Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2024 20:23

General

  • Target

    2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe

  • Size

    54KB

  • MD5

    22f84ec802be3fff8e3e2a1b0eecff69

  • SHA1

    48d7a5bac0cd7e9c74451dbb31745e4c8090a83a

  • SHA256

    5e23324643cb25bced58d86f5db882bb662add439004f550fec836efd1edb76e

  • SHA512

    aac23f68152786169125c7aaccf7e746975a3eb826cf390adad8990c270746b4b3bbe52c668a59d568df338a1a205f3a5d364b8ad5f0a1a333b397e3f30f2c35

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9Xv+mb6uXsl:bIDOw9a0DwitDZzc16j

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4912

Network

  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=247146A295C261AB3F1C52DE94226071; domain=.bing.com; expires=Thu, 05-Jun-2025 20:23:46 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 476C4316923B48D593520B1F2F9B33AD Ref B: LON04EDGE1014 Ref C: 2024-05-11T20:23:46Z
    date: Sat, 11 May 2024 20:23:46 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=247146A295C261AB3F1C52DE94226071; _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=Uc9-ljTXcuLgEBRaG3Br0lYhfSGEf3K0Nik-y0gZpZ8; domain=.bing.com; expires=Thu, 05-Jun-2025 20:23:48 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 28BC6795D661441E815CD82C2F546A21 Ref B: LON04EDGE1014 Ref C: 2024-05-11T20:23:48Z
    date: Sat, 11 May 2024 20:23:47 GMT
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
    Remote address:
    23.62.61.89:443
    Request
    GET /aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=247146A295C261AB3F1C52DE94226071
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 663C27FA11AC45219C0FFED8095416B3 Ref B: AMS04EDGE1511 Ref C: 2024-05-11T20:23:47Z
    content-length: 0
    date: Sat, 11 May 2024 20:23:47 GMT
    set-cookie: _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=247146A295C261AB3F1C52DE94226071; path=/; httponly; expires=Thu, 05-Jun-2025 20:23:47 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.553d3e17.1715459027.4d935bc
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    89.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.61.62.23.in-addr.arpa
    IN PTR
    Response
    89.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-89deploystaticakamaitechnologiescom
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.89:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=247146A295C261AB3F1C52DE94226071; _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9; MSPTC=Uc9-ljTXcuLgEBRaG3Br0lYhfSGEf3K0Nik-y0gZpZ8; MUIDB=247146A295C261AB3F1C52DE94226071
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Sat, 11 May 2024 20:23:51 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.553d3e17.1715459031.4d93e79
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    77.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.190.18.2.in-addr.arpa
    IN PTR
    Response
    77.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-77deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 476246
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BA61EA1839C14ABE91FE7F35008DF57C Ref B: LON04EDGE0916 Ref C: 2024-05-11T20:25:34Z
    date: Sat, 11 May 2024 20:25:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 499516
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D9B4CC80C7E64439B23EBB91857E7E02 Ref B: LON04EDGE0916 Ref C: 2024-05-11T20:25:34Z
    date: Sat, 11 May 2024 20:25:34 GMT
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
    tls, http2
    2.6kB
    9.0kB
    20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

    HTTP Response

    204
  • 23.62.61.89:443
    https://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
    tls, http2
    1.4kB
    5.3kB
    16
    11

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

    HTTP Response

    200
  • 23.62.61.89:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
    6.3kB
    16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    35.8kB
    1.0MB
    745
    742

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    89.61.62.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    89.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    77.190.18.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    77.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
    128 B
    1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    144 B
    316 B
    2
    2

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    142 B
    314 B
    2
    2

    DNS Request

    43.58.199.20.in-addr.arpa

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    346 B
    2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    165 B
    128 B
    3
    1

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    128 B
    2
    1

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
    256 B
    2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe

    Filesize

    54KB

    MD5

    f8b90422be5b06efe89f44fd1917ad66

    SHA1

    b1d2b3d3915cb2a990771fa70319d2e32b1d9bc5

    SHA256

    7fbaeccae7a95eb3254a7f7eb884e9aa903d58f30be9926b79bbad08b7bb3baf

    SHA512

    c8f294dff789d934b9304cd16de1fe049293e6510a19339b7b6b501d9350722cab3b0d8839a14f0110d22e81d4cef6abcea43916b6279136399a682fa1669c74

  • memory/3952-0-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

  • memory/3952-1-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

    Filesize

    24KB

  • memory/3952-8-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

  • memory/4912-23-0x0000000001F40000-0x0000000001F46000-memory.dmp

    Filesize

    24KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.