Analysis
-
max time kernel
146s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
03-11-2024 23:41
Static task
static1
Behavioral task
behavioral1
Sample
6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe
Resource
win7-20240708-en
General
-
Target
6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe
-
Size
254KB
-
MD5
0676798cb430804268472910ad8a1750
-
SHA1
82c2dc99275e7ca0935be96a9fab6ca7b976aed0
-
SHA256
6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057
-
SHA512
722c1160042d11a98248fa4e17596f880dd5e7a6e95b832bc6f2b0f5c14ca067b484f2bdc5c0480569c2e33472ab5cd65250c471c5cda5840c932b0bb118a2f9
-
SSDEEP
6144:85p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQqC:EeGUA5YZazpXUmZhJC
Malware Config
Extracted
nanocore
1.2.2.0
sysupdate24.ddns.net:45400
ae82ab7f-db07-49ee-9d2b-76075d76f37f
-
activate_away_mode
true
- backup_connection_host
- backup_dns_server
-
buffer_size
65535
-
build_time
2020-04-24T17:41:53.492468936Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
45400
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
ae82ab7f-db07-49ee-9d2b-76075d76f37f
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
sysupdate24.ddns.net
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Signatures
-
Nanocore family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe -
Executes dropped EXE 2 IoCs
pid Process 5028 a1punf5t2of.exe 1296 a1punf5t2of.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe" 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a1punf5t2of.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 5028 set thread context of 1296 5028 a1punf5t2of.exe 100 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a1punf5t2of.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a1punf5t2of.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1296 a1punf5t2of.exe 1296 a1punf5t2of.exe 1296 a1punf5t2of.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1296 a1punf5t2of.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1296 a1punf5t2of.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 3260 wrote to memory of 5028 3260 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe 99 PID 3260 wrote to memory of 5028 3260 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe 99 PID 3260 wrote to memory of 5028 3260 6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe 99 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100 PID 5028 wrote to memory of 1296 5028 a1punf5t2of.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe"C:\Users\Admin\AppData\Local\Temp\6fe2af6d9f517881181f96dfc1301369a8c6c26ed83fc0cc9a9e5fd2c7590057N.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1296
-
-
Network
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0C03BF6C2DB960BE0995AA402C8861F3; domain=.bing.com; expires=Fri, 28-Nov-2025 23:42:35 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 008AA64D73E046BFB47592D4682DDAB9 Ref B: LON601060102060 Ref C: 2024-11-03T23:42:35Z
date: Sun, 03 Nov 2024 23:42:35 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0C03BF6C2DB960BE0995AA402C8861F3
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=_hi3_VEwHIYFYr9ZVBdmu7hPdsL0RhiR1tWTKtnkn-w; domain=.bing.com; expires=Fri, 28-Nov-2025 23:42:35 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD43B3C5B5B1497C9CABD3D64F679749 Ref B: LON601060102060 Ref C: 2024-11-03T23:42:35Z
date: Sun, 03 Nov 2024 23:42:35 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0C03BF6C2DB960BE0995AA402C8861F3; MSPTC=_hi3_VEwHIYFYr9ZVBdmu7hPdsL0RhiR1tWTKtnkn-w
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DDCB9B03CA548E7B835A5E8E348B2AD Ref B: LON601060102060 Ref C: 2024-11-03T23:42:35Z
date: Sun, 03 Nov 2024 23:42:35 GMT
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestsysupdate24.ddns.netIN AResponsesysupdate24.ddns.netIN A0.0.0.0
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418558_1RIRIQOUBMYAABIAT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418558_1RIRIQOUBMYAABIAT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 586896
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED82B181FC234F2089E7688DB3B5DEB6 Ref B: LON601060106040 Ref C: 2024-11-03T23:44:15Z
date: Sun, 03 Nov 2024 23:44:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1265436
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E195B008EF0449DAB52CBF0868E63E9F Ref B: LON601060106040 Ref C: 2024-11-03T23:44:15Z
date: Sun, 03 Nov 2024 23:44:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 650665
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BFB36E49140D4FA299248FCFFC0F6979 Ref B: LON601060106040 Ref C: 2024-11-03T23:44:15Z
date: Sun, 03 Nov 2024 23:44:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 705144
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F79624DBBC754FCAA938BAC1C2AE5918 Ref B: LON601060106040 Ref C: 2024-11-03T23:44:15Z
date: Sun, 03 Nov 2024 23:44:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418557_1YV8GA2L9NL51T4LE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418557_1YV8GA2L9NL51T4LE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 643441
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 305F5663CE9C43888336F63EABD026F4 Ref B: LON601060106040 Ref C: 2024-11-03T23:44:15Z
date: Sun, 03 Nov 2024 23:44:15 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1420323
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9E689AF6A5E4012B4EC37DB26EABEF9 Ref B: LON601060106040 Ref C: 2024-11-03T23:44:16Z
date: Sun, 03 Nov 2024 23:44:16 GMT
-
Remote address:8.8.8.8:53Request10.27.171.150.in-addr.arpaIN PTRResponse
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=tls, http22.0kB 9.4kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b39a2cd419424aa0aadacec073af9a87&localId=w:2D3093FA-6F32-4948-30D6-822D6819A5AC&deviceId=6755476188894822&anid=HTTP Response
204 -
1.2kB 7.3kB 16 13
-
1.2kB 7.3kB 16 13
-
1.2kB 7.3kB 16 13
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2183.7kB 5.5MB 3947 3942
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418558_1RIRIQOUBMYAABIAT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239355262897_1WRSJCEZM1EG3MR0G&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418557_1YV8GA2L9NL51T4LE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239355262898_1GZLH62E7DDOB6LZ5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 7.3kB 16 13
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
133.32.126.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
66 B 82 B 1 1
DNS Request
sysupdate24.ddns.net
DNS Response
0.0.0.0
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.204.248.87.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
58.99.105.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
72 B 158 B 1 1
DNS Request
10.27.171.150.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
254KB
MD567ff69a1df265205bb9ebc3fbe933a74
SHA191b2a39865646e97d9b100964f4743479e1b82b5
SHA2566fbf4dfa9ce8ee9e03a12adc21e59cdd14c72104c409bf4aeb34e377cc38c25f
SHA512b478ac6ac5a36af473711f1b205109c9ac017d9459a3aed9da367b5487a11e53172ae769b8919d9adc240c99a8b78825ebba823b207e1176a325ff1d9e4de0a9