Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 07:24 UTC

General

  • Target

    2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe

  • Size

    46KB

  • MD5

    ee58813ca9c801daa9bcd6012a896ee5

  • SHA1

    226af3224e36f03c0955c922a51c771098701072

  • SHA256

    ddd4a964e4425ded0eabdd9d802a24dbc12ae267a98fcf4c239dbd2da29aa41f

  • SHA512

    456c7b120936a1732cee6ba16c3bca0535bb3940d140cb681f6323b7eda7d85d386abc2f62bd072f07578eb5e4449fa2673a607bd2cacfbee9296e8578ff730a

  • SSDEEP

    384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jb0nrlwfjDUknqs+/:bm74zYcgT/EkM0ryfjdnqsM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-24_ee58813ca9c801daa9bcd6012a896ee5_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2580

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=109CB3A9E99664F506D5A74CE87665EF; domain=.bing.com; expires=Thu, 18-Sep-2025 07:24:36 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B1BAE3D353F94CC09E36C13D19C18CCD Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
    date: Sat, 24 Aug 2024 07:24:35 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=109CB3A9E99664F506D5A74CE87665EF
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=cZ-FYguXHTSnBkHC4pFoMIVvnSXJV58mk4hmhsAGqKQ; domain=.bing.com; expires=Thu, 18-Sep-2025 07:24:36 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EE0912C814F843CDAE9CB0D1FC60CEBD Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
    date: Sat, 24 Aug 2024 07:24:36 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=109CB3A9E99664F506D5A74CE87665EF; MSPTC=cZ-FYguXHTSnBkHC4pFoMIVvnSXJV58mk4hmhsAGqKQ
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 48349045ACF04457AF1E4254483C4D8A Ref B: LON04EDGE1106 Ref C: 2024-08-24T07:24:36Z
    date: Sat, 24 Aug 2024 07:24:36 GMT
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1265436
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 43D7D7F20FD447799AA452DBAEAA852A Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1420323
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C217EEDC548547E4AE5605576A31BB54 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 504824
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 98ABE8F8A2EF41D485867B02E22994C3 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 583936
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 59695FB2EFCB4D3CBD245B005034007C Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 517913
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 21BBBC6B383F421897B62CF84B120836 Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 632301
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0EC47FFDF8C9403BA078398F52F0D63E Ref B: LON04EDGE1217 Ref C: 2024-08-24T07:26:24Z
    date: Sat, 24 Aug 2024 07:26:24 GMT
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    tls, http2
    2.1kB
    9.5kB
    23
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    172.9kB
    5.1MB
    3693
    3687

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301520_1VZ36M7X5V8VSKYZT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300939_11X4DLPL3X0UI3XC3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301087_1JF1MB0F5ZW0KC0CE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301372_1XB2DMJ4R351BNZG0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    148 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    144 B
    146 B
    2
    1

    DNS Request

    15.164.165.52.in-addr.arpa

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
    130 B
    1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    340 B
    2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    144 B
    316 B
    2
    2

    DNS Request

    10.28.171.150.in-addr.arpa

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
    260 B
    2
    2

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe

    Filesize

    47KB

    MD5

    f663bdd6937ac11cd294c3d7a8afec77

    SHA1

    c037bcb156a7045cc961e6dde0bc6ec7d96b81cc

    SHA256

    f21b2c36ad42208d5ab8f08a51abf899ed543dca97c3557440da6aa9bcf22897

    SHA512

    f371e4a9f5072800f90570cc4ebee1f63fc195009b8cb065bf799e5e8b306ddfd703a65ad3565864ab29242f27e54598e4dfad3c3950a11e86fb1c1ef76b1660

  • memory/2208-0-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

  • memory/2208-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

  • memory/2208-2-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

  • memory/2208-3-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

  • memory/2208-17-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

  • memory/2580-20-0x00000000022C0000-0x00000000022C6000-memory.dmp

    Filesize

    24KB

  • memory/2580-19-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

  • memory/2580-26-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.