943dca3d7e1706c3591075832729b9709f49a44070ca9f3baf23fd36766d09d3

Analysis

max time kernel
113s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 17:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

To.The.Core/ToTheCore/ToTheCore_Data/Managed/System.IO.Compression.FileSystem.dll
Size

22KB
MD5

f9a07c1ef58c863f89e74f11a3b21447
SHA1

b80979949b817d26afe0a8a8b0358f704ece82b2
SHA256

221abe4eea00347c51ac7409b47ba7b08ccfdaae8e36e706a8ee0d4de6ceb87a
SHA512

280f846d9d769a3244a6689c72758024639d867bb5f272ed54577ffb3a6f6bd29fc22ac9dff0010f04524c352b76cc7703325c11cdcb63aed5412d96881d091f
SSDEEP

384:6930DrKcLQhPZcNgndNzytVTl0qRbli3ESmMadMMtDBEb/gYFf0B7a:60D1Lhs6ve6

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\To.The.Core\ToTheCore\ToTheCore_Data\Managed\System.IO.Compression.FileSystem.dll,#1
1⤵
PID:2644

Network

DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

45.19.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.19.74.20.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1E3FE59581946D48217DF15A80746CAF; domain=.bing.com; expires=Wed, 27-Aug-2025 17:55:39 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3FD4FB30BA749A7A8954232D0C397C9 Ref B: LON04EDGE1014 Ref C: 2024-08-02T17:55:39Z
date: Fri, 02 Aug 2024 17:55:38 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1E3FE59581946D48217DF15A80746CAF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=F3aDauAWrs_kDU3goF1ueJcaZBDaHNg1L-7oixRSito; domain=.bing.com; expires=Wed, 27-Aug-2025 17:55:39 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 04A1699B1B764C4D8D31C31CD3206E62 Ref B: LON04EDGE1014 Ref C: 2024-08-02T17:55:39Z
date: Fri, 02 Aug 2024 17:55:38 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1E3FE59581946D48217DF15A80746CAF; MSPTC=F3aDauAWrs_kDU3goF1ueJcaZBDaHNg1L-7oixRSito

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DE07235D55B4BABA4800532E7582812 Ref B: LON04EDGE1014 Ref C: 2024-08-02T17:55:39Z
date: Fri, 02 Aug 2024 17:55:38 GMT
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

26.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.173.189.20.in-addr.arpa

IN PTR

Response

204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

tls, http2

2.1kB
9.3kB
23
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.32.126.40.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

45.19.74.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

45.19.74.20.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

112 B
151 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

26.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

26.173.189.20.in-addr.arpa

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.