Overview

overview

3

Static

static

3

94848c0f61...bN.exe

windows7-x64

3

94848c0f61...bN.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 11:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94848c0f61ad57c5c98632443e4950cfcf46551031851a5d591bd508e747a79bN.exe

  • Size

    136KB

  • MD5

    62251b72852f0f3432823025e471fc00

  • SHA1

    2814a477f1d58f2b0392508f2106b0f811e1baeb

  • SHA256

    94848c0f61ad57c5c98632443e4950cfcf46551031851a5d591bd508e747a79b

  • SHA512

    b968e710d4c5c1d6694215e9c361dd9eac30c029646d5f5e2cbd1dc4130196599890b9d7779a816462257a9f2ce0f4eca7268753e2e6c62a682c86b333e1036f

  • SSDEEP

    1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlPtPHU5YU:6e7WpRaSljjHU53

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\94848c0f61ad57c5c98632443e4950cfcf46551031851a5d591bd508e747a79bN.exe
    "C:\Users\Admin\AppData\Local\Temp\94848c0f61ad57c5c98632443e4950cfcf46551031851a5d591bd508e747a79bN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4392

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0589322D1DF16BCB21AF273E1CF76A60; domain=.bing.com; expires=Mon, 03-Nov-2025 11:42:36 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E18BC95E8BA946129D2E87D71C2CA9FF Ref B: LON601060108042 Ref C: 2024-10-09T11:42:36Z
    date: Wed, 09 Oct 2024 11:42:36 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0589322D1DF16BCB21AF273E1CF76A60
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=F6NeZ96rKBtipCwURfnhvl7HpoexCCwCxcDq-thUMxI; domain=.bing.com; expires=Mon, 03-Nov-2025 11:42:36 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 56EA74F16DA7416590F597CD4F0ED7C5 Ref B: LON601060108042 Ref C: 2024-10-09T11:42:36Z
    date: Wed, 09 Oct 2024 11:42:36 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0589322D1DF16BCB21AF273E1CF76A60; MSPTC=F6NeZ96rKBtipCwURfnhvl7HpoexCCwCxcDq-thUMxI
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3AD89BF50C8D4D799819820B12DF466A Ref B: LON601060108042 Ref C: 2024-10-09T11:42:36Z
    date: Wed, 09 Oct 2024 11:42:36 GMT
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=21bc1e12f25c47429991e89ac33643b4&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.