Overview

overview

3

Static

static

3

6d567fdd00...0f.exe

windows7-x64

1

6d567fdd00...0f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 00:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d567fdd0047b41231557aa2779745aa6b12931b825b18620843def923e3750f.exe

  • Size

    303KB

  • MD5

    63162d60972fec9cd7aac95e3237b458

  • SHA1

    8035a063183d6aea8cc63f942140f210984ddf71

  • SHA256

    6d567fdd0047b41231557aa2779745aa6b12931b825b18620843def923e3750f

  • SHA512

    6e68332d9f7caad638b81b947bd8a7486588a28fecc8dbeb0676267818a7b0cf8a7dde6fa32e42acbe5ce8b8260560d70264ef5cb078e4744039c5793b3d4eee

  • SSDEEP

    6144:INJlQ2+wT+/forTSczTXptjlOEX2+wT+/forTSczTXptjloYt:Ib26+/k3Tnjlfx6+/k3Tnjlo

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d567fdd0047b41231557aa2779745aa6b12931b825b18620843def923e3750f.exe
    "C:\Users\Admin\AppData\Local\Temp\6d567fdd0047b41231557aa2779745aa6b12931b825b18620843def923e3750f.exe"
    1⤵
      PID:2420

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0884EB2559FF613B11B9FF9258D860E1; domain=.bing.com; expires=Sun, 03-Aug-2025 00:10:51 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F81354D8C6C1427CAA1841C76DEF4EB7 Ref B: LON04EDGE0616 Ref C: 2024-07-09T00:10:51Z
      date: Tue, 09 Jul 2024 00:10:51 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0884EB2559FF613B11B9FF9258D860E1
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=8cpaung7ZnFvofLNNqxuairxBEnMFf9YSzlVgYva2Ic; domain=.bing.com; expires=Sun, 03-Aug-2025 00:10:51 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9EB457FC12F94E57B63F472E4184F126 Ref B: LON04EDGE0616 Ref C: 2024-07-09T00:10:51Z
      date: Tue, 09 Jul 2024 00:10:51 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0884EB2559FF613B11B9FF9258D860E1; MSPTC=8cpaung7ZnFvofLNNqxuairxBEnMFf9YSzlVgYva2Ic
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E8CB5DF3298D43F6813E1413A4F6B393 Ref B: LON04EDGE0616 Ref C: 2024-07-09T00:10:51Z
      date: Tue, 09 Jul 2024 00:10:51 GMT
    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.143.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.143.123.92.in-addr.arpa
      IN PTR
      Response
      240.143.123.92.in-addr.arpa
      IN PTR
      a92-123-143-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      tls, http2
      2.0kB
       9.3kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=29083a42cc37406d8c6e3aa46444c104&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      2.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      240.143.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      240.143.123.92.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      288 B
       158 B
       4
      1

      DNS Request

      171.39.242.20.in-addr.arpa

      DNS Request

      171.39.242.20.in-addr.arpa

      DNS Request

      171.39.242.20.in-addr.arpa

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2420-0-0x000000007469E000-0x000000007469F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2420-1-0x0000000000F40000-0x0000000000F94000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2420-2-0x00000000057D0000-0x000000000586C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2420-3-0x0000000005E40000-0x00000000063E4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2420-4-0x0000000005930000-0x00000000059C2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2420-5-0x00000000058E0000-0x00000000058EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2420-6-0x0000000005B80000-0x0000000005BD6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2420-7-0x0000000074690000-0x0000000074E40000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2420-8-0x0000000074690000-0x0000000074E40000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2420-9-0x000000007469E000-0x000000007469F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2420-10-0x0000000074690000-0x0000000074E40000-memory.dmp

      Filesize

      7.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.