Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 12:46 UTC
Static task
static1
Behavioral task
behavioral1
Sample
3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/dnjzh.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/dnjzh.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win10v2004-20240508-en
General
-
Target
3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe
-
Size
576KB
-
MD5
3f8bd70c2a1d539d39719def8dae269c
-
SHA1
2830dcc8d3aa5bb343b69d027cfbdd4213a5892d
-
SHA256
12d13fa5af83a903bb2bb107c3d7e366c13f466eec45cd28736ed466be20da91
-
SHA512
18c8f532aece864180a87c85c7f7dac382d58170de15395a4c4910f6fcb4f4175c9c120d70e3de6b297c2f6510875f31e2f80a73eb8e28df3169c1f0f0abd474
-
SSDEEP
12288:uv1BsjdFSXgK5XmhcQOgP3O4eAjdOmqmZtPYjB:uvjsjdO5scQL4A5ObkPYt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1972 eicabfbcaie.exe -
Loads dropped DLL 2 IoCs
pid Process 4036 3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe 4036 3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4556 1972 WerFault.exe 82 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4480 wmic.exe Token: SeSecurityPrivilege 4480 wmic.exe Token: SeTakeOwnershipPrivilege 4480 wmic.exe Token: SeLoadDriverPrivilege 4480 wmic.exe Token: SeSystemProfilePrivilege 4480 wmic.exe Token: SeSystemtimePrivilege 4480 wmic.exe Token: SeProfSingleProcessPrivilege 4480 wmic.exe Token: SeIncBasePriorityPrivilege 4480 wmic.exe Token: SeCreatePagefilePrivilege 4480 wmic.exe Token: SeBackupPrivilege 4480 wmic.exe Token: SeRestorePrivilege 4480 wmic.exe Token: SeShutdownPrivilege 4480 wmic.exe Token: SeDebugPrivilege 4480 wmic.exe Token: SeSystemEnvironmentPrivilege 4480 wmic.exe Token: SeRemoteShutdownPrivilege 4480 wmic.exe Token: SeUndockPrivilege 4480 wmic.exe Token: SeManageVolumePrivilege 4480 wmic.exe Token: 33 4480 wmic.exe Token: 34 4480 wmic.exe Token: 35 4480 wmic.exe Token: 36 4480 wmic.exe Token: SeIncreaseQuotaPrivilege 4480 wmic.exe Token: SeSecurityPrivilege 4480 wmic.exe Token: SeTakeOwnershipPrivilege 4480 wmic.exe Token: SeLoadDriverPrivilege 4480 wmic.exe Token: SeSystemProfilePrivilege 4480 wmic.exe Token: SeSystemtimePrivilege 4480 wmic.exe Token: SeProfSingleProcessPrivilege 4480 wmic.exe Token: SeIncBasePriorityPrivilege 4480 wmic.exe Token: SeCreatePagefilePrivilege 4480 wmic.exe Token: SeBackupPrivilege 4480 wmic.exe Token: SeRestorePrivilege 4480 wmic.exe Token: SeShutdownPrivilege 4480 wmic.exe Token: SeDebugPrivilege 4480 wmic.exe Token: SeSystemEnvironmentPrivilege 4480 wmic.exe Token: SeRemoteShutdownPrivilege 4480 wmic.exe Token: SeUndockPrivilege 4480 wmic.exe Token: SeManageVolumePrivilege 4480 wmic.exe Token: 33 4480 wmic.exe Token: 34 4480 wmic.exe Token: 35 4480 wmic.exe Token: 36 4480 wmic.exe Token: SeIncreaseQuotaPrivilege 4300 wmic.exe Token: SeSecurityPrivilege 4300 wmic.exe Token: SeTakeOwnershipPrivilege 4300 wmic.exe Token: SeLoadDriverPrivilege 4300 wmic.exe Token: SeSystemProfilePrivilege 4300 wmic.exe Token: SeSystemtimePrivilege 4300 wmic.exe Token: SeProfSingleProcessPrivilege 4300 wmic.exe Token: SeIncBasePriorityPrivilege 4300 wmic.exe Token: SeCreatePagefilePrivilege 4300 wmic.exe Token: SeBackupPrivilege 4300 wmic.exe Token: SeRestorePrivilege 4300 wmic.exe Token: SeShutdownPrivilege 4300 wmic.exe Token: SeDebugPrivilege 4300 wmic.exe Token: SeSystemEnvironmentPrivilege 4300 wmic.exe Token: SeRemoteShutdownPrivilege 4300 wmic.exe Token: SeUndockPrivilege 4300 wmic.exe Token: SeManageVolumePrivilege 4300 wmic.exe Token: 33 4300 wmic.exe Token: 34 4300 wmic.exe Token: 35 4300 wmic.exe Token: 36 4300 wmic.exe Token: SeIncreaseQuotaPrivilege 4300 wmic.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 4036 wrote to memory of 1972 4036 3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe 82 PID 4036 wrote to memory of 1972 4036 3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe 82 PID 4036 wrote to memory of 1972 4036 3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe 82 PID 1972 wrote to memory of 4480 1972 eicabfbcaie.exe 83 PID 1972 wrote to memory of 4480 1972 eicabfbcaie.exe 83 PID 1972 wrote to memory of 4480 1972 eicabfbcaie.exe 83 PID 1972 wrote to memory of 4300 1972 eicabfbcaie.exe 86 PID 1972 wrote to memory of 4300 1972 eicabfbcaie.exe 86 PID 1972 wrote to memory of 4300 1972 eicabfbcaie.exe 86 PID 1972 wrote to memory of 544 1972 eicabfbcaie.exe 89 PID 1972 wrote to memory of 544 1972 eicabfbcaie.exe 89 PID 1972 wrote to memory of 544 1972 eicabfbcaie.exe 89 PID 1972 wrote to memory of 1700 1972 eicabfbcaie.exe 91 PID 1972 wrote to memory of 1700 1972 eicabfbcaie.exe 91 PID 1972 wrote to memory of 1700 1972 eicabfbcaie.exe 91 PID 1972 wrote to memory of 1428 1972 eicabfbcaie.exe 94 PID 1972 wrote to memory of 1428 1972 eicabfbcaie.exe 94 PID 1972 wrote to memory of 1428 1972 eicabfbcaie.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3f8bd70c2a1d539d39719def8dae269c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Users\Admin\AppData\Local\Temp\eicabfbcaie.exeC:\Users\Admin\AppData\Local\Temp\eicabfbcaie.exe 2-9-0-0-2-7-3-1-7-8-8 LUdJRDsqNjIvKxgtSlVCTkJBPCkYJ0w8VFdNS0hIPTUpIykwcHBoYXRcbGZfZGU9UF5mbFpfXR4mRElRTUZDNiovNSgyIC08RkM2KBgtR1JPQk5AU1hBPDspNjkyLB0uTD1KVDxSX1NLSTxhbGxuMS8vcWtzLT09S0kkVE9OJj5PSSZBTD1PIC08SUg8Q0FCNCAvQio6LCoYJ0IpPS0vGSxDLDUlLxcvRDI2KjAZJzwzNC0xHihNUUg8TUFLX1BQQlNAPFE1HiZQUk09UkJNVz1TQ0E9HihNUUg8TUFLX04/RkI8GSc9VjxfVVBFOh8oPVBDVkNNQkVGTT41GC0/T1NSWD9RSE9LQ0k9NR4oUUc6RkNXRlVfU0tJPBknTks0MiAtPVAwNhgnUExOVEdGQl5QPURBRk1FR0Y+Rj5NSko0IC9HTFxRTkZMR0RFPXJrcmQZJ0pDS1VSTEJLRlhNS0NJX0Q/UlA8KxgnRkBERVY2Lh8oQUtdO1lOP0ZGQlg9RkFJWVBSPkE8X1lkcVwgL0JIVE1FRzlCVklQOzIyLSosJjAuLjQ3GSxTQkU9Oyg0MjYuLjgrMS4eJkRPVUdJTjo8V1JATUU7LSw3KCooLywqNjguMTkuLiJORA==2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Windows\SysWOW64\Wbem\wmic.exewmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get serialnumber3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4480
-
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4300
-
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version3⤵PID:544
-
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version3⤵PID:1700
-
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /output:C:\Users\Admin\AppData\Local\Temp\81715604390.txt bios get version3⤵PID:1428
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 9603⤵
- Program crash
PID:4556
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1972 -ip 19721⤵PID:2852
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestsrv.desk-top-app.infoIN AResponse
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; domain=.bing.com; expires=Sat, 07-Jun-2025 12:46:32 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 542EE2430AB34EA3BB80C3BE2BDFA330 Ref B: LON04EDGE0709 Ref C: 2024-05-13T12:46:32Z
date: Mon, 13 May 2024 12:46:32 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Zl2-e-kkvTLByaHE5tIZRGuub9pai2ULjcJyyC8TlWk; domain=.bing.com; expires=Sat, 07-Jun-2025 12:46:33 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FB3FB2B027AB4B54BF9BADE8C3E0E060 Ref B: LON04EDGE0709 Ref C: 2024-05-13T12:46:33Z
date: Mon, 13 May 2024 12:46:33 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038Remote address:23.62.61.57:443RequestGET /aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BE1719C1872740A9B75CCDD1CABF8912 Ref B: BRU30EDGE0806 Ref C: 2024-05-13T12:46:33Z
content-length: 0
date: Mon, 13 May 2024 12:46:33 GMT
set-cookie: _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484; path=/; httponly; domain=bing.com
set-cookie: MUIDB=18D4390EC33C6D1715892D70C21B6CCC; path=/; httponly; expires=Sat, 07-Jun-2025 12:46:33 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.353d3e17.1715604393.c524a70
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.61.62.23.in-addr.arpaIN PTRResponse57.61.62.23.in-addr.arpaIN PTRa23-62-61-57deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.57:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=18D4390EC33C6D1715892D70C21B6CCC; _EDGE_S=SID=22A2ABE2C32E658F3045BF9CC2666484; MSPTC=Zl2-e-kkvTLByaHE5tIZRGuub9pai2ULjcJyyC8TlWk; MUIDB=18D4390EC33C6D1715892D70C21B6CCC
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Mon, 13 May 2024 12:46:35 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.353d3e17.1715604395.c525486
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request101.58.20.217.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 382817
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1A5168EC74DD43129286775225957700 Ref B: LON04EDGE1105 Ref C: 2024-05-13T12:48:13Z
date: Mon, 13 May 2024 12:48:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 464243
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 582DE38F311142A99F79200D1F4670A6 Ref B: LON04EDGE1105 Ref C: 2024-05-13T12:48:13Z
date: Mon, 13 May 2024 12:48:12 GMT
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949tls, http22.5kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8_-P7cA9a2g6LBsmye3rdUTVUCUxZh5igz2E_3bdO1csVn86LKWlqJoru2yRhZQg-uowmw_j6dQPI1tBe9Ct6a-gejKmvAk2GmN8gQVLcY8iz-uu0Cm9JNsmg3IqN7hV_uOhhgshPh9e8WK-U2ndiD7GJATvdadqhlvfdVK7nj9_n5BSa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D678b230d80f81aa6e5bf4526293b6bd8&TIME=20240426T131931Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949HTTP Response
204 -
23.62.61.57:443https://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038tls, http21.5kB 5.4kB 17 12
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=701fa118dd454aaf8c364d83986fc16c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131931Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038HTTP Response
200 -
23.62.61.57:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.7kB 6.4kB 18 13
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http230.5kB 883.9kB 646 644
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
67 B 146 B 1 1
DNS Request
srv.desk-top-app.info
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
57.61.62.23.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
101.58.20.217.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66B
MD59025468f85256136f923096b01375964
SHA17fcd174999661594fa5f88890ffb195e9858cc52
SHA256d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df
SHA51292cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
58B
MD5f8e2f71e123c5a848f2a83d2a7aef11e
SHA15e7a9a2937fa4f06fdf3e33d7def7de431c159b4
SHA25679dae8edfddb5a748fb1ed83c87081b245aeff9178c95dcf5fbaaed6baf82121
SHA5128d34a80d335ee5be5d899b19b385aeaeb6bc5480fd72d3d9e96269da2f544ccc13b30fd23111980de736a612b8beb24ff062f6bed2eb2d252dbe07a2ffeb701e
-
Filesize
764KB
MD5261e425df9398ec6ba2c22a994bb6c9f
SHA12f6e9e5157ab05cd79bde5e56c1ed8617a7e47ce
SHA2564370d1379add8e8ba10acdf46122343046670f1cc413fd146024a0a8f56449ac
SHA51281b2c8c7d8a59dae8f299ae275995c99bbc4f85aabb2a5a837997fd4338b3185ddafee367701305ea30fbe43361d9fc121752e7ff9988db8bfc99652a765423e
-
Filesize
125KB
MD57d7518d98e68eebbb02ee06a931fd0c6
SHA173a1c22beb0381aa241a4542df29d20a9da5e033
SHA2566fd1735c87fd55624f93a5141710324ba6c23788c8804ce387592a6599fe7f14
SHA512bb33af0a4b0f21fb13112cdd6880575c5ff7b19b67ec6db74f7c558a7666f8aa34864650313a4e5f56afb239da0d7e1a6c9e6c1d789907aa2c31e930e7103117
-
Filesize
40KB
MD55f13dbc378792f23e598079fc1e4422b
SHA15813c05802f15930aa860b8363af2b58426c8adf
SHA2566e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d
SHA5129270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5