Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:09

General

  • Target

    SCPH-70004_BIOS_V12_PAL_200.nvm

  • Size

    1024B

  • MD5

    5195b9111609959d3a20e2fb9527edbd

  • SHA1

    d3cb3b94c73e7a8afedc8294b108630a9df8164c

  • SHA256

    5c3c7a9493f2adddb1fa79218f42132f5f0a4807e8d7b5b1baa1b7ecc9b0c39b

  • SHA512

    ee06b092c0d4e87e63bc35f3d1b1f836f7caa635f7a33443c45015b5dce98cce47a537a45d277f772c09e1d28393742edfcdd5863ac0c2f8b1ab02c542e847a2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SCPH-70004_BIOS_V12_PAL_200.nvm
    1⤵
    • Modifies registry class
    PID:3096
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3060

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2A72BC11F98A656F18D4A88CF8316469; domain=.bing.com; expires=Tue, 08-Jul-2025 02:09:47 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ECE5ACDF147441E9AD7E06F68958D5FC Ref B: LON04EDGE0806 Ref C: 2024-06-13T02:09:47Z
    date: Thu, 13 Jun 2024 02:09:47 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2A72BC11F98A656F18D4A88CF8316469; _EDGE_S=SID=0F50D9A19F2E6D1E0D0FCD3C9E846CF1
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=UCck0nG_FRKxwSxMLI_m0-j3PG4EHGB1pSU4k95MMzo; domain=.bing.com; expires=Tue, 08-Jul-2025 02:09:48 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2D663F39C6254E3A96593AF8FCF965F5 Ref B: LON04EDGE0806 Ref C: 2024-06-13T02:09:48Z
    date: Thu, 13 Jun 2024 02:09:47 GMT
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2A72BC11F98A656F18D4A88CF8316469
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7C647BD8E0B44043BDDBF069A9D83757 Ref B: DUS30EDGE0814 Ref C: 2024-06-13T02:09:48Z
    content-length: 0
    date: Thu, 13 Jun 2024 02:09:48 GMT
    set-cookie: _EDGE_S=SID=0F50D9A19F2E6D1E0D0FCD3C9E846CF1; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=2A72BC11F98A656F18D4A88CF8316469; path=/; httponly; expires=Tue, 08-Jul-2025 02:09:48 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1718244588.c779a5
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
    tls, http2
    2.4kB
    9.0kB
    19
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8-1a5dLxKbiZLkk_dfgkkADVUCUz0L7Y9XTBi7NxLsfu4DzEMJQGhFC2k4nfaiAAJxUzuw25Ewv4p149aBt3RZHSEiWo9BBrOOdqH0ftKGiOTXrnsy_Wnz1FZv4UWtGs2momzEOhVd72BKiSKtg22JY7rJ9dLP78Zs6uF_eWjqx2PuSid%26u%3DbXMtd2luZG93cy1zdG9yZSUzYSUyZiUyZnBkcCUyZiUzZnByb2R1Y3RpZCUzZENGUTdUVEMwSzVETSUyNm9jaWQlM2RjbW01OHN0NzB4cA%26rlid%3D61a20e3b7c251a62ea7f6853a9e295a8&TIME=20240611T225606Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

    HTTP Response

    204
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
    tls, http2
    1.5kB
    5.4kB
    17
    13

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=1680bff8e4844cf89c28c5777b86a98d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225606Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

    HTTP Response

    200
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.