af68169f29519b7e213af0ff92c4d8276fcd3fc1cc5c5777ed97d08c69b82a1a

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 14:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0d8986480070e31f6b3345cd779ef2e.html
Size

15KB
MD5

c0d8986480070e31f6b3345cd779ef2e
SHA1

d2f167030616b141fdb7372a6ed724e4615e1d18
SHA256

af68169f29519b7e213af0ff92c4d8276fcd3fc1cc5c5777ed97d08c69b82a1a
SHA512

3697ec16e3fe74c957097792d3516253855f0347203654f92bd12d8382758798908ae684bfaad1c59c36465eb68ec293a9780f991ff3291f746023d04f56ff24
SSDEEP

384:SBRoHvvcvQnPBx0WaUqc5kn28gvx8ukb8bWOMVFFGNT2AbBybgNwYMVnFX15NssZ:SQr18X9DG67

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000085fb54ef075c847028fc4afe92308d6178b5480a51d79bbc97bfc859519ff62d000000000e800000000200002000000062e27e4d14f6df8d1f97e1f97a7bb8fde628109003466dd55a408a8f3ee2c596900000001ba9052b52e5c1772a9a6a67f323add3608c6cf96f49ab1e31c55dcb859d317b212e59c5a162342a25992bd34acc4dea5b95f6b49e302a3f85c5d44807d1d8fc3f43e1fa5dcd4842710666de7c7082fbf80f2332d22fa285349cec231753eeba5c7c6ffe59725fc7e2184105b5ba5b95776068761e33aee767c3a3f2bb039f6c1bc5ba0e754d023511ff2f5c709d77b6400000000a34b56fc4e22273f0c2facb98c3180e94d151edcfe7e1258f655218af04b5131a96107191f076f3b38d064658666a11d9fb29caffb9fab4331ce54bf7cb1c63	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416329914"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000028d8cdb4821e0bfa574df9282a889b3a6066961061d485238898aad734a2fd3c000000000e8000000002000020000000ad516877487be57a36e3445a7af04568aa891f95036f5347367dcb2118ca45132000000073b14a619c5a2313af207bd6984f27aa7077e2258bd81a65fc692eddeb31c686400000002acf4994aabac3a4289c9f9266e929cdd61f1aed45d42306a7c4441367801a2213b038f181dd2fe1d7062cdae159e24e4a5600f9b393990681b496b3602331b6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55A85591-DFB5-11EE-8414-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 704dce2fc273da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3008	iexplore.exe
3008	iexplore.exe
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2208	3008	iexplore.exe	28
PID 3008 wrote to memory of 2208	3008	iexplore.exe	28
PID 3008 wrote to memory of 2208	3008	iexplore.exe	28
PID 3008 wrote to memory of 2208	3008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0d8986480070e31f6b3345cd779ef2e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.196
DNS

www.alongtrip.fr

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.alongtrip.fr

IN A

Response
GET

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=fr

IEXPLORE.EXE

Remote address:

142.250.179.196:80

Request

GET /coop/cse/brand?form=cse-search-box&lang=fr HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.gstatic.com/prose/brandjs.js
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 237
X-XSS-Protection: 0
Date: Mon, 11 Mar 2024 14:16:38 GMT
Expires: Mon, 11 Mar 2024 14:46:38 GMT
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=UTF-8
Age: 1446
DNS

itsallbreaksoft.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

itsallbreaksoft.net

IN A

Response

itsallbreaksoft.net

IN A

103.224.212.215
GET

http://itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

IEXPLORE.EXE

Remote address:

103.224.212.215:80

Request

GET /tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: itsallbreaksoft.net
Connection: Keep-Alive
Cookie: __tad=1710168044.6139777

Response

HTTP/1.1 302 Found

date: Mon, 11 Mar 2024 14:40:46 GMT
server: Apache
location: http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET

http://itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

IEXPLORE.EXE

Remote address:

103.224.212.215:80

Request

GET /tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: itsallbreaksoft.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

date: Mon, 11 Mar 2024 14:40:44 GMT
server: Apache
set-cookie: __tad=1710168044.6139777; expires=Thu, 09-Mar-2034 14:40:44 GMT; Max-Age=315360000
location: http://ww38.itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
DNS

ww38.itsallbreaksoft.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ww38.itsallbreaksoft.net

IN A

Response

ww38.itsallbreaksoft.net

IN CNAME

701602.parkingcrew.net

701602.parkingcrew.net

IN A

13.248.148.254

701602.parkingcrew.net

IN A

76.223.26.96
DNS

ww38.itsallbreaksoft.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ww38.itsallbreaksoft.net

IN A
GET

http://ww38.itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

IEXPLORE.EXE

Remote address:

13.248.148.254:80

Request

GET /tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ww38.itsallbreaksoft.net
Connection: Keep-Alive
Cookie: __tad=1710168044.6139777

Response

HTTP/1.1 200 OK

Date: Mon, 11 Mar 2024 14:40:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PCfREhKZFgkm4vwwAq/AOAwKKW47Z2xfH/qQPQxHn33PoWkgsPY+B9Jq7n5uqft5oWeLA6KsMPeA0APQ4T30Iw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: english
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Domain: itsallbreaksoft.net
X-Subdomain: ww38
Content-Encoding: gzip
GET

http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

IEXPLORE.EXE

Remote address:

13.248.148.254:80

Request

GET /tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Cookie: __tad=1710168044.6139777
Connection: Keep-Alive
Host: ww38.itsallbreaksoft.net

Response

HTTP/1.1 200 OK

Date: Mon, 11 Mar 2024 14:40:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Jk4PGYAWVfOTRUMIfGWnCo8doYNICRC2mHI4bhBBcC6v4g9URcZfEpimVYGwu8Vztn81rUqAX57huM5WFbwKLw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: english
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Domain: itsallbreaksoft.net
X-Subdomain: ww38
Content-Encoding: gzip
DNS

c.parkingcrew.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.parkingcrew.net

IN A

Response

c.parkingcrew.net

IN A

185.53.178.30
GET

http://c.parkingcrew.net/scripts/sale_form.js

IEXPLORE.EXE

Remote address:

185.53.178.30:80

Request

GET /scripts/sale_form.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c.parkingcrew.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 11 Mar 2024 14:40:50 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
GET

https://www.google.com/cse/static/images/1x/fr/branding.png

IEXPLORE.EXE

Remote address:

142.250.179.196:443

Request

GET /cse/static/images/1x/fr/branding.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="prose-team"
Report-To: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
Content-Length: 1588
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 09 Mar 2024 22:39:46 GMT
Expires: Sun, 09 Mar 2025 22:39:46 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 07 Dec 2023 21:00:00 GMT
Content-Type: image/png
Age: 144064
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.251.36.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 11 Mar 2024 13:51:22 GMT
Expires: Mon, 11 Mar 2024 15:51:22 GMT
Cache-Control: public, max-age=7200
Age: 2967
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

ifdnzact.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ifdnzact.com

IN A

Response

ifdnzact.com

IN A

208.91.196.46
GET

http://ifdnzact.com/?dn=itsallbreaksoft.net&pid=9PO755G95

IEXPLORE.EXE

Remote address:

208.91.196.46:80

Request

GET /?dn=itsallbreaksoft.net&pid=9PO755G95 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ifdnzact.com
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Mon, 11 Mar 2024 14:40:54 GMT
Server: Apache
Content-Length: 300
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

142.250.179.196:80

www.google.com

IEXPLORE.EXE

294 B
196 B
6
4
142.250.179.196:80

http://www.google.com/coop/cse/brand?form=cse-search-box&lang=fr

http

IEXPLORE.EXE

942 B
801 B
8
5

HTTP Request

GET http://www.google.com/coop/cse/brand?form=cse-search-box&lang=fr

HTTP Response

301
103.224.212.215:80

http://itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

http

IEXPLORE.EXE

753 B
600 B
6
5

HTTP Request

GET http://itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

HTTP Response

302
103.224.212.215:80

http://itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

http

IEXPLORE.EXE

669 B
656 B
5
4

HTTP Request

GET http://itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

HTTP Response

302
13.248.148.254:80

ww38.itsallbreaksoft.net

IEXPLORE.EXE

190 B
132 B
4
3
13.248.148.254:80

http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

http

IEXPLORE.EXE

1.5kB
7.4kB
12
15

HTTP Request

GET http://ww38.itsallbreaksoft.net/tds/in.cgi?2&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

HTTP Response

200

HTTP Request

GET http://ww38.itsallbreaksoft.net/tds/in.cgi?3&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=file%3A%2F%2FC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp%5Cc0d8986480070e31f6b3345cd779ef2e.html&default_keyword=notdefine

HTTP Response

200
185.53.178.30:80

http://c.parkingcrew.net/scripts/sale_form.js

http

IEXPLORE.EXE

1.1kB
2.3kB
14
6

HTTP Request

GET http://c.parkingcrew.net/scripts/sale_form.js

HTTP Response

200
185.53.178.30:80

c.parkingcrew.net

IEXPLORE.EXE

380 B
124 B
8
3
142.250.179.196:443

https://www.google.com/cse/static/images/1x/fr/branding.png

tls, http

IEXPLORE.EXE

1.7kB
7.3kB
13
13

HTTP Request

GET https://www.google.com/cse/static/images/1x/fr/branding.png

HTTP Response

200
142.251.36.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
142.251.36.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

916 B
18.3kB
14
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
208.91.196.46:80

http://ifdnzact.com/?dn=itsallbreaksoft.net&pid=9PO755G95

http

IEXPLORE.EXE

850 B
1.2kB
7
5

HTTP Request

GET http://ifdnzact.com/?dn=itsallbreaksoft.net&pid=9PO755G95

HTTP Response

403
208.91.196.46:80

ifdnzact.com

IEXPLORE.EXE

290 B
88 B
6
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

1.1kB
7.8kB
12
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.6kB
10
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

1.0kB
7.6kB
10
12

8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.196
8.8.8.8:53

www.alongtrip.fr

dns

IEXPLORE.EXE

62 B
120 B
1
1

DNS Request

www.alongtrip.fr
8.8.8.8:53

itsallbreaksoft.net

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

itsallbreaksoft.net

DNS Response

103.224.212.215
8.8.8.8:53

ww38.itsallbreaksoft.net

dns

IEXPLORE.EXE

140 B
135 B
2
1

DNS Request

ww38.itsallbreaksoft.net

DNS Request

ww38.itsallbreaksoft.net

DNS Response

13.248.148.254

76.223.26.96
8.8.8.8:53

c.parkingcrew.net

dns

IEXPLORE.EXE

63 B
79 B
1
1

DNS Request

c.parkingcrew.net

DNS Response

185.53.178.30
8.8.8.8:53

ifdnzact.com

dns

IEXPLORE.EXE

58 B
74 B
1
1

DNS Request

ifdnzact.com

DNS Response

208.91.196.46

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a280a0ef0735731515a3ba0238f5caf9

SHA1
3c389a6a1808309be877fba8a0a259da4ec6c62a

SHA256
29fcb69d3a325daede6a9ec169d3d69b1ac6b05ecce5557288b2cb29fbca26ba

SHA512
e948752a73e118d51e1efa6991fe4cd051dba95d1e90d63b4a8201113265c08be70e9dadf95279b8aa2aa7968530df736ae4f8722786d890cbad84c39e2fd7eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc4f9b4ca686fbbef9e60ba42278a3f0

SHA1
0aef8052290767d7d1e5e7109f70c4f9b308ed6c

SHA256
e71cfb105dea5d1eb65b9b82ac19877e8beeb4ae24518b618d6acb8a6bba3989

SHA512
905ca740477840b5dd5c564f7fb3ee8e3ae12d04c6f2a3e80c9ff250a9202cf2de5a016624fdf11180aa81a7a442f150766acb3097b01f0898925fe5322ba602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80959ab2573a5cc1a47cd5f94dcc38b3

SHA1
953c580a6ac0357d05acb1e9559bc6dacf80c860

SHA256
ace8f178262e6dcd284eeb5dcd9b5ca8ed4930ba56a35ffd23f1ae532bb77a73

SHA512
dc982f84fbc9158de122b998573481db8b575e1a46203f86fc5af9d337d83279201d7a17bade2c11eb116fb0549e7f9c571b8d1401fac099ec0eb62370b8fe71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ae3904599262bb808c5ba608a8f8b66

SHA1
8c326ec37ae6c0f42ce9f2c57a0387ca2ce62b1a

SHA256
1dcd32f650b342759516fe7f83729fea270a9f2f03ef895482582ef770e87bb5

SHA512
8ac27eb81c19e10544cbf889d95f63a102f24f9bc72b0643934eb18b2754ca298c065bab9e539954e769f8bc5510f87c1dc4518883a0d07504489b32381a20c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4986fd02388c38e3082ca8fed081fc8a

SHA1
5b88810d7d2db05041d0b479d09936fd27349e6c

SHA256
672332b8d7aefe44dd7047bd84b8dc4d699d3a42bf54f1527d17d30bbae7d63a

SHA512
bfb88f73617b932d4e5300fc42b9bff9c26d34bf927cffd246a2544bb4f0a0b18dfdd9d909852a99d6e02e51f00c23e5b2835275912046477daa536436f5c665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2db9f18c02c4048eaf400a6133e84f1d

SHA1
8b3af39e7c95ae2b6714a861862df132bf4e05c1

SHA256
371d7923423fc682d336de02186f28af971faf38e47acd8937329cc7795fcd6b

SHA512
18ea105dbbaff24a77f89ece14ffa44e99fc4939228c4f60e0105f6949a8efe2ca3a32bd266fb5505047a328686720b1dfca228d6d5ba7dc64e8fc9ffc54cac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac4e4f02ad9746872c2863c5c068af36

SHA1
45eca335186e4ec300545213598b127620a659de

SHA256
335c6ee4b2602a29013dbbfa8246bd96f355ecb5d492bd975e44ee1c9e45fe83

SHA512
173a8c830900c4a3f9e62015a5851b7d1673726d44358297cba3346faaa5086c37b4cd05a540ce1e44ad8a0a36587dfb89b778b9c17e353a25aef13341c91652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1417fcddcd2e025623bd2fb026e343b9

SHA1
6537de2d4ce0ba5a99f579115a92adfab46a9de2

SHA256
a47e6c05f0fb773c5af1a8fd9acf000e3618f8e8e2d89d817e91414f15355ae7

SHA512
c12f8773c9437b8037cb6608b0118b89da01a2921eec0b6d296ab6967fa3e260fe6de4708d01a401e8564ef69c56667c2a36c71a75b3199c174f80138e62120b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d6ee845b769691e36d765d6a1bf7b79

SHA1
583df60e0918cabe7fece9ef359b8270e7b41827

SHA256
e778f6048bbe2c9f436904fae9e4f5d567253d0ef2cb32d07a0e51d511985981

SHA512
8b075cfafe36f7fe64b1ba885503c254fbef36da344ca872f7ba743165ede52ec7f467e1d406334ec13af1b35e5bd8743e9a080b90fa595c24b613672d91ace6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4decb0e4d58f3e90b5076224d8409ee5

SHA1
32fba1e1938afe748c8baa19420a17357d140a4b

SHA256
44e068ca8f8bbbca005aa308cda7c861323c7491bfa7787bf7f9187a0143e0e9

SHA512
e3491f04a1635626d31cfc9e6ffcd4a2c75867bf2927c289736140fb2002a84619f42583368e79881df7d3f62d60d6fc071d456729ae8eab57f6f49a65b6b397

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14c03b0d47c3381b70cc67e828cfdc78

SHA1
7190b97c4b0c578bab130c1be2121dabe357bb22

SHA256
3d3f4cb611271323870f761cb78a810055123b317c19a5095b7b5d5fac5d868a

SHA512
ceb0710e4e68f8c348ab868b7e7786540598129b40ae3fb59d15c5da76907f74c380a53346d3ee4cbb87d36029e6de75ae5671466dff03b12978b2b8cb0aead0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db4921a5c05ee0999f909d502d42d6f7

SHA1
21ba36984ff2d85ec56410a105595c527bb99dad

SHA256
6d21c8f953c5af39b2bb6c75ea6e43bb1078b37837e057a4d3383b168f83e53a

SHA512
6a645ba8f225aad30ae92034e459f52681a250d19f6c0490e0c9e5b25f07675d54084be3ec512076d0ec3f615f4eba56d678f4e20f6515de24fb2c490201f2d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5E28.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5F15.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FE6.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.