Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10/08/2024, 09:39 UTC
Static task
static1
Behavioral task
behavioral1
Sample
859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe
-
Size
109KB
-
MD5
859c3f171bcb3ed7d10007ec71f98082
-
SHA1
b02a91d37762e485e02284ad13040522ea41471c
-
SHA256
295f9b09881e8d978bc84aaebb18daa0a79f047d013921e9119d361fe4b5443d
-
SHA512
9bff308eb1ad3e01d4d95bda21f8018398ccafd9d6f6c1d9b209f77a0598f84b2245870184dac8a2278c34f97af38c9d8e36506ae552b29baecc6a84a7e34391
-
SSDEEP
3072:08jQ/bYnmYQus2HoUqrdT1x/QaiAjnLq845OKzNm:0IQ/b4nqbdB9Xnt45VRm
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run sgcxcxxaspf080521.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\nyuserinit = "C:\\Windows\\system32\\inf\\svchosts.exe C:\\Windows\\system32\\lwfdfia16_080521.dll tanlt88" sgcxcxxaspf080521.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation svchosts.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation sgcxcxxaspf080521.exe -
Deletes itself 1 IoCs
pid Process 3604 svchosts.exe -
Executes dropped EXE 2 IoCs
pid Process 3604 svchosts.exe 4468 sgcxcxxaspf080521.exe -
Loads dropped DLL 1 IoCs
pid Process 3604 svchosts.exe -
Drops file in System32 directory 7 IoCs
description ioc Process File created C:\Windows\SysWOW64\lwfdfia16_080521.dll 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File created C:\Windows\SysWOW64\mdccasys32_080521.dll sgcxcxxaspf080521.exe File created C:\Windows\SysWOW64\inf\svchosts.exe 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\inf\svchosts.exe 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File created C:\Windows\SysWOW64\inf\sppdcrs080521.scr 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File created C:\Windows\SysWOW64\mdccasys32_080521.dll 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File created C:\Windows\SysWOW64\inf\scsys16_080521.dll 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\pwisys.ini 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File created C:\Windows\system\sgcxcxxaspf080521.exe 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe File opened for modification C:\Windows\pwisys.ini svchosts.exe File opened for modification C:\Windows\pwisys.ini sgcxcxxaspf080521.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sgcxcxxaspf080521.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430047784" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Check_Associations = "no" sgcxcxxaspf080521.exe Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1563188665" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31124233" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1563188665" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31124233" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{88D5E3B3-56FC-11EF-939B-EEE1DD5A0987} = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31124233" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1566001151" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe 4468 sgcxcxxaspf080521.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeDebugPrivilege 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe Token: SeDebugPrivilege 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe Token: SeDebugPrivilege 4468 sgcxcxxaspf080521.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4060 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4060 IEXPLORE.EXE 4060 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE 632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 2416 wrote to memory of 3604 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 92 PID 2416 wrote to memory of 3604 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 92 PID 2416 wrote to memory of 3604 2416 859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe 92 PID 3604 wrote to memory of 2132 3604 svchosts.exe 94 PID 3604 wrote to memory of 2132 3604 svchosts.exe 94 PID 3604 wrote to memory of 2132 3604 svchosts.exe 94 PID 2132 wrote to memory of 4468 2132 cmd.exe 96 PID 2132 wrote to memory of 4468 2132 cmd.exe 96 PID 2132 wrote to memory of 4468 2132 cmd.exe 96 PID 4468 wrote to memory of 4060 4468 sgcxcxxaspf080521.exe 99 PID 4468 wrote to memory of 4060 4468 sgcxcxxaspf080521.exe 99 PID 4060 wrote to memory of 632 4060 IEXPLORE.EXE 100 PID 4060 wrote to memory of 632 4060 IEXPLORE.EXE 100 PID 4060 wrote to memory of 632 4060 IEXPLORE.EXE 100 PID 4468 wrote to memory of 4060 4468 sgcxcxxaspf080521.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\859c3f171bcb3ed7d10007ec71f98082_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\inf\svchosts.exe"C:\Windows\system32\inf\svchosts.exe" C:\Windows\system32\lwfdfia16_080521.dll tanlt882⤵
- Checks computer location settings
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c "c:\mylstecj.bat"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Windows\system\sgcxcxxaspf080521.exe"C:\Windows\system\sgcxcxxaspf080521.exe" i4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4060 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4060 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:632
-
-
-
-
-
Network
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestapi.bing.comIN AResponseapi.bing.comIN CNAMEapi-bing-com.e-0001.e-msedge.netapi-bing-com.e-0001.e-msedge.netIN CNAMEe-0001.e-msedge.nete-0001.e-msedge.netIN A13.107.5.80
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request192.142.123.92.in-addr.arpaIN PTRResponse192.142.123.92.in-addr.arpaIN PTRa92-123-142-192deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request161.19.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 405350
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 710D0AC127F84935AA7970FF7E7268C3 Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 719294
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A37E2C4C21714D48BC3FD5B9EA255F6C Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 561868
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0ACC5BCB57044E8FA86B5C8E5309F8F2 Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 830618
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6D43084B9B8441BE98A8B7397901D81C Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300927_1MHQY2TQNUIH7ZQRL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317300927_1MHQY2TQNUIH7ZQRL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 712307
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 549E42CAEEF84859A6575D7C97835147 Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301360_1Q2LDLW388L48JF4Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301360_1Q2LDLW388L48JF4Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 718774
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 89266A52C4634B6E9F044B62E853FF42 Ref B: LON04EDGE0817 Ref C: 2024-08-10T09:41:20Z
date: Sat, 10 Aug 2024 09:41:19 GMT
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.27.171.150.in-addr.arpaIN PTRResponse
-
1.2kB 8.6kB 16 14
-
1.3kB 7.2kB 16 12
-
1.3kB 7.2kB 16 12
-
1.3kB 7.2kB 16 11
-
1.3kB 7.2kB 16 12
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301360_1Q2LDLW388L48JF4Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2144.1kB 4.1MB 2968 2962
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300927_1MHQY2TQNUIH7ZQRL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301360_1Q2LDLW388L48JF4Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
74.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
144 B 146 B 2 1
DNS Request
157.123.68.40.in-addr.arpa
DNS Request
157.123.68.40.in-addr.arpa
-
58 B 134 B 1 1
DNS Request
api.bing.com
DNS Response
13.107.5.80
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
192.142.123.92.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
161.19.199.152.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
10.27.171.150.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
60KB
MD5889b99c52a60dd49227c5e485a016679
SHA18fa889e456aa646a4d0a4349977430ce5fa5e2d7
SHA2566cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910
SHA51208933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641
-
Filesize
30KB
MD5545b50208a7058cbf817f692abf5e7ee
SHA1e1cf5613dee8bb51102a0c0da99bf515db2c96ff
SHA256329ae4cdebde953f989ebb0a7a815e9eeaf0f5b780cfaa6f4f37aeb8ae7194fe
SHA512c17cc9d3d69b43fd9cba1465eecc637eba4dd2396cee488be26adb35d93d5926358bc782db75aef1d262094181a9a863f9cc1025a3a7b3c161b76fe3d41149a4
-
Filesize
218KB
MD5b64ce329b1243662ee34c2b15ee00aff
SHA1a7b4fc826fb785ca8c1be74f665a7204c848b300
SHA25617353a78a579784ad3194e3d19ca10ad8cbbb2f39bc7651f5f3e264932694a31
SHA512ccaa27d3db61a8976f43439891afb27695982752cc1bccf5173300584e45a785191f9d991c26e2570acfe08550cc45168301200bc5a76803aad7847e2d8ce8b1
-
Filesize
109KB
MD5859c3f171bcb3ed7d10007ec71f98082
SHA1b02a91d37762e485e02284ad13040522ea41471c
SHA256295f9b09881e8d978bc84aaebb18daa0a79f047d013921e9119d361fe4b5443d
SHA5129bff308eb1ad3e01d4d95bda21f8018398ccafd9d6f6c1d9b209f77a0598f84b2245870184dac8a2278c34f97af38c9d8e36506ae552b29baecc6a84a7e34391
-
Filesize
46B
MD502a44daab973d76f4d098b09bb769341
SHA1f08c38e8f4204154b5e0abd563e52eb8ac18daba
SHA2567c0b825425cd7bf72504488463b492b9c8531ea796988fcf7f7f5868a2293f73
SHA5121320a0f8fbd6ee431a636d932994d53a6253ce9ba8847d0efd7c99f3e2817d2f5edba39cdd6a5fcf7e94938ad0933a2b3eb951a24836efec01fb8a4dc5558d90
-
Filesize
462B
MD5e4a597ac6a528195d251d510df8bf71a
SHA176a5b62d6b91e31d813cd62d2119430f3fbe55a0
SHA25637dac674fe56c07abad128bc012f3c3376e530b851a00ff482188d6ca5ff474a
SHA5122f5ae4438c38186f3abb996325cae79c3abe7208807a8308f716213f73d1c0c70746db623d2c644e9535759f1c5519fb26279700722f6e2b35bf0163f5eaba87
-
Filesize
378B
MD5abbaa9a765414a0fdc24dbe9ce532f40
SHA1bfe805d6ddf84697841ec4755c82c7e9e93f3d24
SHA2562ef297d5f1d5fc24ab4a4bddedf70e40392a0482f36655599aeabb2a1c142b1c
SHA51211f82c93d9a40bff0567dbda7abce71c9d691c27e9fcb754b1389ee97a73915bf364e2948038e2bfe0cab5a3881837ba336ecfdec6399027f852edc20f04c6b1
-
Filesize
406B
MD53bde21d9225f08f610849475259a2ad0
SHA1c5924b016d75c7e55dc9162a7a067268e80be0ab
SHA2564838d22a50bc7f72121943a280852048e50d04e7e6af7d1a23586125a4d02860
SHA51257a1defff7079ed624619e48fe8a3c2564e6d8a99eff0f965c05f246cbd957266a3725ee851b4a360dc6761aca499bd376126c7c649db4cf2c7e4b9b46c11988
-
Filesize
412B
MD533f58ad13eb73a2db5f5742c1abdec6f
SHA195d0b31201ca35e38cac6d72ca948ff570849c42
SHA256508da3348f05bcc4023b176828f985553a36411b9b722fbc1fa53b70ce3c78d1
SHA51241d408242301fa7dfa011bbd2c49dadb83cddc690658bad68bb3a1d1c247891ffc73362536628a49e384be9a3303c99956c51acb23af3981af28aaa531e80e12
-
Filesize
445B
MD531455763d54417b06d02539065e0bd4b
SHA1575d9e0ec77264f5d38d5d2b1aa268b4bf75cd60
SHA256c355f3d72c07223261bdb91f4e4b6231ee02ea253909c60320cf42e95a40af92
SHA512e2f85bc5a4d21bd215703ef64bc93243f351dfbe554a0db1140d96d79ac9ea93c03a1d3dbb858a4e5c5b4c6e428fcbf6b558f8ed8eff75638de7899c3d522394
-
Filesize
472B
MD5ba68736bb091dfa427efa5dd6185087d
SHA157ab795d4cc4997dbbda06d19e9425b57b1c16e4
SHA25605501ed09119326c1f79664d8d19bea3f796945b55426a864af3d55b8940ee2d
SHA512ceecf9600f260b02394e04b54f9f4e42dc718bcf300a22c2a7dcb9d1c6b18191cfbc5d512bde67e05cf5dea4ac5c3d4501649bfaba892002a904354376fbce08
-
Filesize
53B
MD5a030a092e0004463d8277d9a7f5aa38a
SHA1544bd23833a144c2bb965b494253aedf2a78f27c
SHA25609973710a0dbef6e906db4dfa88b531ff2abe02a3af84b37adfb9e0c387a52e9
SHA512c3306df79ab7820046a9144e7949fb6a5da56f1ca900f89fd1f6ab8f477b24b8364ed01f98f75ea0c14de35a380314aeb9f840b5e4eef77cf6c48a223a31bb47