Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2024 10:46
Static task
static1
Behavioral task
behavioral1
Sample
793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe
-
Size
1.4MB
-
MD5
793cab4421c321b969ce88f22d90752c
-
SHA1
55b461d66391147bf8f7c0179f7a0b2abed6d9b5
-
SHA256
b780a8572b59d2eeb633fd896cc4982508aacee23bce257396a80e7ea29b2bc3
-
SHA512
b02df864c6ec4c7ebede94b3bf31b66b5332f3e8b4ece9600a2b282dec06885965279adbf36b8e08d590cfcb5aeb0e113a273eb4476c5fc86e321c4cb73e4075
-
SSDEEP
24576:eaHMv6CorjqnyC8flDAgjk6GECzbMpJgCUwJvfoIfaAl3Ein+ozerISUfE:e1vqjdC8tD5jk6/wbMTgCUaoIfaKb+ok
Malware Config
Extracted
darkcomet
Guest16
testcybergate.zapto.org:3014
DC_MUTEX-F48XL4B
-
gencode
EWr2RqlAQCdR
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
latentbot
testcybergate.zapto.org
Signatures
-
Darkcomet family
-
Latentbot family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation 793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 1292 uncrypted.exe -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral2/memory/1620-0-0x0000000000400000-0x00000000004E1000-memory.dmp autoit_exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language uncrypted.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1292 uncrypted.exe Token: SeSecurityPrivilege 1292 uncrypted.exe Token: SeTakeOwnershipPrivilege 1292 uncrypted.exe Token: SeLoadDriverPrivilege 1292 uncrypted.exe Token: SeSystemProfilePrivilege 1292 uncrypted.exe Token: SeSystemtimePrivilege 1292 uncrypted.exe Token: SeProfSingleProcessPrivilege 1292 uncrypted.exe Token: SeIncBasePriorityPrivilege 1292 uncrypted.exe Token: SeCreatePagefilePrivilege 1292 uncrypted.exe Token: SeBackupPrivilege 1292 uncrypted.exe Token: SeRestorePrivilege 1292 uncrypted.exe Token: SeShutdownPrivilege 1292 uncrypted.exe Token: SeDebugPrivilege 1292 uncrypted.exe Token: SeSystemEnvironmentPrivilege 1292 uncrypted.exe Token: SeChangeNotifyPrivilege 1292 uncrypted.exe Token: SeRemoteShutdownPrivilege 1292 uncrypted.exe Token: SeUndockPrivilege 1292 uncrypted.exe Token: SeManageVolumePrivilege 1292 uncrypted.exe Token: SeImpersonatePrivilege 1292 uncrypted.exe Token: SeCreateGlobalPrivilege 1292 uncrypted.exe Token: 33 1292 uncrypted.exe Token: 34 1292 uncrypted.exe Token: 35 1292 uncrypted.exe Token: 36 1292 uncrypted.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1292 uncrypted.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1620 wrote to memory of 1292 1620 793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe 87 PID 1620 wrote to memory of 1292 1620 793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe 87 PID 1620 wrote to memory of 1292 1620 793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\793cab4421c321b969ce88f22d90752c_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Users\Admin\AppData\Local\Temp\uncrypted.exe"C:\Users\Admin\AppData\Local\Temp\uncrypted.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1292
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=000C33247B676C5E119326027AF86DC5; domain=.bing.com; expires=Sat, 22-Nov-2025 10:54:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 81C4AA2CD27F4F83BD1450492B3AA94C Ref B: LON601060104040 Ref C: 2024-10-28T10:54:10Z
date: Mon, 28 Oct 2024 10:54:10 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=000C33247B676C5E119326027AF86DC5
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=52Yy7-FcTCAd1kJDJeQgUYQSf9YiY2mEI2ff6m83rvQ; domain=.bing.com; expires=Sat, 22-Nov-2025 10:54:10 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 833DC1CFD1D549C3891B18DA024B17DD Ref B: LON601060104040 Ref C: 2024-10-28T10:54:10Z
date: Mon, 28 Oct 2024 10:54:10 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=000C33247B676C5E119326027AF86DC5; MSPTC=52Yy7-FcTCAd1kJDJeQgUYQSf9YiY2mEI2ff6m83rvQ
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03FFABF887484EFC9E05F4C7A98E21E4 Ref B: LON601060104040 Ref C: 2024-10-28T10:54:10Z
date: Mon, 28 Oct 2024 10:54:10 GMT
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Request200.163.202.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.190.18.2.in-addr.arpaIN PTRResponse73.190.18.2.in-addr.arpaIN PTRa2-18-190-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN A
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 540045
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC3CDF8F97484DB59F2CAF864AAE5970 Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 694302
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D9C2217C42140C3B91DD98A61E26100 Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 576636
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5AD1A604244541DD85B3669DE9569CEA Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 561868
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 633B0A983A984F199511354BF5C2E4DA Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 405350
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8EE6C2C8E7D04DD9A1C808DE3307645F Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 512342
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 26A32965F89641CBB04C6C461E034B0C Ref B: LON601060102029 Ref C: 2024-10-28T10:55:48Z
date: Mon, 28 Oct 2024 10:55:47 GMT
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
Remote address:8.8.8.8:53Requesttestcybergate.zapto.orgIN AResponse
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=tls, http22.0kB 9.4kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3704809a15c84960987ca04a198f2e8c&localId=w:9BCA5FC4-E20E-516F-AAFA-89790EBA48FA&deviceId=6966572652123934&anid=HTTP Response
204 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2116.5kB 3.4MB 2473 2469
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 12
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
74 B 160 B 1 1
DNS Request
200.163.202.172.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.190.18.2.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
138 B 129 B 2 1
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
69 B 129 B 1 1
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
-
138 B 258 B 2 2
DNS Request
testcybergate.zapto.org
DNS Request
testcybergate.zapto.org
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
659KB
MD592499f0ef985be878a6373743b77d6a2
SHA1c60aa4820aa41f9f6dafef25e4ad9f8d010c88f9
SHA256a53ecd5d2893a6325776ea9135b2532f1f68ceca6dae90db8de531b883b1571a
SHA51227e3fe6a6bfc43c4e4f1c64570e5beebc773cb6cd9b043e8ccef4c57821bda6fa560d2abe34326ab1563ecedace0d02c1d1c3676f18f35bfa47df5df05b98b7e
-
Filesize
659KB
MD5c798c640896c00fc6bb839cdd3810e24
SHA18a386de287c0d1bf3e3c322e1957eb9055a0aedb
SHA25631be1a973731be787d2d717e36a1447eaf2a6d81eade0e0a77329f0692d3e699
SHA51210e40c9b6dd2d37fef6df7c0b43ecfc39f49f9b28e2c25d0df1aa1c38b8311d1897db7b0de36a9c2b95ea8f2901e66607b2fa1527f330d6499ff7d34463d8729