Overview
overview
3Static
static
1ps2_bios (1).zip
windows7-x64
1ps2_bios (1).zip
windows10-2004-x64
1PS2 Bios 3...al.mec
windows7-x64
3PS2 Bios 3...al.mec
windows10-2004-x64
3PS2 Bios 3...al.nvm
windows7-x64
3PS2 Bios 3...al.nvm
windows10-2004-x64
3PS2 Bios 3...al.bin
windows7-x64
3PS2 Bios 3...al.bin
windows10-2004-x64
3SCPH-70004...00.bin
windows7-x64
3SCPH-70004...00.bin
windows10-2004-x64
3SCPH-70004...0.erom
windows7-x64
3SCPH-70004...0.erom
windows10-2004-x64
3SCPH-70004...00.nvm
windows7-x64
3SCPH-70004...00.nvm
windows10-2004-x64
3SCPH-70004...0.rom1
windows7-x64
3SCPH-70004...0.rom1
windows10-2004-x64
3SCPH-70004...0.rom2
windows7-x64
3SCPH-70004...0.rom2
windows10-2004-x64
3rom1.bin
windows7-x64
3rom1.bin
windows10-2004-x64
3scph10000.nvm
windows7-x64
3scph10000.nvm
windows10-2004-x64
3scph10000.bin
windows7-x64
3scph10000.bin
windows10-2004-x64
3scph39001.mec
windows7-x64
3scph39001.mec
windows10-2004-x64
3scph39001.nvm
windows7-x64
3scph39001.nvm
windows10-2004-x64
3scph39001.bin
windows7-x64
3scph39001.bin
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 02:09
Static task
static1
Behavioral task
behavioral1
Sample
ps2_bios (1).zip
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ps2_bios (1).zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
PS2 Bios 30004R V6 Pal.mec
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
PS2 Bios 30004R V6 Pal.mec
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
PS2 Bios 30004R V6 Pal.nvm
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
PS2 Bios 30004R V6 Pal.nvm
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
PS2 Bios 30004R V6 Pal.bin
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
PS2 Bios 30004R V6 Pal.bin
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
SCPH-70004_BIOS_V12_PAL_200.bin
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
SCPH-70004_BIOS_V12_PAL_200.bin
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
SCPH-70004_BIOS_V12_PAL_200.erom
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
SCPH-70004_BIOS_V12_PAL_200.erom
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
SCPH-70004_BIOS_V12_PAL_200.nvm
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
SCPH-70004_BIOS_V12_PAL_200.nvm
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
SCPH-70004_BIOS_V12_PAL_200.rom1
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
SCPH-70004_BIOS_V12_PAL_200.rom1
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
SCPH-70004_BIOS_V12_PAL_200.rom2
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
SCPH-70004_BIOS_V12_PAL_200.rom2
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
rom1.bin
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
rom1.bin
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
scph10000.nvm
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
scph10000.nvm
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
scph10000.bin
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
scph10000.bin
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
scph39001.mec
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
scph39001.mec
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
scph39001.nvm
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
scph39001.nvm
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
scph39001.bin
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
scph39001.bin
Resource
win10v2004-20240508-en
General
-
Target
SCPH-70004_BIOS_V12_PAL_200.nvm
-
Size
1024B
-
MD5
5195b9111609959d3a20e2fb9527edbd
-
SHA1
d3cb3b94c73e7a8afedc8294b108630a9df8164c
-
SHA256
5c3c7a9493f2adddb1fa79218f42132f5f0a4807e8d7b5b1baa1b7ecc9b0c39b
-
SHA512
ee06b092c0d4e87e63bc35f3d1b1f836f7caa635f7a33443c45015b5dce98cce47a537a45d277f772c09e1d28393742edfcdd5863ac0c2f8b1ab02c542e847a2
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3060 OpenWith.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8BRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2A72BC11F98A656F18D4A88CF8316469; domain=.bing.com; expires=Tue, 08-Jul-2025 02:09:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ECE5ACDF147441E9AD7E06F68958D5FC Ref B: LON04EDGE0806 Ref C: 2024-06-13T02:09:47Z
date: Thu, 13 Jun 2024 02:09:47 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8BRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A72BC11F98A656F18D4A88CF8316469; _EDGE_S=SID=0F50D9A19F2E6D1E0D0FCD3C9E846CF1
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=UCck0nG_FRKxwSxMLI_m0-j3PG4EHGB1pSU4k95MMzo; domain=.bing.com; expires=Tue, 08-Jul-2025 02:09:48 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D663F39C6254E3A96593AF8FCF965F5 Ref B: LON04EDGE0806 Ref C: 2024-06-13T02:09:48Z
date: Thu, 13 Jun 2024 02:09:47 GMT
-
Remote address:8.8.8.8:53Request71.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525Remote address:23.62.61.194:443RequestGET /aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A72BC11F98A656F18D4A88CF8316469
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7C647BD8E0B44043BDDBF069A9D83757 Ref B: DUS30EDGE0814 Ref C: 2024-06-13T02:09:48Z
content-length: 0
date: Thu, 13 Jun 2024 02:09:48 GMT
set-cookie: _EDGE_S=SID=0F50D9A19F2E6D1E0D0FCD3C9E846CF1; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2A72BC11F98A656F18D4A88CF8316469; path=/; httponly; expires=Tue, 08-Jul-2025 02:09:48 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1718244588.c779a5
-
Remote address:8.8.8.8:53Request194.61.62.23.in-addr.arpaIN PTRResponse194.61.62.23.in-addr.arpaIN PTRa23-62-61-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8Btls, http22.4kB 9.0kB 19 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8BHTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8BHTTP Response
204 -
23.62.61.194:443https://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525tls, http21.5kB 5.4kB 17 13
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525HTTP Response
200
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 157 B 1 1
DNS Request
71.31.126.40.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
194.61.62.23.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa