Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 12:46 UTC

General

  • Target

    3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe

  • Size

    576KB

  • MD5

    3f8bd70c2a1d539d39719def8dae269c

  • SHA1

    2830dcc8d3aa5bb343b69d027cfbdd4213a5892d

  • SHA256

    12d13fa5af83a903bb2bb107c3d7e366c13f466eec45cd28736ed466be20da91

  • SHA512

    18c8f532aece864180a87c85c7f7dac382d58170de15395a4c4910f6fcb4f4175c9c120d70e3de6b297c2f6510875f31e2f80a73eb8e28df3169c1f0f0abd474

  • SSDEEP

    12288:uv1BsjdFSXgK5XmhcQOgP3O4eAjdOmqmZtPYjB:uvjsjdO5scQL4A5ObkPYt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Users\Admin\AppData\Local\Temp\eicabfbcaie.exe
      C:\Users\Admin\AppData\Local\Temp\eicabfbcaie.exe 2-9-0-0-2-7-3-1-7-8-8 LUdJRDsqNjIvKxgtSlVCTkJBPCkYJ0w8VFdNS0hIPTUpIykwcHBoYXRcbGZfZGU9UF5mbFpfXR4mRElRTUZDNiovNSgyIC08RkM2KBgtR1JPQk5AU1hBPDspNjkyLB0uTD1KVDxSX1NLSTxhbGxuMS8vcWtzLT09S0kkVE9OJj5PSSZBTD1PIC08SUg8Q0FCNCAvQio6LCoYJ0IpPS0vGSxDLDUlLxcvRDI2KjAZJzwzNC0xHihNUUg8TUFLX1BQQlNAPFE1HiZQUk09UkJNVz1TQ0E9HihNUUg8TUFLX04/RkI8GSc9VjxfVVBFOh8oPVBDVkNNQkVGTT41GC0/T1NSWD9RSE9LQ0k9NR4oUUc6RkNXRlVfU0tJPBknTks0MiAtPVAwNhgnUExOVEdGQl5QPURBRk1FR0Y+Rj5NSko0IC9HTFxRTkZMR0RFPXJrcmQZJ0pDS1VSTEJLRlhNS0NJX0Q/UlA8KxgnRkBERVY2Lh8oQUtdO1lOP0ZGQlg9RkFJWVBSPkE8X1lkcVwgL0JIVE1FRzlCVklQOzIyLSosJjAuLjQ3GSxTQkU9Oyg0MjYuLjgrMS4eJkRPVUdJTjo8V1JATUU7LSw3KCooLywqNjguMTkuLiJORA==
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4480
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4300
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version
        3⤵
          PID:544
        • C:\Windows\SysWOW64\Wbem\wmic.exe
          wmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version
          3⤵
            PID:1700
          • C:\Windows\SysWOW64\Wbem\wmic.exe
            wmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version
            3⤵
              PID:1428
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 960
              3⤵
              • Program crash
              PID:4556
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1972 -ip 1972
          1⤵
            PID:2852

          Network

          • flag-us
            DNS
            8.8.8.8.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            8.8.8.8.in-addr.arpa
            IN PTR
            Response
            8.8.8.8.in-addr.arpa
            IN PTR
            dnsgoogle
          • flag-us
            DNS
            srv.desk-top-app.info
            eicabfbcaie.exe
            Remote address:
            8.8.8.8:53
            Request
            srv.desk-top-app.info
            IN A
            Response
          • flag-us
            DNS
            77.190.18.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            77.190.18.2.in-addr.arpa
            IN PTR
            Response
            77.190.18.2.in-addr.arpa
            IN PTR
            a2-18-190-77deploystaticakamaitechnologiescom
          • flag-us
            DNS
            13.86.106.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            13.86.106.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
            Response
            g.bing.com
            IN CNAME
            g-bing-com.dual-a-0034.a-msedge.net
            g-bing-com.dual-a-0034.a-msedge.net
            IN CNAME
            dual-a-0034.a-msedge.net
            dual-a-0034.a-msedge.net
            IN A
            204.79.197.237
            dual-a-0034.a-msedge.net
            IN A
            13.107.21.237
          • flag-us
            GET
            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
            Remote address:
            204.79.197.237:443
            Request
            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
            host: g.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            Response
            HTTP/2.0 204
            cache-control: no-cache, must-revalidate
            pragma: no-cache
            expires: Fri, 01 Jan 1990 00:00:00 GMT
            set-cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; domain=.bing.com; expires=Sat, 07-Jun-2025 12:46:32 GMT; path=/; SameSite=None; Secure; Priority=High;
            strict-transport-security: max-age=31536000; includeSubDomains; preload
            access-control-allow-origin: *
            x-cache: CONFIG_NOCACHE
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 542EE2430AB34EA3BB80C3BE2BDFA330 Ref B: LON04EDGE0709 Ref C: 2024-05-13T12:46:32Z
            date: Mon, 13 May 2024 12:46:32 GMT
          • flag-us
            GET
            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
            Remote address:
            204.79.197.237:443
            Request
            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
            host: g.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484
            Response
            HTTP/2.0 204
            cache-control: no-cache, must-revalidate
            pragma: no-cache
            expires: Fri, 01 Jan 1990 00:00:00 GMT
            set-cookie: MSPTC=Zl2-e-kkvTLByaHE5tIZRGuub9pai2ULjcJyyC8TlWk; domain=.bing.com; expires=Sat, 07-Jun-2025 12:46:33 GMT; path=/; Partitioned; secure; SameSite=None
            strict-transport-security: max-age=31536000; includeSubDomains; preload
            access-control-allow-origin: *
            x-cache: CONFIG_NOCACHE
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: FB3FB2B027AB4B54BF9BADE8C3E0E060 Ref B: LON04EDGE0709 Ref C: 2024-05-13T12:46:33Z
            date: Mon, 13 May 2024 12:46:33 GMT
          • flag-nl
            GET
            https://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
            Remote address:
            23.62.61.57:443
            Request
            GET /aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
            host: www.bing.com
            accept-encoding: gzip, deflate
            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
            cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC
            Response
            HTTP/2.0 200
            cache-control: private,no-store
            pragma: no-cache
            vary: Origin
            p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: BE1719C1872740A9B75CCDD1CABF8912 Ref B: BRU30EDGE0806 Ref C: 2024-05-13T12:46:33Z
            content-length: 0
            date: Mon, 13 May 2024 12:46:33 GMT
            set-cookie: _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484; path=/; httponly; domain=bing.com
            set-cookie: MUIDB=18D4390EC33C6D1715892D70C21B6CCC; path=/; httponly; expires=Sat, 07-Jun-2025 12:46:33 GMT
            alt-svc: h3=":443"; ma=93600
            x-cdn-traceid: 0.353d3e17.1715604393.c524a70
          • flag-us
            DNS
            95.221.229.192.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            95.221.229.192.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            237.197.79.204.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            237.197.79.204.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            57.61.62.23.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            57.61.62.23.in-addr.arpa
            IN PTR
            Response
            57.61.62.23.in-addr.arpa
            IN PTR
            a23-62-61-57deploystaticakamaitechnologiescom
          • flag-nl
            GET
            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
            Remote address:
            23.62.61.57:443
            Request
            GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
            host: www.bing.com
            accept: */*
            cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484; MSPTC=Zl2-e-kkvTLByaHE5tIZRGuub9pai2ULjcJyyC8TlWk; MUIDB=18D4390EC33C6D1715892D70C21B6CCC
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-type: image/png
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            content-length: 1107
            date: Mon, 13 May 2024 12:46:35 GMT
            alt-svc: h3=":443"; ma=93600
            x-cdn-traceid: 0.353d3e17.1715604395.c525486
          • flag-us
            DNS
            26.35.223.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            26.35.223.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            228.249.119.40.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            228.249.119.40.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            183.59.114.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            183.59.114.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            171.39.242.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            171.39.242.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            101.58.20.217.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            101.58.20.217.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            79.190.18.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            79.190.18.2.in-addr.arpa
            IN PTR
            Response
            79.190.18.2.in-addr.arpa
            IN PTR
            a2-18-190-79deploystaticakamaitechnologiescom
          • flag-us
            DNS
            205.47.74.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            205.47.74.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            31.243.111.52.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            31.243.111.52.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            tse1.mm.bing.net
            Remote address:
            8.8.8.8:53
            Request
            tse1.mm.bing.net
            IN A
            Response
            tse1.mm.bing.net
            IN CNAME
            mm-mm.bing.net.trafficmanager.net
            mm-mm.bing.net.trafficmanager.net
            IN CNAME
            dual-a-0001.a-msedge.net
            dual-a-0001.a-msedge.net
            IN A
            204.79.197.200
            dual-a-0001.a-msedge.net
            IN A
            13.107.21.200
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 382817
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 1A5168EC74DD43129286775225957700 Ref B: LON04EDGE1105 Ref C: 2024-05-13T12:48:13Z
            date: Mon, 13 May 2024 12:48:12 GMT
          • flag-us
            GET
            https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
            Remote address:
            204.79.197.200:443
            Request
            GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
            host: tse1.mm.bing.net
            accept: */*
            accept-encoding: gzip, deflate, br
            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
            Response
            HTTP/2.0 200
            cache-control: public, max-age=2592000
            content-length: 464243
            content-type: image/jpeg
            x-cache: TCP_HIT
            access-control-allow-origin: *
            access-control-allow-headers: *
            access-control-allow-methods: GET, POST, OPTIONS
            timing-allow-origin: *
            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            x-msedge-ref: Ref A: 582DE38F311142A99F79200D1F4670A6 Ref B: LON04EDGE1105 Ref C: 2024-05-13T12:48:13Z
            date: Mon, 13 May 2024 12:48:12 GMT
          • 204.79.197.237:443
            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
            tls, http2
            2.5kB
            9.0kB
            20
            17

            HTTP Request

            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

            HTTP Response

            204

            HTTP Request

            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

            HTTP Response

            204
          • 23.62.61.57:443
            https://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
            tls, http2
            1.5kB
            5.4kB
            17
            12

            HTTP Request

            GET https://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

            HTTP Response

            200
          • 23.62.61.57:443
            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
            tls, http2
            1.7kB
            6.4kB
            18
            13

            HTTP Request

            GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

            HTTP Response

            200
          • 204.79.197.200:443
            tse1.mm.bing.net
            tls, http2
            1.2kB
            8.1kB
            16
            14
          • 204.79.197.200:443
            https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
            tls, http2
            30.5kB
            883.9kB
            646
            644

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

            HTTP Request

            GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

            HTTP Response

            200

            HTTP Response

            200
          • 8.8.8.8:53
            8.8.8.8.in-addr.arpa
            dns
            66 B
            90 B
            1
            1

            DNS Request

            8.8.8.8.in-addr.arpa

          • 8.8.8.8:53
            srv.desk-top-app.info
            dns
            eicabfbcaie.exe
            67 B
            146 B
            1
            1

            DNS Request

            srv.desk-top-app.info

          • 8.8.8.8:53
            77.190.18.2.in-addr.arpa
            dns
            70 B
            133 B
            1
            1

            DNS Request

            77.190.18.2.in-addr.arpa

          • 8.8.8.8:53
            13.86.106.20.in-addr.arpa
            dns
            71 B
            157 B
            1
            1

            DNS Request

            13.86.106.20.in-addr.arpa

          • 8.8.8.8:53
            g.bing.com
            dns
            56 B
            151 B
            1
            1

            DNS Request

            g.bing.com

            DNS Response

            204.79.197.237
            13.107.21.237

          • 8.8.8.8:53
            95.221.229.192.in-addr.arpa
            dns
            73 B
            144 B
            1
            1

            DNS Request

            95.221.229.192.in-addr.arpa

          • 8.8.8.8:53
            237.197.79.204.in-addr.arpa
            dns
            73 B
            143 B
            1
            1

            DNS Request

            237.197.79.204.in-addr.arpa

          • 8.8.8.8:53
            57.61.62.23.in-addr.arpa
            dns
            70 B
            133 B
            1
            1

            DNS Request

            57.61.62.23.in-addr.arpa

          • 8.8.8.8:53
            26.35.223.20.in-addr.arpa
            dns
            71 B
            157 B
            1
            1

            DNS Request

            26.35.223.20.in-addr.arpa

          • 8.8.8.8:53
            228.249.119.40.in-addr.arpa
            dns
            73 B
            159 B
            1
            1

            DNS Request

            228.249.119.40.in-addr.arpa

          • 8.8.8.8:53
            183.59.114.20.in-addr.arpa
            dns
            72 B
            158 B
            1
            1

            DNS Request

            183.59.114.20.in-addr.arpa

          • 8.8.8.8:53
            171.39.242.20.in-addr.arpa
            dns
            72 B
            158 B
            1
            1

            DNS Request

            171.39.242.20.in-addr.arpa

          • 8.8.8.8:53
            101.58.20.217.in-addr.arpa
            dns
            72 B
            132 B
            1
            1

            DNS Request

            101.58.20.217.in-addr.arpa

          • 8.8.8.8:53
            79.190.18.2.in-addr.arpa
            dns
            70 B
            133 B
            1
            1

            DNS Request

            79.190.18.2.in-addr.arpa

          • 8.8.8.8:53
            205.47.74.20.in-addr.arpa
            dns
            71 B
            157 B
            1
            1

            DNS Request

            205.47.74.20.in-addr.arpa

          • 8.8.8.8:53
            31.243.111.52.in-addr.arpa
            dns
            72 B
            158 B
            1
            1

            DNS Request

            31.243.111.52.in-addr.arpa

          • 8.8.8.8:53
            tse1.mm.bing.net
            dns
            62 B
            173 B
            1
            1

            DNS Request

            tse1.mm.bing.net

            DNS Response

            204.79.197.200
            13.107.21.200

          • 8.8.8.8:53

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\81715604390.txt

            Filesize

            66B

            MD5

            9025468f85256136f923096b01375964

            SHA1

            7fcd174999661594fa5f88890ffb195e9858cc52

            SHA256

            d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

            SHA512

            92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51

          • C:\Users\Admin\AppData\Local\Temp\81715604390.txt

            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

          • C:\Users\Admin\AppData\Local\Temp\81715604390.txt

            Filesize

            58B

            MD5

            f8e2f71e123c5a848f2a83d2a7aef11e

            SHA1

            5e7a9a2937fa4f06fdf3e33d7def7de431c159b4

            SHA256

            79dae8edfddb5a748fb1ed83c87081b245aeff9178c95dcf5fbaaed6baf82121

            SHA512

            8d34a80d335ee5be5d899b19b385aeaeb6bc5480fd72d3d9e96269da2f544ccc13b30fd23111980de736a612b8beb24ff062f6bed2eb2d252dbe07a2ffeb701e

          • C:\Users\Admin\AppData\Local\Temp\eicabfbcaie.exe

            Filesize

            764KB

            MD5

            261e425df9398ec6ba2c22a994bb6c9f

            SHA1

            2f6e9e5157ab05cd79bde5e56c1ed8617a7e47ce

            SHA256

            4370d1379add8e8ba10acdf46122343046670f1cc413fd146024a0a8f56449ac

            SHA512

            81b2c8c7d8a59dae8f299ae275995c99bbc4f85aabb2a5a837997fd4338b3185ddafee367701305ea30fbe43361d9fc121752e7ff9988db8bfc99652a765423e

          • C:\Users\Admin\AppData\Local\Temp\nsi346F.tmp\dnjzh.dll

            Filesize

            125KB

            MD5

            7d7518d98e68eebbb02ee06a931fd0c6

            SHA1

            73a1c22beb0381aa241a4542df29d20a9da5e033

            SHA256

            6fd1735c87fd55624f93a5141710324ba6c23788c8804ce387592a6599fe7f14

            SHA512

            bb33af0a4b0f21fb13112cdd6880575c5ff7b19b67ec6db74f7c558a7666f8aa34864650313a4e5f56afb239da0d7e1a6c9e6c1d789907aa2c31e930e7103117

          • C:\Users\Admin\AppData\Local\Temp\nsi346F.tmp\nsisunz.dll

            Filesize

            40KB

            MD5

            5f13dbc378792f23e598079fc1e4422b

            SHA1

            5813c05802f15930aa860b8363af2b58426c8adf

            SHA256

            6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

            SHA512

            9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.