Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 14:20 UTC
Behavioral task
behavioral1
Sample
fix.exe
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
fix.exe
Resource
win10v2004-20240709-en
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
gwz3-11.exe
Resource
win7-20240708-en
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
gwz3-11.exe
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
gwz3-11.exe
-
Size
16KB
-
MD5
da8f037081129f8a7f8fb9669db40473
-
SHA1
bbb5ef3df76851d47889dbd38d1a7e58586224b8
-
SHA256
23027c3adebf2f1b037138dc858e601bbac5822bbf3ecdbc32a139806c6b783c
-
SHA512
084071c50dfd3357e3f07b433dd7f92b2e19d764fe42d664fb03d2c527d4eb300edf54362220563ce7f09fc9e93eef3c3d773db933de8ae9d35d554042079e55
-
SSDEEP
384:zFVaThvt9/fcm2RKJX9FNkXn3fAxfr6+e9Pfqbn1u5:zF4Thv3SyX9FNkXn3YxOha5u
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1180 gwz3-11.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=03C66B8991F26CE32C467F3190356D30; domain=.bing.com; expires=Mon, 04-Aug-2025 14:20:26 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D10048023264669B01DD52B49A29D5A Ref B: AMS04EDGE2122 Ref C: 2024-07-10T14:20:26Z
date: Wed, 10 Jul 2024 14:20:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=03C66B8991F26CE32C467F3190356D30
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Ef1Af8igrVzoWwC8ug3NSBRQndnfM7rerKaT-buM-OM; domain=.bing.com; expires=Mon, 04-Aug-2025 14:20:27 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B89415D21694279AE1642EC7268E9DB Ref B: AMS04EDGE2122 Ref C: 2024-07-10T14:20:26Z
date: Wed, 10 Jul 2024 14:20:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=03C66B8991F26CE32C467F3190356D30; MSPTC=Ef1Af8igrVzoWwC8ug3NSBRQndnfM7rerKaT-buM-OM
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F28735D7C52F4A54856ED2FC8CAC9310 Ref B: AMS04EDGE2122 Ref C: 2024-07-10T14:20:27Z
date: Wed, 10 Jul 2024 14:20:27 GMT
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c87bf14bad4b4f51a8f948d118910b1d&localId=w:02CFF369-7177-605D-73C2-BA4DB418EA60&deviceId=6896204246996124&anid=HTTP Response
204
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
73.31.126.40.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-