Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-08-26...er.exe

windows7-x64

7

2024-08-26...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 00:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-26_b2bc0d944cbc5745c9cbdd9e9b2fc1c2_cryptolocker.exe

  • Size

    35KB

  • MD5

    b2bc0d944cbc5745c9cbdd9e9b2fc1c2

  • SHA1

    895732417de5929a2e232c612193c7530d048251

  • SHA256

    b682115a984c1d4cc50b4622e994b2c93c919d009a882c2e4ce92eb2d7a0b184

  • SHA512

    1d06f648f7684e6299b8b28361dcdabb2e0e773ce1ad550bf0043ca79a8c191dc64601fa90001274dd42335315e5dae9d457684cf064536b5ce201450f691a5b

  • SSDEEP

    384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGXvJF3SU:bG74zYcgT/Ekd0ryfjkbCU

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-26_b2bc0d944cbc5745c9cbdd9e9b2fc1c2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-26_b2bc0d944cbc5745c9cbdd9e9b2fc1c2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4696

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    ocsp.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3733D8F20C7765A735EDCC150D976427; domain=.bing.com; expires=Sat, 20-Sep-2025 00:40:01 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EF40E7ADA6C44B1EAB1A5A9EA0DB4778 Ref B: LON04EDGE1115 Ref C: 2024-08-26T00:40:01Z
    date: Mon, 26 Aug 2024 00:40:00 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3733D8F20C7765A735EDCC150D976427
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=oZScRmPfll-JEq2AM9Ozx91pitnOCwe6IP350qXihH4; domain=.bing.com; expires=Sat, 20-Sep-2025 00:40:01 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 29BB9967E87A4A3AAC4D85FEF759CF8B Ref B: LON04EDGE1115 Ref C: 2024-08-26T00:40:01Z
    date: Mon, 26 Aug 2024 00:40:00 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3733D8F20C7765A735EDCC150D976427; MSPTC=oZScRmPfll-JEq2AM9Ozx91pitnOCwe6IP350qXihH4
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F63A3ADB7FA34086AE90F23A16A4EE1F Ref B: LON04EDGE1115 Ref C: 2024-08-26T00:40:01Z
    date: Mon, 26 Aug 2024 00:40:00 GMT
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 706510
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FE5942777C1641EFB4DACC5603E35C73 Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:51Z
    date: Mon, 26 Aug 2024 00:41:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388085_1V9VP4ET8MMYG3B93&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388085_1V9VP4ET8MMYG3B93&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1266902
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0B17D563B28141BBA1DE95D1483A7E76 Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:51Z
    date: Mon, 26 Aug 2024 00:41:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388086_17JQXLT19NWNE8CIT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388086_17JQXLT19NWNE8CIT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1036625
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E28F47C15543403085912E611AD9829E Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:52Z
    date: Mon, 26 Aug 2024 00:41:52 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 622808
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EE86958B2BFC40F49C7674B850109655 Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:56Z
    date: Mon, 26 Aug 2024 00:41:56 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 625518
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C3A78C9CDB584745B68337A95786644E Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:56Z
    date: Mon, 26 Aug 2024 00:41:56 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 797704
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 55292C5341514CF49FD958B7DEC633E1 Ref B: LON04EDGE1012 Ref C: 2024-08-26T00:41:56Z
    date: Mon, 26 Aug 2024 00:41:56 GMT
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
  • flag-us
    DNS
    40.173.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.173.79.40.in-addr.arpa
    IN PTR
    Response
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
    tls, http2
    2.0kB
     9.4kB
     21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b69d1ca32e84887bf7d7beb19bc656e&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

    HTTP Response

    204
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.8kB
     671 B
     14
    9
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    2.2kB
     7.3kB
     19
    12
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    2.2kB
     7.3kB
     19
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    177.1kB
     5.2MB
     3796
    3789

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388085_1V9VP4ET8MMYG3B93&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388086_17JQXLT19NWNE8CIT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    197 B
     493 B
     3
    3

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    ocsp.digicert.com

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Response

    192.229.221.95

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    114 B
     130 B
     2
    1

    DNS Request

    mytarta.com

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

  • 8.8.8.8:53
    40.173.79.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    40.173.79.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    693f77ee1f811b5670f7e3b85dd6fa49

    SHA1

    42620c4ba155dca36f692d3428dd8bd0d6014f62

    SHA256

    caf8203f8497b87a04e494e6c0473ddaeeb1f82561cdf0f7d297adc04052ca8f

    SHA512

    dbcf6282e408129f1bb55ac562e7a74fceb39b06e4f0f2e6d55cd140e0586e520006e3f233c098c5d4dfed6cd137e1fef4ff482e74d67db111e8b976a673001d

    Download Submit

  • memory/4596-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4596-1-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4596-2-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4596-3-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4596-17-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4696-19-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4696-25-0x0000000002010000-0x0000000002016000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4696-26-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.