e65aca9960278818f8edd2184e922c95e4ad0f4180f982663666c38a2adbcdf1

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79abdb26b1806a69ad32a6ae1d8e7e71.html
Size

32KB
MD5

79abdb26b1806a69ad32a6ae1d8e7e71
SHA1

e7a315e8b397b80e1a73b1c919bb413ad7fe9c59
SHA256

e65aca9960278818f8edd2184e922c95e4ad0f4180f982663666c38a2adbcdf1
SHA512

db9d0f012382d10bb180200453c4fc5c8027b8a870a79f2c2ae04d4be6fd5308dae1aed23a89f16a508f6ff279fb9214caa55f88b90621a3d82601f3d752781b
SSDEEP

384:SEb/TeDmAuV6dkrNmXtMaxT1mV05e50ZRsUIVeVi+BiIiGjeLALIrZxLY7QIo9MY:SEfeDmA05AMaxs05X7ABNNNNNuo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410729012"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70388296d140da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000ed9ca014dcfcfe000410394429229d79e00d2a6b149f16462267fb3fe4a5687a000000000e80000000020000200000001a96588ea6d153fd1113ecd08cfee1ad628e076ed2c471fbf138a462cf18109e2000000075a7db4718e3579a1fe1eea926d1d680fdbf5c7dd7c1de3bdafdf3b3760e33aa40000000b39abd8c1f19de27a307acd70c66be81064c30fcba3e146566308bbef8dea5032e57dd219e5c413d1eef164462ee254d487f5c4dab3b6cdb0d8bbffeb46d7167	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9A50FD1-ACC4-11EE-A76C-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000004f03cb8c1c600b9089a1f1d708cb2523dc49b3b56c862ae6d9b6d16ca5abd96e000000000e8000000002000020000000945f146b00f1bae67d8ab149cc36de18c21570904bb68b921ead76e4dcfee52790000000544783f80e229ae1243f7af0f4a793687904f2d528b63573229658682e9e663c5363a4a75edf7111521820e714a639175ceb2fd7f76991f6fb6f74dd7b25fe219f14758cc00d1412b9c7bee5a7f19ca6edd5740e8a4df54002fff8cb0794b4e66127b3bdd356ef1b3b7f3b32691d0fa6111d2751ba2c16f08f9a621529e3eced5ed278d57a7f588cdaee9d8e156e49d340000000b0933d844c43426cc1a8e41f798fed5c7f2724bc9961e489aa41c594676a52878f04edb8fe1b218cbf046e94660d57d2010aad773e17ad741f497f0de5f0bcea	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2108	iexplore.exe
2108	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15
PID 2108 wrote to memory of 2448	2108	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79abdb26b1806a69ad32a6ae1d8e7e71.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2448

Network

DNS

toplist.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

toplist.cz

IN A

Response

toplist.cz

IN A

88.86.101.2
DNS

toplist.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

toplist.cz

IN A
DNS

toplist.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

toplist.cz

IN A
DNS

toplist.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

toplist.cz

IN A
DNS

toplist.cz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

toplist.cz

IN A
DNS

milujsvojzivot.sk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

milujsvojzivot.sk

IN A

Response
DNS

milujsvojzivot.sk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

milujsvojzivot.sk

IN A
DNS

milujsvojzivot.sk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

milujsvojzivot.sk

IN A
DNS

milujsvojzivot.sk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

milujsvojzivot.sk

IN A
DNS

milujsvojzivot.sk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

milujsvojzivot.sk

IN A
GET

http://toplist.cz/count.asp?id=1233081

IEXPLORE.EXE

Remote address:

88.86.101.2:80

Request

GET /count.asp?id=1233081 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: toplist.cz
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-length: 0
Location: https://toplist.cz/count.asp?id=1233081
DNS

IEXPLORE.EXE

Remote address:

88.86.101.2:80

Response

HTTP/1.0 408 Request Time-out

Cache-Control: no-cache
Connection: close
Content-Type: text/html
DNS

widgets.amung.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

172.67.8.141

widgets.amung.us

IN A

104.22.74.171

widgets.amung.us

IN A

104.22.75.171
DNS

widgets.amung.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A
GET

https://toplist.cz/count.asp?id=1233081

IEXPLORE.EXE

Remote address:

88.86.101.2:443

Request

GET /count.asp?id=1233081 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: toplist.cz
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:38 GMT
Server: Apache/2.4.29 (Ubuntu) mod_fcgid/2.3.9
Pragma: no-cache
Cache-control: private,no-cache,no-store,must-revalidate,max-age=0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
P3P: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
X-W: 3
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.184

a1952.dscq.akamai.net

IN A

96.17.179.205
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sat, 06 Jan 2024 19:52:33 GMT
Date: Sat, 06 Jan 2024 18:52:33 GMT
Connection: keep-alive
GET

http://widgets.amung.us/map.js

IEXPLORE.EXE

Remote address:

172.67.8.141:80

Request

GET /map.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:33 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:30 GMT
etag: W/"63c04122-1b86"
expires: Sun, 07 Jan 2024 18:40:26 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: HIT
Age: 727
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841628a4985bdc49-LHR
alt-svc: h3=":443"; ma=86400
GET

http://widgets.amung.us/mapbacks/girly.jpg

IEXPLORE.EXE

Remote address:

172.67.8.141:80

Request

GET /mapbacks/girly.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:34 GMT
Content-Type: image/jpeg
Content-Length: 65029
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:26 GMT
etag: "63c0411e-fe05"
expires: Sun, 07 Jan 2024 18:52:33 GMT
cache-control: max-age=86400
access-control-allow-origin: *
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841628a6aafddc49-LHR
alt-svc: h3=":443"; ma=86400
GET

http://widgets.amung.us/mappoints/heart-red.png

IEXPLORE.EXE

Remote address:

172.67.8.141:80

Request

GET /mappoints/heart-red.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:33 GMT
Content-Type: image/png
Content-Length: 882
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:17 GMT
etag: "63c04115-372"
expires: Sat, 06 Jan 2024 19:28:26 GMT
cache-control: max-age=86400
access-control-allow-origin: *
CF-Cache-Status: HIT
Age: 84247
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841628a6aa6479ad-LHR
alt-svc: h3=":443"; ma=86400
DNS

whos.amung.us

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

104.22.74.171
GET

http://whos.amung.us/pingjs/?k=2lkgsdxl9cih&t=Hviezdne%20pr%C3%ADbehy&c=m&x=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F79abdb26b1806a69ad32a6ae1d8e7e71.html&y=&a=0&d=8.191&v=27&r=3401

IEXPLORE.EXE

Remote address:

172.67.8.141:80

Request

GET /pingjs/?k=2lkgsdxl9cih&t=Hviezdne%20pr%C3%ADbehy&c=m&x=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F79abdb26b1806a69ad32a6ae1d8e7e71.html&y=&a=0&d=8.191&v=27&r=3401 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: whos.amung.us
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:33 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 841628a5bf033d9a-LHR
alt-svc: h3=":443"; ma=86400
DNS

cdnjs.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

http://cdnjs.cloudflare.com/ajax/libs/balloon-css/0.5.0/balloon.min.css

IEXPLORE.EXE

Remote address:

104.17.25.14:80

Request

GET /ajax/libs/balloon-css/0.5.0/balloon.min.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdnjs.cloudflare.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 06 Jan 2024 18:52:33 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 1436
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03d72-340c"
Last-Modified: Mon, 04 May 2020 16:06:10 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 76390
Expires: Thu, 26 Dec 2024 18:52:33 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MinMBdAaYdHNmpgY0DapNXdlMuM6jgEqt78N6yEovrntKRWKkHOG%2Flm9vDoJjcPzgsT6auDgN862ChsdDxACimBOh2GI%2FoqEFnRj%2BR5DFVARzf0%2F%2B3ZO%2F6cYDpi8tqKfbD%2B7xt6X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841628a74f4363e3-LHR
alt-svc: h3=":443"; ma=86400

88.86.101.2:80

http://toplist.cz/count.asp?id=1233081

http

IEXPLORE.EXE

652 B
460 B
8
6

HTTP Request

GET http://toplist.cz/count.asp?id=1233081

HTTP Response

301
88.86.101.2:80

toplist.cz

http

IEXPLORE.EXE

340 B
851 B
7
5

HTTP Response

408
88.86.101.2:443

https://toplist.cz/count.asp?id=1233081

tls, http

IEXPLORE.EXE

1.5kB
6.2kB
16
13

HTTP Request

GET https://toplist.cz/count.asp?id=1233081

HTTP Response

200
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

600 B
1.6kB
7
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
172.67.8.141:80

http://widgets.amung.us/mapbacks/girly.jpg

http

IEXPLORE.EXE

2.4kB
71.0kB
40
57

HTTP Request

GET http://widgets.amung.us/map.js

HTTP Response

200

HTTP Request

GET http://widgets.amung.us/mapbacks/girly.jpg

HTTP Response

200
172.67.8.141:80

http://widgets.amung.us/mappoints/heart-red.png

http

IEXPLORE.EXE

563 B
1.5kB
6
4

HTTP Request

GET http://widgets.amung.us/mappoints/heart-red.png

HTTP Response

200
172.67.8.141:80

http://whos.amung.us/pingjs/?k=2lkgsdxl9cih&t=Hviezdne%20pr%C3%ADbehy&c=m&x=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F79abdb26b1806a69ad32a6ae1d8e7e71.html&y=&a=0&d=8.191&v=27&r=3401

http

IEXPLORE.EXE

703 B
1.1kB
6
5

HTTP Request

GET http://whos.amung.us/pingjs/?k=2lkgsdxl9cih&t=Hviezdne%20pr%C3%ADbehy&c=m&x=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F79abdb26b1806a69ad32a6ae1d8e7e71.html&y=&a=0&d=8.191&v=27&r=3401

HTTP Response

200
172.67.8.141:80

whos.amung.us

IEXPLORE.EXE

466 B
92 B
10
2
104.17.25.14:80

http://cdnjs.cloudflare.com/ajax/libs/balloon-css/0.5.0/balloon.min.css

http

IEXPLORE.EXE

602 B
2.6kB
7
5

HTTP Request

GET http://cdnjs.cloudflare.com/ajax/libs/balloon-css/0.5.0/balloon.min.css

HTTP Response

200
104.17.25.14:80

cdnjs.cloudflare.com

IEXPLORE.EXE

466 B
92 B
10
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

1.0kB
9.2kB
11
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

953 B
7.8kB
10
11
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

toplist.cz

dns

IEXPLORE.EXE

280 B
72 B
5
1

DNS Request

toplist.cz

DNS Request

toplist.cz

DNS Request

toplist.cz

DNS Request

toplist.cz

DNS Request

toplist.cz

DNS Response

88.86.101.2
8.8.8.8:53

milujsvojzivot.sk

dns

IEXPLORE.EXE

315 B
123 B
5
1

DNS Request

milujsvojzivot.sk

DNS Request

milujsvojzivot.sk

DNS Request

milujsvojzivot.sk

DNS Request

milujsvojzivot.sk

DNS Request

milujsvojzivot.sk
8.8.8.8:53

widgets.amung.us

dns

IEXPLORE.EXE

124 B
110 B
2
1

DNS Request

widgets.amung.us

DNS Request

widgets.amung.us

DNS Response

172.67.8.141

104.22.74.171

104.22.75.171
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.184

96.17.179.205
8.8.8.8:53

whos.amung.us

dns

IEXPLORE.EXE

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

172.67.8.141

104.22.75.171

104.22.74.171
8.8.8.8:53

cdnjs.cloudflare.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b282c7c7ecdafb18f82d511c3b4d5ae

SHA1
49add719eaa235c80427566bed99cbce4f3c176f

SHA256
8bda0c2f034bdacb3d54231a6c36cedb94f0f0ea5385ccc62ca28d00daa0e4e2

SHA512
6ee4b6fe8200b706d5bfebe6183cd51d8c8e18030895d63923cfe6df5bb83d77c5aa466befa5af46cbca52e55cb2ef52f8a2199525c5146a3db583ea7f382fe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12530bd2e23a4580758ccb2fcca3159f

SHA1
1572842bee147f7f6f92f7b6350cfffbdd1bc107

SHA256
b10cb6f827b938851caf54b7b22d175c5896bb475d23d872b6c6f578723098cf

SHA512
25b01efdb83f65ab7d8eaccbfc4c228d027e51d6f8185a8cf9338bfabf26f80cd187d54d5a0752ea75f23ebe7b85464063324ccf3bbeac932f7029c7bdf5ae66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a71ce3943d4228912622de8c6da049d4

SHA1
6bb372ca1ee8024cc3698ea7180424625dc701fe

SHA256
30a79665df532b96a113fc3c58929a95a4cd2688c2a54d12f7677d3ab4be4827

SHA512
241640267ac4aebcd576b4a795a62b98a9fd998d3eaa76a6166be6cada9275b15d5cf8549135c74981c91b8375f480ccd74215fd982c5a08ecbba894d1451187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8172da70a17caa9c8c3e712ba9e11be4

SHA1
1f3116a703111c8ed5f01daffb7dc2264d6754a5

SHA256
06d6210f8db6d32521606da1a2f2f36b67a5b8320fd7d41d88b719f6337b4331

SHA512
5f84f5ccfa6903d69f845e9f25678be885a8963f2a35d7abe299d3a580bcfe64be5db113c3aa01ea7e08d057ee05fbb861b3c64f8446a4e1b4ebd5c59e2fafd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20d49850c657ef08c0076189ba01fbdc

SHA1
a2ad3a85a449bcc1908cb0bdcef5c34c9646e85c

SHA256
eab6b0ed246d97556e9d3526a1c1da04a7692e09af4cb01bcf4dcb6436722b40

SHA512
24b233ca94452c2bd58ce164266dce15472787860ff0753362c6ac3af6eb49090ef8adb2c1774df5d2d317f6f0b64acd16723cccc6c0de4678ad7cb70c0da9df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.