Overview
overview
10Static
static
1083readytor...ad.dll
windows7-x64
183readytor...ad.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...os.dll
windows7-x64
183readytor...os.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...ex.dll
windows7-x64
183readytor...ex.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...om.dll
windows7-x64
183readytor...om.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...mf.dll
windows7-x64
183readytor...mf.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...dr.dll
windows7-x64
183readytor...dr.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...lx.dll
windows7-x64
183readytor...lx.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
183readytor...ho.dll
windows7-x64
183readytor...ho.dll
windows10-2004-x64
183readytor...64.dll
windows7-x64
183readytor...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
135s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
29-07-2024 21:45
Behavioral task
behavioral1
Sample
83readytorelease/loaders/expload.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
83readytorelease/loaders/expload.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral3
Sample
83readytorelease/loaders/expload64.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
83readytorelease/loaders/expload64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
83readytorelease/loaders/geos.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
83readytorelease/loaders/geos.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral7
Sample
83readytorelease/loaders/geos64.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
83readytorelease/loaders/geos64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
83readytorelease/loaders/hex.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
83readytorelease/loaders/hex.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
83readytorelease/loaders/hex64.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
83readytorelease/loaders/hex64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
83readytorelease/loaders/hpsom.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
83readytorelease/loaders/hpsom.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
83readytorelease/loaders/hpsom64.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
83readytorelease/loaders/hpsom64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
83readytorelease/loaders/intelomf.dll
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
83readytorelease/loaders/intelomf.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral19
Sample
83readytorelease/loaders/intelomf64.dll
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
83readytorelease/loaders/intelomf64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
83readytorelease/loaders/javaldr.dll
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
83readytorelease/loaders/javaldr.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
83readytorelease/loaders/javaldr64.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
83readytorelease/loaders/javaldr64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
83readytorelease/loaders/lx.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
83readytorelease/loaders/lx.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
83readytorelease/loaders/lx64.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
83readytorelease/loaders/lx64.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral29
Sample
83readytorelease/loaders/macho.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
83readytorelease/loaders/macho.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
83readytorelease/loaders/macho64.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
83readytorelease/loaders/macho64.dll
Resource
win10v2004-20240709-en
General
-
Target
83readytorelease/loaders/lx.dll
-
Size
36KB
-
MD5
ae4b7426ed66539f14399e55b5697aee
-
SHA1
b7396431d77b504d3679e4bd958f95416c447223
-
SHA256
f703abcc83c32705026f5f6e431c23f7838d7c16ca2ef62f751ee732beea5965
-
SHA512
7aa346cfb41bf05a2f59eb5cb4b07c9ebf6545c20a134c386409c77617ef9097ce742e7ff0edad2929f573f0fc619d19ca6fec6c8f1f6b18f09c12aa00fd36ce
-
SSDEEP
768:nuTXlGQK26qwKX3BZe/kymj8c9sPVgF6d06a4qacdr+jwaO7G:CXDl6j+e/kbjjOPVgFD945jz
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request68.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request192.142.123.92.in-addr.arpaIN PTRResponse192.142.123.92.in-addr.arpaIN PTRa92-123-142-192deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388043_1HMYXED637CKIBU88&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388043_1HMYXED637CKIBU88&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 665915
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C312F9E2B5B1436CAADB331B6F7108D4 Ref B: LON04EDGE0612 Ref C: 2024-07-29T21:54:40Z
date: Mon, 29 Jul 2024 21:54:39 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 682955
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 162B76C051FF45FDBFF44AFB43A8C2AA Ref B: LON04EDGE0612 Ref C: 2024-07-29T21:54:40Z
date: Mon, 29 Jul 2024 21:54:39 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388042_1APSAGRCSB9NM0S8N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388042_1APSAGRCSB9NM0S8N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 675736
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A64037EDD1046D9B853AD692E02E56D Ref B: LON04EDGE0612 Ref C: 2024-07-29T21:54:40Z
date: Mon, 29 Jul 2024 21:54:39 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 845518
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99E6CC2C0AFD4E75967F0317E2CB768B Ref B: LON04EDGE0612 Ref C: 2024-07-29T21:54:40Z
date: Mon, 29 Jul 2024 21:54:39 GMT
-
1.2kB 6.9kB 16 14
-
1.3kB 6.9kB 16 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2102.9kB 3.0MB 2200 2197
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388043_1HMYXED637CKIBU88&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388042_1APSAGRCSB9NM0S8N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.3kB 6.9kB 16 13
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
68.32.126.40.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
350 B 144 B 5 1
DNS Request
86.23.85.13.in-addr.arpa
DNS Request
86.23.85.13.in-addr.arpa
DNS Request
86.23.85.13.in-addr.arpa
DNS Request
86.23.85.13.in-addr.arpa
DNS Request
86.23.85.13.in-addr.arpa
-
216 B 146 B 3 1
DNS Request
15.164.165.52.in-addr.arpa
DNS Request
15.164.165.52.in-addr.arpa
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
192.142.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10