Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 07:24 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe
-
Size
46KB
-
MD5
ee58813ca9c801daa9bcd6012a896ee5
-
SHA1
226af3224e36f03c0955c922a51c771098701072
-
SHA256
ddd4a964e4425ded0eabdd9d802a24dbc12ae267a98fcf4c239dbd2da29aa41f
-
SHA512
456c7b120936a1732cee6ba16c3bca0535bb3940d140cb681f6323b7eda7d85d386abc2f62bd072f07578eb5e4449fa2673a607bd2cacfbee9296e8578ff730a
-
SSDEEP
384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jb0nrlwfjDUknqs+/:bm74zYcgT/EkM0ryfjdnqsM
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation 2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe -
Executes dropped EXE 1 IoCs
pid Process 2580 hasfj.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hasfj.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2580 2208 2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe 84 PID 2208 wrote to memory of 2580 2208 2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe 84 PID 2208 wrote to memory of 2580 2208 2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\hasfj.exe"C:\Users\Admin\AppData\Local\Temp\hasfj.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2580
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=109CB3A9E99664F506D5A74CE87665EF; domain=.bing.com; expires=Thu, 18-Sep-2025 07:24:36 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B1BAE3D353F94CC09E36C13D19C18CCD Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
date: Sat, 24 Aug 2024 07:24:35 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=109CB3A9E99664F506D5A74CE87665EF
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=cZ-FYguXHTSnBkHC4pFoMIVvnSXJV58mk4hmhsAGqKQ; domain=.bing.com; expires=Thu, 18-Sep-2025 07:24:36 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE0912C814F843CDAE9CB0D1FC60CEBD Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
date: Sat, 24 Aug 2024 07:24:36 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=109CB3A9E99664F506D5A74CE87665EF; MSPTC=cZ-FYguXHTSnBkHC4pFoMIVvnSXJV58mk4hmhsAGqKQ
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 48349045ACF04457AF1E4254483C4D8A Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
date: Sat, 24 Aug 2024 07:24:36 GMT
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1265436
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43D7D7F20FD447799AA452DBAEAA852A Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:23 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1420323
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C217EEDC548547E4AE5605576A31BB54 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:23 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 504824
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 98ABE8F8A2EF41D485867B02E22994C3 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:23 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 583936
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59695FB2EFCB4D3CBD245B005034007C Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:23 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 517913
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21BBBC6B383F421897B62CF84B120836 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:23 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 632301
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EC47FFDF8C9403BA078398F52F0D63E Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
date: Sat, 24 Aug 2024 07:26:24 GMT
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
Remote address:8.8.8.8:53Requestmytarta.comIN AResponse
-
150.171.27.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=tls, http22.1kB 9.5kB 23 20
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=HTTP Response
204 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2172.9kB 5.1MB 3693 3687
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.27.10150.171.28.10
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
144 B 146 B 2 1
DNS Request
15.164.165.52.in-addr.arpa
DNS Request
15.164.165.52.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
57 B 130 B 1 1
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
124 B 340 B 2 2
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
DNS Response
150.171.28.10150.171.27.10
-
144 B 316 B 2 2
DNS Request
10.28.171.150.in-addr.arpa
DNS Request
10.28.171.150.in-addr.arpa
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
-
114 B 260 B 2 2
DNS Request
mytarta.com
DNS Request
mytarta.com
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD5f663bdd6937ac11cd294c3d7a8afec77
SHA1c037bcb156a7045cc961e6dde0bc6ec7d96b81cc
SHA256f21b2c36ad42208d5ab8f08a51abf899ed543dca97c3557440da6aa9bcf22897
SHA512f371e4a9f5072800f90570cc4ebee1f63fc195009b8cb065bf799e5e8b306ddfd703a65ad3565864ab29242f27e54598e4dfad3c3950a11e86fb1c1ef76b1660