adcea239a9f7ee8376f2efb5da251334cabd9696cf2ade0dad7180e94cd95966

Analysis

max time kernel
15s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 22:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WarpFN.exe
Size

144KB
MD5

72e284ce914d1e8adf1132a89e8909a0
SHA1

99e29b7f9a74efa0ae2047316b5743eec63227f3
SHA256

5ed266924fafd42cef6fcaee5dc485ea8946eab9b44b69355b99f6c36b3cd702
SHA512

fbef6e5218512760a3731a1bac14abc630a2886ad59c342291eadc3e516097099aefa2fc597d958ee990c5f5dae2985fd0c156429f4a8cbffb8f0e1adf71c234
SSDEEP

3072:/8vbzyQ6Y1YXrbNK+3FNxacPEMk6/RQAMTW1:/szAXNK+3FV7RQTTW

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\WarpFN.exe
"C:\Users\Admin\AppData\Local\Temp\WarpFN.exe"
1⤵
PID:2304

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0CCF091F817D61572D661DC1805A60C9; domain=.bing.com; expires=Thu, 11-Sep-2025 22:44:37 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AA1D69F0EF624B80A5363C9FB4A6FD41 Ref B: LON04EDGE0717 Ref C: 2024-08-17T22:44:37Z
date: Sat, 17 Aug 2024 22:44:37 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CCF091F817D61572D661DC1805A60C9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ezU1S6gnI5prVnn7_UE1m5vK08dDuBMlbYG4-dCkBx4; domain=.bing.com; expires=Thu, 11-Sep-2025 22:44:37 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71DED227430940D1B4A38041C5ABC71D Ref B: LON04EDGE0717 Ref C: 2024-08-17T22:44:37Z
date: Sat, 17 Aug 2024 22:44:37 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CCF091F817D61572D661DC1805A60C9; MSPTC=ezU1S6gnI5prVnn7_UE1m5vK08dDuBMlbYG4-dCkBx4

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2523F0F6C334486EBEE83C85B1658F72 Ref B: LON04EDGE0717 Ref C: 2024-08-17T22:44:37Z
date: Sat, 17 Aug 2024 22:44:37 GMT
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

tls, http2

2.1kB
10.7kB
23
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=26faf70a86d04378987a0450261d5507&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204
204.79.197.203:443
192.229.221.95:80

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x00007FFABC9DB000-0x00007FFABC9DC000-memory.dmp

Filesize
4KB

Download
memory/2304-1-0x00007FFABC9DB000-0x00007FFABC9DC000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.