63c5c29439b07bc09e7d9a6a3b6f42c2417fdc88989dc174267b1c113a8f4555

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 02:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17a75def7ef3feaa684b3dc96d869f6f.exe
Size

922KB
MD5

17a75def7ef3feaa684b3dc96d869f6f
SHA1

801bee6bf062a0787e9bf1cad5f1f6a9e5e00935
SHA256

63c5c29439b07bc09e7d9a6a3b6f42c2417fdc88989dc174267b1c113a8f4555
SHA512

92eecfa74a91ee5709d732c1ff729c4ccdc940fd39fc87ae21899b341e597a9db5f18821f81711c9482b884fa6c44573014437e5e442217cb673a4e0c4b06da9
SSDEEP

24576:UICJkh0Xdtv7GAIUaUIDwEilGwzRZhCa7wB/yd:QJkOXdtNaUewE0GwzRB7w2

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1796 set thread context of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1896	dw20.exe
Token: SeBackupPrivilege	1896	dw20.exe
Token: SeBackupPrivilege	1896	dw20.exe
Token: SeBackupPrivilege	1896	dw20.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 1796 wrote to memory of 532	1796	17a75def7ef3feaa684b3dc96d869f6f.exe	82
PID 532 wrote to memory of 1896	532	vbc.exe	83
PID 532 wrote to memory of 1896	532	vbc.exe	83
PID 532 wrote to memory of 1896	532	vbc.exe	83

C:\Users\Admin\AppData\Local\Temp\17a75def7ef3feaa684b3dc96d869f6f.exe
"C:\Users\Admin\AppData\Local\Temp\17a75def7ef3feaa684b3dc96d869f6f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 776
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:1896

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=37CAD0F66C4E6FCA032BC45B6DAE6EB8; domain=.bing.com; expires=Thu, 24-Jul-2025 02:13:07 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 210A07F6011241AA8895D14818F7F94E Ref B: LON04EDGE1121 Ref C: 2024-06-29T02:13:07Z
date: Sat, 29 Jun 2024 02:13:07 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=37CAD0F66C4E6FCA032BC45B6DAE6EB8; _EDGE_S=SID=1678168640FA62810289022B41506338

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Tx-ueJckzJUSfgwXASwX1R-DSmc_waq3olBFntVJbrI; domain=.bing.com; expires=Thu, 24-Jul-2025 02:13:08 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F221D3600213475CB6107E3EF0DDB30E Ref B: LON04EDGE1121 Ref C: 2024-06-29T02:13:08Z
date: Sat, 29 Jun 2024 02:13:07 GMT
GET

https://www.bing.com/aes/c.gif?RG=d6c91105aaf24b3a8dfd1ae74953144d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221015Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

Remote address:

23.62.61.97:443

Request

GET /aes/c.gif?RG=d6c91105aaf24b3a8dfd1ae74953144d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221015Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=37CAD0F66C4E6FCA032BC45B6DAE6EB8

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99051DA0A6894B2BAAF8EDA690774061 Ref B: DUS30EDGE0705 Ref C: 2024-06-29T02:13:07Z
content-length: 0
date: Sat, 29 Jun 2024 02:13:07 GMT
set-cookie: _EDGE_S=SID=1678168640FA62810289022B41506338; path=/; httponly; domain=bing.com
set-cookie: MUIDB=37CAD0F66C4E6FCA032BC45B6DAE6EB8; path=/; httponly; expires=Thu, 24-Jul-2025 02:13:07 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1719627187.a670a13
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1C0F7123892E4243ADED34A9760857AB Ref B: LON04EDGE0907 Ref C: 2024-06-29T02:14:44Z
date: Sat, 29 Jun 2024 02:14:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 91163031E525481AA23F63F051345A20 Ref B: LON04EDGE0907 Ref C: 2024-06-29T02:14:44Z
date: Sat, 29 Jun 2024 02:14:43 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

tls, http2

2.5kB
9.1kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Bs7BwPu51HaEkKno6goztjVUCUzwp0kt-l_CUtMCgg5MSfGKcDoKSIsiNCnjvmvCC4Q9CAJX7KaJGkiLgdyPlLN918cvM1pKFQkKItUTibS3clMN91OqrYBXJby38RLFsk1Vkth9YllLAdcA7RIxnzl0Oicm0epLiAgnzPXLe0Q8G-Fc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D6055d261ec8c1944fcf7b40927a4c9c8&TIME=20240611T221015Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204
23.62.61.97:443

https://www.bing.com/aes/c.gif?RG=d6c91105aaf24b3a8dfd1ae74953144d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221015Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

tls, http2

1.5kB
5.4kB
17
15

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=d6c91105aaf24b3a8dfd1ae74953144d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221015Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

48.6kB
1.4MB
1018
1014

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/532-3-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/532-7-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/532-5-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/532-8-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/532-15-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/1796-0-0x0000000075172000-0x0000000075173000-memory.dmp

Filesize
4KB

Download
memory/1796-1-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/1796-2-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download
memory/1796-6-0x0000000075170000-0x0000000075721000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.