Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2024, 06:39 UTC
Static task
static1
Behavioral task
behavioral1
Sample
1C24TVT_00005055.pdf.jar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
1C24TVT_00005055.pdf.jar
Resource
win10v2004-20240709-en
General
-
Target
1C24TVT_00005055.pdf.jar
-
Size
400KB
-
MD5
0b6fbf92570074872a27c7c770e0df63
-
SHA1
8e59ba98c196cd3c490ceffbadb3bacf5380d3fe
-
SHA256
3546d4fa8249cfe559f61262d4914a3808ac7d9239d97ac91d57ef86c858b937
-
SHA512
bae3b3ceef3d16386ef829d206cd94dd7c2e690d078720bbb5f1c57809569b2f6dd953764c1b8219558bfe7ae5df763fc4ccf7c789d90f562af545c03838f38f
-
SSDEEP
12288:ujJmHTO5wfXjD5cnv7n3J3ijc3tP9iNSj:utiTO5OiL5fP9Q+
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4804 java.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1C24TVT_00005055.pdf = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\1C24TVT_00005055.pdf.jar\"" java.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1C24TVT_00005055.pdf = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\1C24TVT_00005055.pdf.jar\"" java.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4712 schtasks.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2196 wrote to memory of 4940 2196 java.exe 92 PID 2196 wrote to memory of 4940 2196 java.exe 92 PID 4940 wrote to memory of 5100 4940 java.exe 94 PID 4940 wrote to memory of 5100 4940 java.exe 94 PID 4940 wrote to memory of 4804 4940 java.exe 95 PID 4940 wrote to memory of 4804 4940 java.exe 95 PID 5100 wrote to memory of 4712 5100 cmd.exe 98 PID 5100 wrote to memory of 4712 5100 cmd.exe 98 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\1C24TVT_00005055.pdf.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files\Java\jre-1.8\bin\java.exe"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\1C24TVT_00005055.pdf.jar"2⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4940 -
C:\Windows\SYSTEM32\cmd.execmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"3⤵
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Windows\system32\schtasks.exeschtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"4⤵
- Scheduled Task/Job: Scheduled Task
PID:4712
-
-
-
C:\Program Files\Java\jre-1.8\bin\java.exe"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"3⤵
- Loads dropped DLL
PID:4804
-
-
Network
-
Remote address:8.8.8.8:53Request217.106.137.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
Remote address:8.8.8.8:53Requestgithub.comIN AResponsegithub.comIN A20.26.156.215
-
Remote address:8.8.8.8:53Requestrepo1.maven.orgIN AResponserepo1.maven.orgIN CNAMEdualstack.sonatype.map.fastly.netdualstack.sonatype.map.fastly.netIN A199.232.192.209dualstack.sonatype.map.fastly.netIN A199.232.196.209
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2860685A7CC86825264A7C9F7DEF6970; domain=.bing.com; expires=Sun, 17-Aug-2025 06:39:34 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25E9BDF1DFBA4421A85B4261777B5C9D Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
date: Tue, 23 Jul 2024 06:39:34 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2860685A7CC86825264A7C9F7DEF6970
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ILdroKaG72LaM8vGVP0BvouoNiIeufyW5U3lYbxW35g; domain=.bing.com; expires=Sun, 17-Aug-2025 06:39:34 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E7997E87BDF84A62BC9D4FB140110B70 Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
date: Tue, 23 Jul 2024 06:39:34 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2860685A7CC86825264A7C9F7DEF6970; MSPTC=ILdroKaG72LaM8vGVP0BvouoNiIeufyW5U3lYbxW35g
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D7CA59278B14CA79B83C84BD488FDD8 Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
date: Tue, 23 Jul 2024 06:39:34 GMT
-
Remote address:8.8.8.8:53Requestobjects.githubusercontent.comIN AResponseobjects.githubusercontent.comIN A185.199.110.133objects.githubusercontent.comIN A185.199.109.133objects.githubusercontent.comIN A185.199.111.133objects.githubusercontent.comIN A185.199.108.133
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request209.192.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request215.156.26.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.110.199.185.in-addr.arpaIN PTRResponse133.110.199.185.in-addr.arpaIN PTRcdn-185-199-110-133githubcom
-
Remote address:8.8.8.8:53Request21.ip.gl.ply.ggIN AResponse21.ip.gl.ply.ggIN A147.185.221.21
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request192.142.123.92.in-addr.arpaIN PTRResponse192.142.123.92.in-addr.arpaIN PTRa92-123-142-192deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN A
-
Remote address:8.8.8.8:53Request138.201.86.20.in-addr.arpaIN PTRResponse
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 706510
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 70ABCD52CED547A19AB6CD72C45E5001 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
date: Tue, 23 Jul 2024 06:40:08 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 432445
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92B1378DFE414917B92009FD40D1BC76 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
date: Tue, 23 Jul 2024 06:40:08 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 645633
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 436564E77FAD4B228824AEAC42B09041 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
date: Tue, 23 Jul 2024 06:40:08 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 574268
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F2230D665214B12ADF62EBE43DC06FE Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
date: Tue, 23 Jul 2024 06:40:08 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 679925
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 57723D0B0FB44902AFD3E9637588681E Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
date: Tue, 23 Jul 2024 06:40:08 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 797704
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC2579CC9C8840B88F217D546EE8E320 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:10Z
date: Tue, 23 Jul 2024 06:40:09 GMT
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204 -
29.9kB 1.6MB 622 1124
-
50.7kB 2.8MB 1055 1991
-
77.9kB 4.5MB 1664 3203
-
1.4kB 8.2kB 16 15
-
15.1kB 822.0kB 303 598
-
260 B 5
-
260 B 5
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2139.3kB 4.0MB 2892 2887
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
73 B 147 B 1 1
DNS Request
217.106.137.52.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
56 B 72 B 1 1
DNS Request
github.com
DNS Response
20.26.156.215
-
61 B 140 B 1 1
DNS Request
repo1.maven.org
DNS Response
199.232.192.209199.232.196.209
-
75 B 139 B 1 1
DNS Request
objects.githubusercontent.com
DNS Response
185.199.110.133185.199.109.133185.199.111.133185.199.108.133
-
72 B 158 B 1 1
DNS Request
75.159.190.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
209.192.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
215.156.26.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
74 B 118 B 1 1
DNS Request
133.110.199.185.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
21.ip.gl.ply.gg
DNS Response
147.185.221.21
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
192.142.123.92.in-addr.arpa
-
124 B 170 B 2 1
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
72 B 158 B 1 1
DNS Request
138.201.86.20.in-addr.arpa
-
140 B 133 B 2 1
DNS Request
73.144.22.2.in-addr.arpa
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5a113adc5713700d36befc14670b1969d
SHA1211f18d976ae217a9536b807155f8e75d99058db
SHA2567be184d46bf2471bc384cd1337fd9647311eda1d2089a7861795c40fa976e9db
SHA51291e6600085f151ef839401fc7b23ee23a3318054d03af9cfb292ce82615532c7b62e721a8dfe9b86f17303be5740c881278b63fd800f91e7c6210187d4fdb484
-
Filesize
400KB
MD50b6fbf92570074872a27c7c770e0df63
SHA18e59ba98c196cd3c490ceffbadb3bacf5380d3fe
SHA2563546d4fa8249cfe559f61262d4914a3808ac7d9239d97ac91d57ef86c858b937
SHA512bae3b3ceef3d16386ef829d206cd94dd7c2e690d078720bbb5f1c57809569b2f6dd953764c1b8219558bfe7ae5df763fc4ccf7c789d90f562af545c03838f38f
-
Filesize
241KB
MD5e02979ecd43bcc9061eb2b494ab5af50
SHA13122ac0e751660f646c73b10c4f79685aa65c545
SHA256a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
SHA5121e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2636447293-1148739154-93880854-1000\83aa4cc77f591dfc2374580bbd95f6ba_1d0c136d-d77c-4455-9382-3336e2df950b
Filesize45B
MD5c8366ae350e7019aefc9d1e6e6a498c6
SHA15731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA25611e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA51233c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd
-
Filesize
1.4MB
MD5acfb5b5fd9ee10bf69497792fd469f85
SHA10e0845217c4907822403912ad6828d8e0b256208
SHA256b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e
SHA512e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa
-
Filesize
2.6MB
MD52f4a99c2758e72ee2b59a73586a2322f
SHA1af38e7c4d0fc73c23ecd785443705bfdee5b90bf
SHA25624d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5
SHA512b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494
-
Filesize
4.1MB
MD5b33387e15ab150a7bf560abdc73c3bec
SHA166b8075784131f578ef893fd7674273f709b9a4c
SHA2562eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491
SHA51225cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279
-
Filesize
772KB
MD5e1aa38a1e78a76a6de73efae136cdb3a
SHA1c463da71871f780b2e2e5dba115d43953b537daf
SHA2562ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609
SHA512fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d