Overview
overview
10Static
static
3Setup.exe
windows11-21h2-x64
4Setup.exe
windows10-ltsc 2021-x64
10win-X32/en...pi.dll
windows7-x64
1win-X32/en...pi.dll
windows10-ltsc 2021-x64
1win-X32/en...xe.dll
windows7-x64
1win-X32/en...xe.dll
windows10-ltsc 2021-x64
1win-X32/en...xe.dll
windows10-ltsc 2021-x64
1win-X32/en...xe.dll
windows10-ltsc 2021-x64
1win-X32/hmmapi.dll
windows7-x64
1win-X32/hmmapi.dll
windows10-ltsc 2021-x64
1win-X32/ie...xe.dll
windows10-2004-x64
1win-X32/ie...xe.dll
windows10-ltsc 2021-x64
1win-X32/ie...xe.dll
windows10-2004-x64
1win-X32/ie...xe.dll
windows10-ltsc 2021-x64
1win-X64/en...pi.dll
windows7-x64
1win-X64/en...pi.dll
windows10-ltsc 2021-x64
1win-X64/en...xe.dll
windows7-x64
1win-X64/en...xe.dll
windows10-ltsc 2021-x64
1win-X64/en...xe.dll
windows10-2004-x64
1win-X64/en...xe.dll
windows10-ltsc 2021-x64
1Analysis
-
max time kernel
121s -
max time network
134s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
06-01-2025 08:05
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
win-X32/en-US/hmmapi.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
win-X32/en-US/hmmapi.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
win-X32/en-US/ieinstal.exe.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
win-X32/en-US/ieinstal.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral7
Sample
win-X32/en-US/iexplore.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral8
Sample
win-X32/en-US/iexplore.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral9
Sample
win-X32/hmmapi.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
win-X32/hmmapi.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral11
Sample
win-X32/ieinstal.exe.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
win-X32/ieinstal.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral13
Sample
win-X32/iexplore.exe.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
win-X32/iexplore.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral15
Sample
win-X64/en-US/hmmapi.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
win-X64/en-US/hmmapi.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
win-X64/en-US/ieinstal.exe.dll
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
win-X64/en-US/ieinstal.exe.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral19
Sample
win-X64/en-US/iexplore.exe.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
win-X64/en-US/iexplore.exe.dll
Resource
win10ltsc2021-20241211-en
General
-
Target
win-X32/hmmapi.dll
-
Size
392.0MB
-
MD5
072f47192785a8054ca9e103746286c2
-
SHA1
7c5aa52ebce41048ed03c429d1055a95a172340a
-
SHA256
504c79eb7107e17d3b41ea2cf47d00876536f8f128fa4e02804eb143bc9150e6
-
SHA512
5b812e2a66a58eaace08dcfc245cbea7cfeff98e5594b3221db27a0d636a4e7e7d2424041cc95b666b20fbb6b6b907090998b9ea2778f7f1530d13ae1408f9f2
-
SSDEEP
48:yF3sRB0f93zBIZWyXHYloxaiqq2xqDyVpvv2iw:HUlEWcA2uvv
Malware Config
Signatures
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\win-X32\hmmapi.dll,#11⤵PID:5148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=5020,i,14915339153108214952,13513928827091056845,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:81⤵PID:884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3204,i,14915339153108214952,13513928827091056845,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:81⤵PID:3428
Network
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request4.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A204.79.197.239dual-a-0036.a-msedge.netIN A13.107.21.239
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.net
-
Remote address:8.8.8.8:53Requestedgeassetservice.azureedge.netIN AResponseedgeassetservice.azureedge.netIN CNAMEedgeassetservice.afd.azureedge.netedgeassetservice.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netIN A13.107.246.64
-
Remote address:8.8.8.8:53Requestedgeassetservice.azureedge.netIN UnknownResponseedgeassetservice.azureedge.netIN CNAMEedgeassetservice.afd.azureedge.netedgeassetservice.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.net
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dRemote address:2.20.12.74:80RequestHEAD /filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestfd.api.iris.microsoft.comIN AResponsefd.api.iris.microsoft.comIN CNAMEfd-api-iris.trafficmanager.netfd-api-iris.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.comiris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.comIN A20.223.35.26
-
Remote address:8.8.8.8:53Request200.163.202.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request60.153.16.2.in-addr.arpaIN PTRResponse60.153.16.2.in-addr.arpaIN PTRa2-16-153-60deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netwildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa1847.dscd.akamai.neta1847.dscd.akamai.netIN A88.221.111.25a1847.dscd.akamai.netIN A2.18.240.169
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dRemote address:88.221.111.25:80RequestHEAD /filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 505
Expires: Mon, 06 Jan 2025 08:10:31 GMT
Date: Mon, 06 Jan 2025 08:10:31 GMT
Connection: keep-alive
X-CID: 2
X-CCC: IT
-
Remote address:8.8.8.8:53Request25.111.221.88.in-addr.arpaIN PTRResponse25.111.221.88.in-addr.arpaIN PTRa88-221-111-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEedge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comedge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN CNAMEdefault.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN A91.81.129.182default.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN A91.81.129.181default.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN A91.80.49.85default.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN A91.81.130.134default.qdr.p1.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.comIN A91.80.49.22
-
Remote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN UnknownResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEfg.microsoft.map.fastly.net
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dRemote address:91.81.129.182:80RequestGET /filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3d HTTP/1.1
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
Connection: keep-alive
Sec-Mesh-Client-Edge-Version: 131.0.2903.86
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19044
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0
Accept-Encoding: gzip, deflate
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 543
Connection: keep-alive
Server: Qwilt
X-OC-Service-Type: lo
Ocn-Cache-Status: NA
Ocn-Requestid: 10000002a7d3eb7c-1314049194-1
Ocn-Served-By: QLT
X-CID: 9
X-CCC: it
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A13.107.21.239dual-a-0036.a-msedge.netIN A204.79.197.239
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.net
-
Remote address:8.8.8.8:53Request182.129.81.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request35.197.79.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A13.107.21.239dual-a-0036.a-msedge.netIN A204.79.197.239
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.net
-
3.5kB 8.4kB 19 24
-
22.7kB 1.2MB 434 837
-
2.20.12.74:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dhttp397 B 40 B 1 1
HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3d -
624 B 6.5kB 9 6
-
46 B 40 B 1 1
-
88.221.111.25:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dhttp593 B 418 B 5 4
HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dHTTP Response
403 -
91.81.129.182:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dhttp941 B 995 B 6 4
HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2380abb1-3113-405a-8e34-0406ced73ad5?P1=1734255614&P2=404&P3=2&P4=Q%2fDpc%2bV8DXESEAgyrcl7Q8CZbidqsrX9gd5IZZ8BCeMdhjd3t1egsgpDQf8EvNEm27PhD9TZl7D%2fi%2fNpANRxBw%3d%3dHTTP Response
403 -
5.0kB 7.6kB 16 16
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
4.159.190.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
64 B 167 B 1 1
DNS Request
edge.microsoft.com
DNS Response
204.79.197.23913.107.21.239
-
64 B 168 B 1 1
DNS Request
edge.microsoft.com
-
76 B 243 B 1 1
DNS Request
edgeassetservice.azureedge.net
DNS Response
13.107.246.64
-
76 B 287 B 1 1
DNS Request
edgeassetservice.azureedge.net
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
71 B 197 B 1 1
DNS Request
fd.api.iris.microsoft.com
DNS Response
20.223.35.26
-
74 B 160 B 1 1
DNS Request
200.163.202.172.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
60.153.16.2.in-addr.arpa
-
87 B 328 B 1 1
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
88.221.111.252.18.240.169
-
72 B 137 B 1 1
DNS Request
25.111.221.88.in-addr.arpa
-
87 B 373 B 1 1
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
91.81.129.18291.81.129.18191.80.49.8591.81.130.13491.80.49.22
-
87 B 292 B 1 1
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
-
64 B 167 B 1 1
DNS Request
edge.microsoft.com
DNS Response
13.107.21.239204.79.197.239
-
64 B 168 B 1 1
DNS Request
edge.microsoft.com
-
72 B 147 B 1 1
DNS Request
182.129.81.91.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
35.197.79.40.in-addr.arpa
-
64 B 167 B 1 1
DNS Request
edge.microsoft.com
DNS Response
13.107.21.239204.79.197.239
-
64 B 168 B 1 1
DNS Request
edge.microsoft.com