpyMYfYilLIKyCEPQ9wj5D4qD49V-MRepa4qEgOl18; domain=.bing.com; expires=Sun, 25-May-2025 04:45:54 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 51B5A84A1E114974BB4894D4C710264D Ref B: LON04EDGE0622 Ref C: 2024-04-30T04:45:54Z
      date: Tue, 30 Apr 2024 04:45:54 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=603ae34df4634dbe816c2b9e677cec2a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130642Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266
      Remote address:
      23.62.61.194:443
      Request
      GET /aes/c.gif?RG=603ae34df4634dbe816c2b9e677cec2a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130642Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0482D957209A661B1114CD2621BD6751
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 814F39F5280F4A07A6842E09C9EB98B3 Ref B: BRU30EDGE0622 Ref C: 2024-04-30T04:45:54Z
      content-length: 0
      date: Tue, 30 Apr 2024 04:45:54 GMT
      set-cookie: _EDGE_S=SID=0C9339A53BBA6CC610E62DD43AD66DEE; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=0482D957209A661B1114CD2621BD6751; path=/; httponly; expires=Sun, 25-May-2025 04:45:54 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1714452354.3798846
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      133.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.190.18.2.in-addr.arpa
      IN PTR
      Response
      133.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-133deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.61.62.23.in-addr.arpa
      IN PTR
      Response
      194.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-194deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.194:443
      Request
      GET /th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=0482D957209A661B1114CD2621BD6751; _EDGE_S=SID=0C9339A53BBA6CC610E62DD43AD66DEE; MSPTC=wCpyMYfYilLIKyCEPQ9wj5D4qD49V-MRepa4qEgOl18; MUIDB=0482D957209A661B1114CD2621BD6751
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1463
      date: Tue, 30 Apr 2024 04:45:55 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1714452355.3798a10
    • flag-us
      DNS
      71.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
      tls, http2
      2.5kB
      9.0kB
      19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8uPeRdfm_Vfdw7vJ8DamvPDVUCUzvnBI72GoENUL2k2mws3CTxKQS3BKhZSYPmbmuCbzV_F8vtVz1l29_pjNE4D2yAb87voCZVKwCKxCb8Z-d_QgN3hDuhtMnMsvOd0ymkGHSPpDbNMBeWY0gAMG1Pm6IGNygUUHTD8vfN2mFVs4sCoq6%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D51890e9c9f2c1ef4f67768b739ef54be&TIME=20240426T130642Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

      HTTP Response

      204
    • 23.62.61.194:443
      https://www.bing.com/aes/c.gif?RG=603ae34df4634dbe816c2b9e677cec2a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130642Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266
      tls, http2
      1.5kB
      5.4kB
      17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=603ae34df4634dbe816c2b9e677cec2a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130642Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266

      HTTP Response

      200
    • 23.62.61.194:443
      https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.7kB
      6.8kB
      18
      14

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      133.190.18.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      133.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      194.61.62.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      194.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      71.31.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      71.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
      116 B
      1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.