Resubmissions

17/06/2024, 07:23 UTC

240617-h73bbszepa 8

17/06/2024, 07:20 UTC

240617-h53t3stfmj 1

17/06/2024, 07:17 UTC

240617-h4dhsszdkg 8

17/06/2024, 06:22 UTC

240617-g49essyaqa 8

Analysis

  • max time kernel
    30s
  • max time network
    13s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/06/2024, 07:20 UTC

General

  • Target

    GTS Root R1.crt

  • Size

    1KB

  • MD5

    821aefd4d24af29fe23d970614707285

  • SHA1

    e1c950e6ef22f84c5645728b922060d7d5a7a3e8

  • SHA256

    2a575471e31340bc21581cbd2cf13e158463203ece94bcf9d3cc196bf09a5472

  • SHA512

    09e0650545e751ed02aecaeebb041ff031d7533cdd31702d8ac012e5a487eda58936f7541a1d144f64f621b48e6996f37552a5052bd93a5f5507354a243d1eec

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCER "C:\Users\Admin\AppData\Local\Temp\GTS Root R1.crt"
    1⤵
      PID:4552

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=39AE3D977B916E01223629367A2A6F5A; domain=.bing.com; expires=Sat, 12-Jul-2025 07:21:12 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D2BF1358A05F4A3790CE72220A686325 Ref B: LON04EDGE0915 Ref C: 2024-06-17T07:21:12Z
      date: Mon, 17 Jun 2024 07:21:11 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=39AE3D977B916E01223629367A2A6F5A; _EDGE_S=SID=0A57A9190EB66CD22C04BDB80F356D0A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=SCz5LoyCPW3xEua2Vlw-pK6ojCKb04E6pF2Ay2OrO5o; domain=.bing.com; expires=Sat, 12-Jul-2025 07:21:12 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2FAC7407CA854A899BE9FC93C1CF9F6B Ref B: LON04EDGE0915 Ref C: 2024-06-17T07:21:12Z
      date: Mon, 17 Jun 2024 07:21:12 GMT
    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.90.14.23.in-addr.arpa
      IN PTR
      Response
      97.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-97deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670
      Remote address:
      23.62.61.89:443
      Request
      GET /aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=39AE3D977B916E01223629367A2A6F5A
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 17FC77F6D323475391C2342460D6ECED Ref B: AMS04EDGE2620 Ref C: 2024-06-17T07:21:12Z
      content-length: 0
      date: Mon, 17 Jun 2024 07:21:12 GMT
      set-cookie: _EDGE_S=SID=0A57A9190EB66CD22C04BDB80F356D0A; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=39AE3D977B916E01223629367A2A6F5A; path=/; httponly; expires=Sat, 12-Jul-2025 07:21:12 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.553d3e17.1718608872.e23671f
    • flag-us
      DNS
      45.19.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      45.19.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      89.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      89.61.62.23.in-addr.arpa
      IN PTR
      Response
      89.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-89deploystaticakamaitechnologiescom
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      tls, http2
      2.4kB
      9.0kB
      19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

      HTTP Response

      204
    • 23.62.61.89:443
      https://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670
      tls, http2
      1.4kB
      5.3kB
      15
      11

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670

      HTTP Response

      200
    • 13.85.23.86:443
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      134.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      97.90.14.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      97.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      45.19.74.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      45.19.74.20.in-addr.arpa

    • 8.8.8.8:53
      89.61.62.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      89.61.62.23.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.