4f9371a9a6de02e842a842b33488b9b139b8ba7de54476aa120aba5f7995ac27

Analysis

max time kernel
148s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 08:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad9a6cc3d1eae0c41d3fb7a81f8a1e60_JaffaCakes118.html
Size

2KB
MD5

ad9a6cc3d1eae0c41d3fb7a81f8a1e60
SHA1

5adbd5e9358ece20a22390fe423d416d2acf8b79
SHA256

4f9371a9a6de02e842a842b33488b9b139b8ba7de54476aa120aba5f7995ac27
SHA512

86ffa9d0c9b84948dcdcda2b9db5d093d5d3557b0a61bf3a47f66c7b83753a7555cb7c1210704ae43748d11f96c18e44da738ce93fb570e59bb3c56384c8853b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
4176	msedge.exe
4176	msedge.exe
1172	identity_helper.exe
1172	identity_helper.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 1612	4176	msedge.exe	82
PID 4176 wrote to memory of 1612	4176	msedge.exe	82
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 752	4176	msedge.exe	83
PID 4176 wrote to memory of 3612	4176	msedge.exe	84
PID 4176 wrote to memory of 3612	4176	msedge.exe	84
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85
PID 4176 wrote to memory of 3864	4176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad9a6cc3d1eae0c41d3fb7a81f8a1e60_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff934fa46f8,0x7ff934fa4708,0x7ff934fa4718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2586949720392643839,4177808959074409369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

Network

DNS

content.incapsula.com

Remote address:

8.8.8.8:53

Request

content.incapsula.com

IN A

Response

content.incapsula.com

IN CNAME

bpyhz.x.incapdns.net

bpyhz.x.incapdns.net

IN A

149.126.74.200
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0651E68A27D762BC1FD1F215263763AD; domain=.bing.com; expires=Thu, 10-Jul-2025 08:46:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED82BA6054B4492DB3C9CF014AA589F7 Ref B: LON04EDGE1205 Ref C: 2024-06-15T08:46:56Z
date: Sat, 15 Jun 2024 08:46:55 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0651E68A27D762BC1FD1F215263763AD; _EDGE_S=SID=14F971C52ADE69792281655A2B336804

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=08l9st0-_jEBG11MfB2LvPQEXKtcEdH7Vx4KkLivf4g; domain=.bing.com; expires=Thu, 10-Jul-2025 08:46:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92C9A384FEDF4B3EB735AC38DBCB1A2A Ref B: LON04EDGE1205 Ref C: 2024-06-15T08:46:56Z
date: Sat, 15 Jun 2024 08:46:55 GMT
DNS

content.incapsula.com

Remote address:

8.8.8.8:53

Request

content.incapsula.com

IN A

Response

content.incapsula.com

IN CNAME

bpyhz.x.incapdns.net

bpyhz.x.incapdns.net

IN A

149.126.74.200
DNS

bpyhz.x.incapdns.net

Remote address:

8.8.8.8:53

Request

bpyhz.x.incapdns.net

IN A

Response

bpyhz.x.incapdns.net

IN A

149.126.74.200
GET

https://www.bing.com/aes/c.gif?RG=23f475e302324b7998d45a40268a998a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193450Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=23f475e302324b7998d45a40268a998a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193450Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0651E68A27D762BC1FD1F215263763AD

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 354BFF4805414521AB1A18C3BEBFCE44 Ref B: AMS04EDGE3414 Ref C: 2024-06-15T08:46:56Z
content-length: 0
date: Sat, 15 Jun 2024 08:46:56 GMT
set-cookie: _EDGE_S=SID=14F971C52ADE69792281655A2B336804; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0651E68A27D762BC1FD1F215263763AD; path=/; httponly; expires=Thu, 10-Jul-2025 08:46:56 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1718441216.934e347
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

200.74.126.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.74.126.149.in-addr.arpa

IN PTR

Response

200.74.126.149.in-addr.arpa

IN PTR

14912674200ipincapdnsnet
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

35.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.15.31.184.in-addr.arpa

IN PTR

Response

35.15.31.184.in-addr.arpa

IN PTR

a184-31-15-35deploystaticakamaitechnologiescom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response

149.126.74.200:445

content.incapsula.com

260 B
5
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

tls, http2

2.5kB
9.0kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bBELcf9fDxQ6UBH00L43wjVUCUzpzx3W2Fs1ouKWO4Hq-oxDeOM8w1422gayRgEOBWHVxiVUN7Jn3yhw-s-k5G7ehFvV_iit0I5x7fcbfUsBHbx3HOLWIHmgv0rkf0lk6OvBLsHTHheayYyhDYYPHqWpuV8tUKKj77FSRSpz5BLho-N3%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D60d25539b55414d3e771335113949247&TIME=20240611T193450Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

HTTP Response

204
149.126.74.200:139

content.incapsula.com

256 B
1.1kB
4
5
149.126.74.200:139

bpyhz.x.incapdns.net

256 B
1.1kB
4
5
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=23f475e302324b7998d45a40268a998a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193450Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670

tls, http2

1.5kB
5.5kB
18
13

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=23f475e302324b7998d45a40268a998a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193450Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670

HTTP Response

200

8.8.8.8:53

content.incapsula.com

dns

67 B
117 B
1
1

DNS Request

content.incapsula.com

DNS Response

149.126.74.200
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

content.incapsula.com

dns

67 B
117 B
1
1

DNS Request

content.incapsula.com

DNS Response

149.126.74.200
8.8.8.8:53

bpyhz.x.incapdns.net

dns

66 B
82 B
1
1

DNS Request

bpyhz.x.incapdns.net

DNS Response

149.126.74.200
8.8.8.8:53

203.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

203.107.17.2.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

200.74.126.149.in-addr.arpa

dns

73 B
117 B
1
1

DNS Request

200.74.126.149.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

448 B
7
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

35.15.31.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

35.15.31.184.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a650d47ec9e1528d83e08bd3d8290648

SHA1
11f90e39beb63057fcbc288db7a2ef3b8772dc8a

SHA256
37d470df423d10a877336898865b0095c26f2736d26ba38b9b354f94113419cd

SHA512
39e824d3963e3b6241be5805798c4e055b0d410b770cab79cae8c4697673782e0b929868a0c5f054c18feb956bdc8f82d7c399b7d6c9f539b498efdb5dd57b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
078edfc65ea55719f4ce756d96384ae4

SHA1
0765a96603a3e1944544c6f751cff11e9992a3d1

SHA256
6805cf346dd44f291c892ae6bf2bb131e2daa3288a3df9b75f8ff29c8efc4e9b

SHA512
a165bf7dd5867df6b7cb1656921580c843136195f1f98cdea20f9904332905c2d15bf66d970c622d718a0debee267abc68bd7a2661c1bd3c524b3d6310d0ff48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
282fa2c8892e5d4665da8249915e0ff0

SHA1
6505b44c0c750c8e679a90f18c23ebe54300d8d8

SHA256
f1420f9a859b54ea05df93dbe6b66b0d802093fc4247d0abf914b5249ec20278

SHA512
ae78edab635e1285445f50b8f78f3cc80f9f7fb6af1507d08dd1b4577905c6a77b1932eca56a33be33447b2845a1feb57f7b47ce3b45f22b36d07d77c3c1d131

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.