d675cfeacc2cc45f3c4ce26d930beebbebe10ffd2a80a601c0c217b8fe087998

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 18:56 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
Size

20.3MB
MD5

9924b00174578b59ce324fe44866cb38
SHA1

2ec061d711233f260e0d14c6392469a32d8ce2b7
SHA256

d675cfeacc2cc45f3c4ce26d930beebbebe10ffd2a80a601c0c217b8fe087998
SHA512

be8a6beff5dd4729f3cfa6ec0da35cd6f36c23e2d2007464c1f898fa31dbea3b55ea3100a840b9cbc14ede0bdc321b2f6cc34d8e52a3ae8fb6361961026e7a9e
SSDEEP

196608:nnSYtvl4RBo4XMLAuLVkfI/XF4wf4K3dwNS1+Q+guBJ7De3JV1CkigW:SYtvuzo4XuiIUISDguBJeZV1Fig

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-02_9924b00174578b59ce324fe44866cb38_snatch.exe"
1⤵
PID:2312

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F74567763BF40D5B75C7C120F2784C3 Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
date: Thu, 02 May 2024 18:56:55 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E5CFC41765D69C23974E83277BD68AF; _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=l6ryoTJnyh2UP2dOlaWJUpLvktlKwYbyjcGCMmi97_k; domain=.bing.com; expires=Tue, 27-May-2025 18:56:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 326E98F37DC841B69B140684E9858F5E Ref B: LON04EDGE1108 Ref C: 2024-05-02T18:56:56Z
date: Thu, 02 May 2024 18:56:56 GMT
GET

https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

Remote address:

23.62.61.75:443

Request

GET /aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E5CFC41765D69C23974E83277BD68AF

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61D606C7D0984139BA5E65E5E8096B33 Ref B: DUS30EDGE0818 Ref C: 2024-05-02T18:56:56Z
content-length: 0
date: Thu, 02 May 2024 18:56:56 GMT
set-cookie: _EDGE_S=SID=1C1B3F8144BA612F207C2BF245106074; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2E5CFC41765D69C23974E83277BD68AF; path=/; httponly; expires=Tue, 27-May-2025 18:56:56 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.473d3e17.1714676216.125b190a
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

75.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.61.62.23.in-addr.arpa

IN PTR

Response

75.61.62.23.in-addr.arpa

IN PTR

a23-62-61-75deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom

204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

tls, http2

2.5kB
9.0kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8xFpXv06Fy4ucGuZ2G6bz1TVUCUxcKOBC571cx953TcCDRCUfUbBqI_pp5cvwLtMZ1oMR1_-xyuQkssMIbYChoosocRA8guvT2v-XzYiHiRCj9_G6QjB2qKlJhmocKte6Wru1GGTrkGd3QXB1NhNaW9BVdWSWTpP22hea_kPRN0tj5Dth%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Ddbb57823ae611b3e7c941e081f49b64c&TIME=20240426T135102Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

HTTP Response

204
23.62.61.75:443

https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

tls, http2

1.4kB
5.3kB
16
11

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=db13042f9c7c41df858a53dd62a9b6a0&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135102Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

75.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

75.61.62.23.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.