Overview
overview
1Static
static
1Entrust Ro...C1.crt
windows7-x64
1Entrust Ro...C1.crt
windows10-2004-x64
1Entrust Ro...G2.crt
windows7-x64
1Entrust Ro...G2.crt
windows10-2004-x64
1Entrust Ro...G4.crt
windows7-x64
1Entrust Ro...G4.crt
windows10-2004-x64
1Entrust Ro...ty.crt
windows7-x64
1Entrust Ro...ty.crt
windows10-2004-x64
1Entrust.ne...8).crt
windows7-x64
1Entrust.ne...8).crt
windows10-2004-x64
1GDCA Trust...OT.crt
windows7-x64
1GDCA Trust...OT.crt
windows10-2004-x64
1GLOBALTRUST 2020.crt
windows7-x64
1GLOBALTRUST 2020.crt
windows10-2004-x64
1GTS Root R1.crt
windows7-x64
1GTS Root R1.crt
windows10-2004-x64
1GTS Root R2.crt
windows7-x64
1GTS Root R2.crt
windows10-2004-x64
1GTS Root R3.crt
windows7-x64
1GTS Root R3.crt
windows10-2004-x64
1GTS Root R4.crt
windows7-x64
1GTS Root R4.crt
windows10-2004-x64
1GlobalSign...CA.crt
windows7-x64
1GlobalSign...CA.crt
windows10-2004-x64
1GlobalSign...46.crt
windows7-x64
1GlobalSign...46.crt
windows10-2004-x64
1GlobalSign...46.crt
windows7-x64
1GlobalSign...46.crt
windows10-2004-x64
1GlobalSign.crt
windows7-x64
1GlobalSign.crt
windows10-2004-x64
1Go Daddy C...ty.crt
windows7-x64
1Go Daddy C...ty.crt
windows10-2004-x64
1Resubmissions
17/06/2024, 07:23 UTC
240617-h73bbszepa 817/06/2024, 07:20 UTC
240617-h53t3stfmj 117/06/2024, 07:17 UTC
240617-h4dhsszdkg 817/06/2024, 06:22 UTC
240617-g49essyaqa 8Analysis
-
max time kernel
30s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 07:20 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Entrust Root Certification Authority - EC1.crt
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Entrust Root Certification Authority - EC1.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Entrust Root Certification Authority - G2.crt
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Entrust Root Certification Authority - G2.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Entrust Root Certification Authority - G4.crt
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Entrust Root Certification Authority - G4.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Entrust Root Certification Authority.crt
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Entrust Root Certification Authority.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Entrust.net Certification Authority (2048).crt
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Entrust.net Certification Authority (2048).crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
GDCA TrustAUTH R5 ROOT.crt
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
GDCA TrustAUTH R5 ROOT.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
GLOBALTRUST 2020.crt
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
GLOBALTRUST 2020.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
GTS Root R1.crt
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
GTS Root R1.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
GTS Root R2.crt
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
GTS Root R2.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
GTS Root R3.crt
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
GTS Root R3.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
GTS Root R4.crt
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
GTS Root R4.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
GlobalSign Root CA.crt
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
GlobalSign Root CA.crt
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
GlobalSign Root E46.crt
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
GlobalSign Root E46.crt
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
GlobalSign Root R46.crt
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
GlobalSign Root R46.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
GlobalSign.crt
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
GlobalSign.crt
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
Go Daddy Class 2 Certification Authority.crt
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
Go Daddy Class 2 Certification Authority.crt
Resource
win10v2004-20240611-en
General
-
Target
GTS Root R1.crt
-
Size
1KB
-
MD5
821aefd4d24af29fe23d970614707285
-
SHA1
e1c950e6ef22f84c5645728b922060d7d5a7a3e8
-
SHA256
2a575471e31340bc21581cbd2cf13e158463203ece94bcf9d3cc196bf09a5472
-
SHA512
09e0650545e751ed02aecaeebb041ff031d7533cdd31702d8ac012e5a487eda58936f7541a1d144f64f621b48e6996f37552a5052bd93a5f5507354a243d1eec
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=39AE3D977B916E01223629367A2A6F5A; domain=.bing.com; expires=Sat, 12-Jul-2025 07:21:12 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2BF1358A05F4A3790CE72220A686325 Ref B: LON04EDGE0915 Ref C: 2024-06-17T07:21:12Z
date: Mon, 17 Jun 2024 07:21:11 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=39AE3D977B916E01223629367A2A6F5A; _EDGE_S=SID=0A57A9190EB66CD22C04BDB80F356D0A
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=SCz5LoyCPW3xEua2Vlw-pK6ojCKb04E6pF2Ay2OrO5o; domain=.bing.com; expires=Sat, 12-Jul-2025 07:21:12 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FAC7407CA854A899BE9FC93C1CF9F6B Ref B: LON04EDGE0915 Ref C: 2024-06-17T07:21:12Z
date: Mon, 17 Jun 2024 07:21:12 GMT
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.90.14.23.in-addr.arpaIN PTRResponse97.90.14.23.in-addr.arpaIN PTRa23-14-90-97deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670Remote address:23.62.61.89:443RequestGET /aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=39AE3D977B916E01223629367A2A6F5A
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17FC77F6D323475391C2342460D6ECED Ref B: AMS04EDGE2620 Ref C: 2024-06-17T07:21:12Z
content-length: 0
date: Mon, 17 Jun 2024 07:21:12 GMT
set-cookie: _EDGE_S=SID=0A57A9190EB66CD22C04BDB80F356D0A; path=/; httponly; domain=bing.com
set-cookie: MUIDB=39AE3D977B916E01223629367A2A6F5A; path=/; httponly; expires=Sat, 12-Jul-2025 07:21:12 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.553d3e17.1718608872.e23671f
-
Remote address:8.8.8.8:53Request45.19.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request89.61.62.23.in-addr.arpaIN PTRResponse89.61.62.23.in-addr.arpaIN PTRa23-62-61-89deploystaticakamaitechnologiescom
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920tls, http22.4kB 9.0kB 19 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8aLeWhCCm6_Ek8VrVMsXu1TVUCUyy7d9olN6yFiqylPx5QH8QUeEEasuEu97pj1C4-qYR7QB3Cp_37NVp2QYfKt_rtzWq_qcIP497BGDb_9GaYASLe5Ooh4W9f0h8kioux3oLPTvJFgKxb4xjbooS27QHuUedNSB8zNytxK8ksWLamFuf%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3Da59f26307235100f15044058d48d7038&TIME=20240611T193520Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920HTTP Response
204 -
23.62.61.89:443https://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670tls, http21.4kB 5.3kB 15 11
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=6af0a378c6774f138fc167e923cf77a3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T193520Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670HTTP Response
200 -
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
97.90.14.23.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
45.19.74.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
89.61.62.23.in-addr.arpa
-