Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 20:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe
-
Size
54KB
-
MD5
22f84ec802be3fff8e3e2a1b0eecff69
-
SHA1
48d7a5bac0cd7e9c74451dbb31745e4c8090a83a
-
SHA256
5e23324643cb25bced58d86f5db882bb662add439004f550fec836efd1edb76e
-
SHA512
aac23f68152786169125c7aaccf7e746975a3eb826cf390adad8990c270746b4b3bbe52c668a59d568df338a1a205f3a5d364b8ad5f0a1a333b397e3f30f2c35
-
SSDEEP
768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9Xv+mb6uXsl:bIDOw9a0DwitDZzc16j
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral2/files/0x0006000000022fa8-12.dat CryptoLocker_rule2 -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation 2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe -
Executes dropped EXE 1 IoCs
pid Process 4912 lossy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3952 wrote to memory of 4912 3952 2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe 84 PID 3952 wrote to memory of 4912 3952 2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe 84 PID 3952 wrote to memory of 4912 3952 2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3952 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:4912
-
Network
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=247146A295C261AB3F1C52DE94226071; domain=.bing.com; expires=Thu, 05-Jun-2025 20:23:46 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 476C4316923B48D593520B1F2F9B33AD Ref B: LON04EDGE1014 Ref C: 2024-05-11T20:23:46Z
date: Sat, 11 May 2024 20:23:46 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=247146A295C261AB3F1C52DE94226071; _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Uc9-ljTXcuLgEBRaG3Br0lYhfSGEf3K0Nik-y0gZpZ8; domain=.bing.com; expires=Thu, 05-Jun-2025 20:23:48 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 28BC6795D661441E815CD82C2F546A21 Ref B: LON04EDGE1014 Ref C: 2024-05-11T20:23:48Z
date: Sat, 11 May 2024 20:23:47 GMT
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644Remote address:23.62.61.89:443RequestGET /aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=247146A295C261AB3F1C52DE94226071
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 663C27FA11AC45219C0FFED8095416B3 Ref B: AMS04EDGE1511 Ref C: 2024-05-11T20:23:47Z
content-length: 0
date: Sat, 11 May 2024 20:23:47 GMT
set-cookie: _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9; path=/; httponly; domain=bing.com
set-cookie: MUIDB=247146A295C261AB3F1C52DE94226071; path=/; httponly; expires=Thu, 05-Jun-2025 20:23:47 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.553d3e17.1715459027.4d935bc
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request89.61.62.23.in-addr.arpaIN PTRResponse89.61.62.23.in-addr.arpaIN PTRa23-62-61-89deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.89:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=247146A295C261AB3F1C52DE94226071; _EDGE_S=SID=39A301D5FA0F66BF20D715A9FB5867E9; MSPTC=Uc9-ljTXcuLgEBRaG3Br0lYhfSGEf3K0Nik-y0gZpZ8; MUIDB=247146A295C261AB3F1C52DE94226071
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Sat, 11 May 2024 20:23:51 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.553d3e17.1715459031.4d93e79
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 476246
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BA61EA1839C14ABE91FE7F35008DF57C Ref B: LON04EDGE0916 Ref C: 2024-05-11T20:25:34Z
date: Sat, 11 May 2024 20:25:34 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 499516
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9B4CC80C7E64439B23EBB91857E7E02 Ref B: LON04EDGE0916 Ref C: 2024-05-11T20:25:34Z
date: Sat, 11 May 2024 20:25:34 GMT
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN A
-
Remote address:8.8.8.8:53Request2ndry.comIN A
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN A
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
Remote address:8.8.8.8:53Request2ndry.comIN AResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4tls, http22.6kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8zEYtp3n2ejf6nXzvuu0pPTVUCUx9YVemVS4C4odpuQqt_KEvSsZf0QB8Noc_TPglXF9UV5fAM9BKX7x3Bm30ZsrOIKG3G6rwG4rzV4njhGICbwot-nCwVZUVLq0lUMy-etQ-CQaLjGBNpy3Kui-OYcLdJiLFHYIuvaBZroBC2AmL3R19%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3D3a30a7be17ed16d6b6ddc195a7e06bd5&TIME=20240426T134616Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204 -
23.62.61.89:443https://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644tls, http21.4kB 5.3kB 16 11
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=427c8da424ad4e679959a38f7a336e93&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134616Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644HTTP Response
200 -
23.62.61.89:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.6kB 6.3kB 16 11
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http235.8kB 1.0MB 745 742
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
89.61.62.23.in-addr.arpa
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
55 B 128 B 1 1
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
144 B 316 B 2 2
DNS Request
19.229.111.52.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
142 B 314 B 2 2
DNS Request
43.58.199.20.in-addr.arpa
DNS Request
43.58.199.20.in-addr.arpa
-
124 B 346 B 2 2
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
DNS Response
204.79.197.20013.107.21.200
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
165 B 128 B 3 1
DNS Request
2ndry.com
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 128 B 2 1
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
110 B 256 B 2 2
DNS Request
2ndry.com
DNS Request
2ndry.com
-
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD5f8b90422be5b06efe89f44fd1917ad66
SHA1b1d2b3d3915cb2a990771fa70319d2e32b1d9bc5
SHA2567fbaeccae7a95eb3254a7f7eb884e9aa903d58f30be9926b79bbad08b7bb3baf
SHA512c8f294dff789d934b9304cd16de1fe049293e6510a19339b7b6b501d9350722cab3b0d8839a14f0110d22e81d4cef6abcea43916b6279136399a682fa1669c74