Overview
overview
10Static
static
10Updates/nv...un.chm
windows11-21h2-x64
1Updates/nv...ta.chm
windows11-21h2-x64
1Updates/nv...pn.chm
windows11-21h2-x64
1Updates/nv...or.chm
windows11-21h2-x64
1Updates/nv...ld.chm
windows11-21h2-x64
1Updates/nv...or.chm
windows11-21h2-x64
1Updates/nv...lk.chm
windows11-21h2-x64
1Updates/nv...tb.chm
windows11-21h2-x64
1Updates/nv...tg.chm
windows11-21h2-x64
1Updates/nv...us.chm
windows11-21h2-x64
1Updates/nv...ky.chm
windows11-21h2-x64
1Updates/nv...lv.chm
windows11-21h2-x64
1Updates/nv...ve.chm
windows11-21h2-x64
1Updates/nv...ha.chm
windows11-21h2-x64
1Updates/nv...rk.chm
windows11-21h2-x64
1Updates/nv...pl.chm
windows11-21h2-x64
1Updates/nv...ra.chm
windows11-21h2-x64
1Updates/nv...hs.chm
windows11-21h2-x64
1Updates/nv...ht.chm
windows11-21h2-x64
1Updates/nv...sy.chm
windows11-21h2-x64
1Updates/nv...an.chm
windows11-21h2-x64
1Updates/nv...eu.chm
windows11-21h2-x64
1Updates/nv...ll.chm
windows11-21h2-x64
1Updates/nv...ng.chm
windows11-21h2-x64
1Updates/nv...sm.chm
windows11-21h2-x64
1Updates/nv...sn.chm
windows11-21h2-x64
1Updates/nv...in.chm
windows11-21h2-x64
1Updates/nv...ra.chm
windows11-21h2-x64
1Updates/nv...eb.chm
windows11-21h2-x64
1Updates/nv...un.chm
windows11-21h2-x64
1Updates/nv...ta.chm
windows11-21h2-x64
1Updates/nv...pn.chm
windows11-21h2-x64
1Analysis
-
max time kernel
1800s -
max time network
1492s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
06/05/2024, 00:52 UTC
Behavioral task
behavioral1
Sample
Updates/nvcpl/nv3dhun.chm
Resource
win11-20240426-en
Behavioral task
behavioral2
Sample
Updates/nvcpl/nv3dita.chm
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Updates/nvcpl/nv3djpn.chm
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
Updates/nvcpl/nv3dkor.chm
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
Updates/nvcpl/nv3dnld.chm
Resource
win11-20240419-en
Behavioral task
behavioral6
Sample
Updates/nvcpl/nv3dnor.chm
Resource
win11-20240419-en
Behavioral task
behavioral7
Sample
Updates/nvcpl/nv3dplk.chm
Resource
win11-20240426-en
Behavioral task
behavioral8
Sample
Updates/nvcpl/nv3dptb.chm
Resource
win11-20240426-en
Behavioral task
behavioral9
Sample
Updates/nvcpl/nv3dptg.chm
Resource
win11-20240426-en
Behavioral task
behavioral10
Sample
Updates/nvcpl/nv3drus.chm
Resource
win11-20240426-en
Behavioral task
behavioral11
Sample
Updates/nvcpl/nv3dsky.chm
Resource
win11-20240419-en
Behavioral task
behavioral12
Sample
Updates/nvcpl/nv3dslv.chm
Resource
win11-20240426-en
Behavioral task
behavioral13
Sample
Updates/nvcpl/nv3dsve.chm
Resource
win11-20240419-en
Behavioral task
behavioral14
Sample
Updates/nvcpl/nv3dtha.chm
Resource
win11-20240426-en
Behavioral task
behavioral15
Sample
Updates/nvcpl/nv3dtrk.chm
Resource
win11-20240426-en
Behavioral task
behavioral16
Sample
Updates/nvcpl/nvcpl.chm
Resource
win11-20240426-en
Behavioral task
behavioral17
Sample
Updates/nvcpl/nvcplara.chm
Resource
win11-20240419-en
Behavioral task
behavioral18
Sample
Updates/nvcpl/nvcplchs.chm
Resource
win11-20240426-en
Behavioral task
behavioral19
Sample
Updates/nvcpl/nvcplcht.chm
Resource
win11-20240419-en
Behavioral task
behavioral20
Sample
Updates/nvcpl/nvcplcsy.chm
Resource
win11-20240419-en
Behavioral task
behavioral21
Sample
Updates/nvcpl/nvcpldan.chm
Resource
win11-20240419-en
Behavioral task
behavioral22
Sample
Updates/nvcpl/nvcpldeu.chm
Resource
win11-20240426-en
Behavioral task
behavioral23
Sample
Updates/nvcpl/nvcplell.chm
Resource
win11-20240426-en
Behavioral task
behavioral24
Sample
Updates/nvcpl/nvcpleng.chm
Resource
win11-20240426-en
Behavioral task
behavioral25
Sample
Updates/nvcpl/nvcplesm.chm
Resource
win11-20240419-en
Behavioral task
behavioral26
Sample
Updates/nvcpl/nvcplesn.chm
Resource
win11-20240419-en
Behavioral task
behavioral27
Sample
Updates/nvcpl/nvcplfin.chm
Resource
win11-20240426-en
Behavioral task
behavioral28
Sample
Updates/nvcpl/nvcplfra.chm
Resource
win11-20240419-en
Behavioral task
behavioral29
Sample
Updates/nvcpl/nvcplheb.chm
Resource
win11-20240419-en
Behavioral task
behavioral30
Sample
Updates/nvcpl/nvcplhun.chm
Resource
win11-20240426-en
Behavioral task
behavioral31
Sample
Updates/nvcpl/nvcplita.chm
Resource
win11-20240426-en
Behavioral task
behavioral32
Sample
Updates/nvcpl/nvcpljpn.chm
Resource
win11-20240419-en
General
-
Target
Updates/nvcpl/nv3dptg.chm
-
Size
175KB
-
MD5
c663c3519d4816719f0e7bb7af3496c6
-
SHA1
7e1b7e218815470afa44a5a93f9d60fa2f0cd2ca
-
SHA256
a8aa823a4888236f84a44e130a1e30ce847b0c9cdc35ce884d4e41270ca0eb8b
-
SHA512
826ec6bfe702dd062f5e9a85d436ce1dd9903af8314b5e9736d9bb56744f9d237269b052a299844e9e3e823afe2af95f3ae5849649bbea606c56219d2a183b8d
-
SSDEEP
3072:KTITtT0dYRK/v1dP5zNy+o/8v1Lz809z8Ssos6vmaakFmd0nc5rSr0/37b+7nxWY:KTITud7P5zC/8v13ODlzaal0nc58vVWY
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3612 hh.exe 3612 hh.exe
Processes
Network
-
Remote address:8.8.8.8:53Request4.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.comiris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.comIN A20.103.156.88
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.comiris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.comIN A20.74.47.205
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 449656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0E67C3C7798448909CD72DCEC1841097 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:34Z
date: Mon, 06 May 2024 01:18:33 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 67B8981558F84F5794D4D562C221C357 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:34Z
date: Mon, 06 May 2024 01:18:33 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8BA622AE53734606ADA4905C9BC218B9 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:34Z
date: Mon, 06 May 2024 01:18:33 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 442324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EA95325CF01B4978A751A161247F3DF0 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:34Z
date: Mon, 06 May 2024 01:18:33 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F822AAEB31AB453EB22584EE63EE2708 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:34Z
date: Mon, 06 May 2024 01:18:33 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 468637
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9DE2D48FF514DD39D9AB3430E077172 Ref B: LON04EDGE0612 Ref C: 2024-05-06T01:18:36Z
date: Mon, 06 May 2024 01:18:35 GMT
-
1.7kB 11.6kB 22 16
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2108.7kB 3.1MB 2290 2280
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.4kB 8.5kB 17 14
-
1.4kB 8.5kB 17 14
-
1.4kB 8.5kB 17 14
-
1.4kB 8.5kB 17 14
-
534 B 1.1kB 8 7
DNS Request
4.159.190.20.in-addr.arpa
DNS Request
88.156.103.20.in-addr.arpa
DNS Request
arc.msn.com
DNS Response
20.103.156.88
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
DNS Request
200.197.79.204.in-addr.arpa
DNS Request
arc.msn.com
DNS Response
20.74.47.205
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa