Overview
overview
10Static
static
3RC7.zip
windows7-x64
1RC7.zip
windows10-2004-x64
1RC7 (5) (1...s.json
windows7-x64
3RC7 (5) (1...s.json
windows10-2004-x64
3RC7 (5) (1)/First.exe
windows7-x64
1RC7 (5) (1)/First.exe
windows10-2004-x64
1RC7 (5) (1)/First.exe
windows7-x64
1RC7 (5) (1)/First.exe
windows10-2004-x64
10RC7 (5) (1)/First.pdb
windows7-x64
3RC7 (5) (1)/First.pdb
windows10-2004-x64
3RC7 (5) (1...g.json
windows7-x64
3RC7 (5) (1...g.json
windows10-2004-x64
3RC7 (5) (1...ME.txt
windows7-x64
1RC7 (5) (1...ME.txt
windows10-2004-x64
1RC7 (5) (1...ET.dll
windows7-x64
1RC7 (5) (1...ET.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-08-2024 23:51
Static task
static1
Behavioral task
behavioral1
Sample
RC7.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
RC7.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
RC7 (5) (1)/First.deps.json
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
RC7 (5) (1)/First.deps.json
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
RC7 (5) (1)/First.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
RC7 (5) (1)/First.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
RC7 (5) (1)/First.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
RC7 (5) (1)/First.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
RC7 (5) (1)/First.pdb
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
RC7 (5) (1)/First.pdb
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
RC7 (5) (1)/First.runtimeconfig.json
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
RC7 (5) (1)/First.runtimeconfig.json
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
RC7 (5) (1)/READ ME.txt
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
RC7 (5) (1)/READ ME.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
RC7 (5) (1)/ScintillaNET.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
RC7 (5) (1)/ScintillaNET.dll
Resource
win10v2004-20240802-en
General
-
Target
RC7 (5) (1)/First.exe
-
Size
7KB
-
MD5
64fb3c0c1269bdb3119d0aeca9783c69
-
SHA1
39903892a687e03aebfd1de9c407e724bf5024fb
-
SHA256
77ea5129b0e8145f00c040a5a7db84b37d6b736f488e866545ae072ad9ca221a
-
SHA512
22565870393c6353591bd2eabc9748e269704277bdb1df7faaa99564ed78988a455df4a515de8231cbfa6655ea3eeabd137fa2fa0b162132d6e08fb329e5381b
-
SSDEEP
96:rddBmJWilc/5eFLxHolIOCcmMdPpkwWNFRR1X+W6FnCSHN/CNVWzwkSTozNt:pyJpieF9Ho0cm69TCekpq
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3A66D6B619E965F53C30C2671809645E; domain=.bing.com; expires=Fri, 29-Aug-2025 23:51:50 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7DF202EBC01643FA9B7241E66A7BEC69 Ref B: LON04EDGE1114 Ref C: 2024-08-04T23:51:50Z
date: Sun, 04 Aug 2024 23:51:49 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3A66D6B619E965F53C30C2671809645E
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=kAKqp2IczYu9La-vK5a0wh5z0K1sBHLzUXI6mKWy28s; domain=.bing.com; expires=Fri, 29-Aug-2025 23:51:50 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2061E075EF44AEA85A22C7980E9060D Ref B: LON04EDGE1114 Ref C: 2024-08-04T23:51:50Z
date: Sun, 04 Aug 2024 23:51:49 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3A66D6B619E965F53C30C2671809645E; MSPTC=kAKqp2IczYu9La-vK5a0wh5z0K1sBHLzUXI6mKWy28s
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2018DF36FCCD4B489FA5F3F6589DE198 Ref B: LON04EDGE1114 Ref C: 2024-08-04T23:51:50Z
date: Sun, 04 Aug 2024 23:51:49 GMT
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=04ad110f2586488cb82b4d4ba1fffcc7&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
219 B 143 B 3 1
DNS Request
237.197.79.204.in-addr.arpa
DNS Request
237.197.79.204.in-addr.arpa
DNS Request
237.197.79.204.in-addr.arpa
-
288 B 158 B 4 1
DNS Request
73.159.190.20.in-addr.arpa
DNS Request
73.159.190.20.in-addr.arpa
DNS Request
73.159.190.20.in-addr.arpa
DNS Request
73.159.190.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa