Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

4c476b93ac...8.html

windows7-x64

1

4c476b93ac...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 17:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c476b93ac33d18c9f1d03f8035f5955_JaffaCakes118.html

  • Size

    26KB

  • MD5

    4c476b93ac33d18c9f1d03f8035f5955

  • SHA1

    e6182efe5a765ae2a9e96b0d5ec11fa3fc1415b8

  • SHA256

    1af57e656a0804f25214fd58127158146486efab4655685fe8316e25d705c4d8

  • SHA512

    d227630d1819b4f3cc6993eab1d075cfb6acc93b4042fcb86cc17a9d8453bb1779e20fad2afeba8c1b064fcf74b4192a66b57a0f777dbd99675c9c8fd362d9cb

  • SSDEEP

    192:/kP3DOVOmn8YIEx5uy/QeE4nthtKi+kclsWMZewOHrr+jX7D5GOv8ET0kFPQQcek:8P3q01AuaxByRQewo/+jrdGO15PRxzbk

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4c476b93ac33d18c9f1d03f8035f5955_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2968

Network

  • flag-us
    DNS
    textilepeople.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    textilepeople.com
    IN A
    Response
    textilepeople.com
    IN A
    166.62.25.253
  • flag-us
    DNS
    www.textilepeople.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.textilepeople.com
    IN A
    Response
    www.textilepeople.com
    IN CNAME
    textilepeople.com
    textilepeople.com
    IN A
    166.62.25.253
  • flag-us
    DNS
    4.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    4.bp.blogspot.com
    IN A
    Response
    4.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    DNS
    i3.ytimg.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i3.ytimg.com
    IN A
    Response
    i3.ytimg.com
    IN A
    142.250.187.238
  • flag-us
    DNS
    www.bbtoystore.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.bbtoystore.com
    IN A
    Response
    www.bbtoystore.com
    IN A
    216.188.19.50
  • flag-us
    DNS
    images3.wikia.nocookie.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    images3.wikia.nocookie.net
    IN A
    Response
    images3.wikia.nocookie.net
    IN CNAME
    wikia.nocookie.net
    wikia.nocookie.net
    IN A
    74.120.188.194
    wikia.nocookie.net
    IN A
    74.120.188.204
  • flag-us
    DNS
    www.mummybird.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.mummybird.com
    IN A
    Response
    www.mummybird.com
    IN CNAME
    parkingpage.namecheap.com
    parkingpage.namecheap.com
    IN A
    91.195.240.19
  • flag-us
    DNS
    i.ytimg.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i.ytimg.com
    IN A
    Response
    i.ytimg.com
    IN A
    172.217.169.22
    i.ytimg.com
    IN A
    142.250.179.246
    i.ytimg.com
    IN A
    142.250.180.22
    i.ytimg.com
    IN A
    142.250.187.214
    i.ytimg.com
    IN A
    142.250.187.246
    i.ytimg.com
    IN A
    142.250.178.22
    i.ytimg.com
    IN A
    172.217.16.246
    i.ytimg.com
    IN A
    142.250.200.22
    i.ytimg.com
    IN A
    142.250.200.54
    i.ytimg.com
    IN A
    216.58.201.118
    i.ytimg.com
    IN A
    216.58.204.86
  • flag-us
    DNS
    images1.wikia.nocookie.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    images1.wikia.nocookie.net
    IN A
    Response
    images1.wikia.nocookie.net
    IN CNAME
    wikia.nocookie.net
    wikia.nocookie.net
    IN A
    74.120.188.194
    wikia.nocookie.net
    IN A
    74.120.188.204
  • flag-us
    DNS
    viralvideopalace.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    viralvideopalace.com
    IN A
    Response
    viralvideopalace.com
    IN A
    117.50.32.166
  • flag-us
    DNS
    cps-static.rovicorp.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cps-static.rovicorp.com
    IN A
    Response
    cps-static.rovicorp.com
    IN CNAME
    d3871tx5qq6rdv.cloudfront.net
    d3871tx5qq6rdv.cloudfront.net
    IN A
    18.154.84.69
    d3871tx5qq6rdv.cloudfront.net
    IN A
    18.154.84.22
    d3871tx5qq6rdv.cloudfront.net
    IN A
    18.154.84.56
    d3871tx5qq6rdv.cloudfront.net
    IN A
    18.154.84.46
  • flag-de
    GET
    http://www.mummybird.com/wp-content/uploads/2012/12/Annoyingorange.jpg
    IEXPLORE.EXE
    Remote address:
    91.195.240.19:80
    Request
    GET /wp-content/uploads/2012/12/Annoyingorange.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.mummybird.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 441
    date: Thu, 16 May 2024 17:40:15 GMT
    content-length: 0
    server: NginX
  • flag-gb
    GET
    https://i3.ytimg.com/vi/29SmMkD15IQ/default.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.187.238:443
    Request
    GET /vi/29SmMkD15IQ/default.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i3.ytimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Type: image/jpeg
    Vary: Origin
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Timing-Allow-Origin: *
    Content-Length: 4743
    Date: Thu, 16 May 2024 17:40:15 GMT
    Expires: Thu, 16 May 2024 19:40:15 GMT
    Cache-Control: public, max-age=7200
    ETag: "0"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-de
    GET
    http://images1.wikia.nocookie.net/__cb20110410170832/annoyingorange/images/e/ee/MarshmallowandGL.jpg
    IEXPLORE.EXE
    Remote address:
    74.120.188.194:80
    Request
    GET /__cb20110410170832/annoyingorange/images/e/ee/MarshmallowandGL.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: images1.wikia.nocookie.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Thu, 16 May 2024 17:40:15 GMT
    surrogate-key: 490c86d6d95ad11f7a3d3fe55b2e2c13714dcaf2 wiki-annoyingorange thumblr original
    content-disposition: inline; filename="MarshmallowandGL.jpg"; filename*=UTF-8''MarshmallowandGL.jpg
    content-type: image/jpeg
    etag: "ZFVTypagbvYO68IjUaFduA=="
    x-thumbnailer: Thumblr
    access-control-allow-origin: *
    access-control-allow-headers: Range
    nel: {"report_to":"nel","max_age":604800,"failure_fraction":0.01}
    report-to: {"group":"nel","endpoints":[{"url":"https://services.fandom.com/browser-errors/report"}],"max_age":604800,"include_subdomains":true}
    content-length: 53229
    x-envoy-upstream-service-time: 150
    server: envoy
    x-cacheable: YES
    age: 0
    accept-ranges: bytes
    vary: Accept
    x-cache: ORIGIN, MISS
    timing-allow-origin: *
    cache-control: max-age=31536000, public
    x-served-by: thumblr-775f457df5-5hh9n, wk-cdn-f4
    x-cache-hits: ORIGIN, 0
  • flag-gb
    GET
    http://cps-static.rovicorp.com/3/JPG_250/MI0000/250/MI0000250205.jpg
    IEXPLORE.EXE
    Remote address:
    18.154.84.69:80
    Request
    GET /3/JPG_250/MI0000/250/MI0000250205.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cps-static.rovicorp.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 500 Internal Server Error
    Content-Length: 0
    Connection: keep-alive
    Date: Thu, 16 May 2024 17:40:15 GMT
    X-Cache: Error from cloudfront
    Via: 1.1 b5b5baa612277fa88b1394293a4008fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR5-P7
    X-Amz-Cf-Id: XUArfq5Z-oKJXjdRIQNoQjB5ex63X2TgBHQK9yr1ZoiroJ3UABPvYA==
  • flag-de
    DNS
    IEXPLORE.EXE
    Remote address:
    74.120.188.194:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-de
    GET
    http://images3.wikia.nocookie.net/__cb20120116224621/annoyingorangefanon/images/thumb/a/a3/Marshmallow_and_midget_apple.jpg/640px-Marshmallow_and_midget_apple.jpg
    IEXPLORE.EXE
    Remote address:
    74.120.188.194:80
    Request
    GET /__cb20120116224621/annoyingorangefanon/images/thumb/a/a3/Marshmallow_and_midget_apple.jpg/640px-Marshmallow_and_midget_apple.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: images3.wikia.nocookie.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Thu, 16 May 2024 17:40:15 GMT
    surrogate-key: 027c063eb7a78f1412027244874b5d4aff379f88 wiki-annoyingorangefanon thumblr scale-to-width v:d66159c8
    content-disposition: inline; filename="Marshmallow_and_midget_apple.jpg"; filename*=UTF-8''Marshmallow_and_midget_apple.jpg
    content-type: image/jpeg
    etag: "iqFt/dybMgQcONMeVMg39Q=="
    x-thumbnailer: Thumblr
    access-control-allow-origin: *
    access-control-allow-headers: Range
    nel: {"report_to":"nel","max_age":604800,"failure_fraction":0.01}
    report-to: {"group":"nel","endpoints":[{"url":"https://services.fandom.com/browser-errors/report"}],"max_age":604800,"include_subdomains":true}
    content-length: 11738
    x-envoy-upstream-service-time: 101
    x-cacheable: YES
    age: 0
    accept-ranges: bytes
    vary: Accept
    x-cache: ORIGIN, MISS
    timing-allow-origin: *
    cache-control: max-age=31536000, public
    x-served-by: thumblr-775f457df5-k9499, wk-cdn-f1
    x-cache-hits: ORIGIN, 0
  • flag-de
    DNS
    IEXPLORE.EXE
    Remote address:
    91.195.240.19:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-de
    DNS
    IEXPLORE.EXE
    Remote address:
    74.120.188.194:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-gb
    GET
    http://4.bp.blogspot.com/_MxWcXkA8tzc/SqKqtF1XshI/AAAAAAAAAgA/eFCmXIkRxlw/s320/100_4244.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /_MxWcXkA8tzc/SqKqtF1XshI/AAAAAAAAAgA/eFCmXIkRxlw/s320/100_4244.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 4.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Vary: Origin
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    ETag: "v200"
    Expires: Fri, 17 May 2024 17:40:15 GMT
    Cache-Control: public, max-age=86400, no-transform
    Content-Disposition: inline;filename="100_4244.jpg"
    X-Content-Type-Options: nosniff
    Date: Thu, 16 May 2024 17:40:15 GMT
    Server: fife
    Content-Length: 17535
    X-XSS-Protection: 0
  • flag-gb
    GET
    http://i.ytimg.com/vi/nmtbjiW0jlA/0.jpg
    IEXPLORE.EXE
    Remote address:
    172.217.169.22:80
    Request
    GET /vi/nmtbjiW0jlA/0.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.ytimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Vary: Origin
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Type: image/jpeg
    Date: Thu, 16 May 2024 17:40:15 GMT
    Expires: Thu, 16 May 2024 17:40:45 GMT
    Cache-Control: public, max-age=30
    X-Content-Type-Options: nosniff
    Server: sffe
    Content-Length: 1097
    X-XSS-Protection: 0
  • flag-gb
    GET
    http://i.ytimg.com/vi/vND5bRTalBk/0.jpg
    IEXPLORE.EXE
    Remote address:
    172.217.169.22:80
    Request
    GET /vi/vND5bRTalBk/0.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.ytimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Type: image/jpeg
    Vary: Origin
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Timing-Allow-Origin: *
    Content-Length: 11906
    Date: Thu, 16 May 2024 17:40:15 GMT
    Expires: Thu, 16 May 2024 19:40:15 GMT
    Cache-Control: public, max-age=7200
    ETag: "1318788663"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
  • flag-us
    GET
    http://www.bbtoystore.com/mm5/license2play/AYO_CF_15078-marshmallow.jpg
    IEXPLORE.EXE
    Remote address:
    216.188.19.50:80
    Request
    GET /mm5/license2play/AYO_CF_15078-marshmallow.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.bbtoystore.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Thu, 16 May 2024 17:40:15 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 348
    Connection: keep-alive
    Location: https://www.bbtoystore.com/mm5/license2play/AYO_CF_15078-marshmallow.jpg
    X-Powered-By: PleskLin
  • 91.195.240.19:80
    http://www.mummybird.com/wp-content/uploads/2012/12/Annoyingorange.jpg
    http
    IEXPLORE.EXE
    908 B
     344 B
     13
    4

    HTTP Request

    GET http://www.mummybird.com/wp-content/uploads/2012/12/Annoyingorange.jpg

    HTTP Response

    441
  • 142.250.187.238:443
    https://i3.ytimg.com/vi/29SmMkD15IQ/default.jpg
    tls, http
    IEXPLORE.EXE
    1.3kB
     13.1kB
     15
    17

    HTTP Request

    GET https://i3.ytimg.com/vi/29SmMkD15IQ/default.jpg

    HTTP Response

    200
  • 74.120.188.194:80
    http://images1.wikia.nocookie.net/__cb20110410170832/annoyingorange/images/e/ee/MarshmallowandGL.jpg
    http
    IEXPLORE.EXE
    1.6kB
     56.0kB
     27
    45

    HTTP Request

    GET http://images1.wikia.nocookie.net/__cb20110410170832/annoyingorange/images/e/ee/MarshmallowandGL.jpg

    HTTP Response

    200
  • 18.154.84.69:80
    http://cps-static.rovicorp.com/3/JPG_250/MI0000/250/MI0000250205.jpg
    http
    IEXPLORE.EXE
    590 B
     842 B
     6
    5

    HTTP Request

    GET http://cps-static.rovicorp.com/3/JPG_250/MI0000/250/MI0000250205.jpg

    HTTP Response

    500
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 74.120.188.194:80
    images1.wikia.nocookie.net
    http
    IEXPLORE.EXE
    236 B
     405 B
     5
    4

    HTTP Response

    408
  • 74.120.188.194:80
    http://images3.wikia.nocookie.net/__cb20120116224621/annoyingorangefanon/images/thumb/a/a3/Marshmallow_and_midget_apple.jpg/640px-Marshmallow_and_midget_apple.jpg
    http
    IEXPLORE.EXE
    908 B
     13.3kB
     11
    14

    HTTP Request

    GET http://images3.wikia.nocookie.net/__cb20120116224621/annoyingorangefanon/images/thumb/a/a3/Marshmallow_and_midget_apple.jpg/640px-Marshmallow_and_midget_apple.jpg

    HTTP Response

    200
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 91.195.240.19:80
    www.mummybird.com
    http
    IEXPLORE.EXE
    236 B
     361 B
     5
    3

    HTTP Response

    408
  • 142.250.187.238:443
    i3.ytimg.com
    tls
    IEXPLORE.EXE
    743 B
     7.3kB
     10
    10
  • 142.250.180.1:80
    4.bp.blogspot.com
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 74.120.188.194:80
    images1.wikia.nocookie.net
    http
    IEXPLORE.EXE
    236 B
     405 B
     5
    4

    HTTP Response

    408
  • 18.154.84.69:80
    cps-static.rovicorp.com
    IEXPLORE.EXE
    466 B
     92 B
     10
    2
  • 142.250.180.1:80
    http://4.bp.blogspot.com/_MxWcXkA8tzc/SqKqtF1XshI/AAAAAAAAAgA/eFCmXIkRxlw/s320/100_4244.jpg
    http
    IEXPLORE.EXE
    929 B
     18.7kB
     13
    17

    HTTP Request

    GET http://4.bp.blogspot.com/_MxWcXkA8tzc/SqKqtF1XshI/AAAAAAAAAgA/eFCmXIkRxlw/s320/100_4244.jpg

    HTTP Response

    200
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 172.217.169.22:80
    http://i.ytimg.com/vi/nmtbjiW0jlA/0.jpg
    http
    IEXPLORE.EXE
    555 B
     1.6kB
     6
    5

    HTTP Request

    GET http://i.ytimg.com/vi/nmtbjiW0jlA/0.jpg

    HTTP Response

    404
  • 172.217.169.22:80
    http://i.ytimg.com/vi/vND5bRTalBk/0.jpg
    http
    IEXPLORE.EXE
    785 B
     13.0kB
     11
    13

    HTTP Request

    GET http://i.ytimg.com/vi/vND5bRTalBk/0.jpg

    HTTP Response

    200
  • 216.188.19.50:80
    http://www.bbtoystore.com/mm5/license2play/AYO_CF_15078-marshmallow.jpg
    http
    IEXPLORE.EXE
    587 B
     844 B
     6
    5

    HTTP Request

    GET http://www.bbtoystore.com/mm5/license2play/AYO_CF_15078-marshmallow.jpg

    HTTP Response

    301
  • 216.188.19.50:80
    www.bbtoystore.com
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 117.50.32.166:80
    viralvideopalace.com
    IEXPLORE.EXE
    152 B
     3
  • 117.50.32.166:80
    viralvideopalace.com
    IEXPLORE.EXE
    152 B
     3
  • 216.188.19.50:443
    www.bbtoystore.com
    tls
    IEXPLORE.EXE
    399 B
     219 B
     5
    5
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 216.188.19.50:443
    www.bbtoystore.com
    tls
    IEXPLORE.EXE
    361 B
     219 B
     5
    5
  • 216.188.19.50:443
    www.bbtoystore.com
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 216.188.19.50:443
    www.bbtoystore.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 117.50.32.166:80
    viralvideopalace.com
    IEXPLORE.EXE
    152 B
     3
  • 117.50.32.166:80
    viralvideopalace.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.7kB
     10
    13
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    152 B
     3
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    52 B
     1
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    52 B
     1
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    52 B
     1
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    52 B
     1
  • 166.62.25.253:80
    www.textilepeople.com
    IEXPLORE.EXE
    52 B
     1
  • 8.8.8.8:53
    textilepeople.com
    dns
    IEXPLORE.EXE
    63 B
     79 B
     1
    1

    DNS Request

    textilepeople.com

    DNS Response

    166.62.25.253

  • 8.8.8.8:53
    www.textilepeople.com
    dns
    IEXPLORE.EXE
    67 B
     97 B
     1
    1

    DNS Request

    www.textilepeople.com

    DNS Response

    166.62.25.253

  • 8.8.8.8:53
    4.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
     124 B
     1
    1

    DNS Request

    4.bp.blogspot.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    i3.ytimg.com
    dns
    IEXPLORE.EXE
    58 B
     74 B
     1
    1

    DNS Request

    i3.ytimg.com

    DNS Response

    142.250.187.238

  • 8.8.8.8:53
    www.bbtoystore.com
    dns
    IEXPLORE.EXE
    64 B
     80 B
     1
    1

    DNS Request

    www.bbtoystore.com

    DNS Response

    216.188.19.50

  • 8.8.8.8:53
    images3.wikia.nocookie.net
    dns
    IEXPLORE.EXE
    72 B
     118 B
     1
    1

    DNS Request

    images3.wikia.nocookie.net

    DNS Response

    74.120.188.194
    74.120.188.204

  • 8.8.8.8:53
    www.mummybird.com
    dns
    IEXPLORE.EXE
    63 B
     115 B
     1
    1

    DNS Request

    www.mummybird.com

    DNS Response

    91.195.240.19

  • 8.8.8.8:53
    i.ytimg.com
    dns
    IEXPLORE.EXE
    57 B
     233 B
     1
    1

    DNS Request

    i.ytimg.com

    DNS Response

    172.217.169.22
    142.250.179.246
    142.250.180.22
    142.250.187.214
    142.250.187.246
    142.250.178.22
    172.217.16.246
    142.250.200.22
    142.250.200.54
    216.58.201.118
    216.58.204.86

  • 8.8.8.8:53
    images1.wikia.nocookie.net
    dns
    IEXPLORE.EXE
    72 B
     118 B
     1
    1

    DNS Request

    images1.wikia.nocookie.net

    DNS Response

    74.120.188.194
    74.120.188.204

  • 8.8.8.8:53
    viralvideopalace.com
    dns
    IEXPLORE.EXE
    66 B
     82 B
     1
    1

    DNS Request

    viralvideopalace.com

    DNS Response

    117.50.32.166

  • 8.8.8.8:53
    cps-static.rovicorp.com
    dns
    IEXPLORE.EXE
    69 B
     176 B
     1
    1

    DNS Request

    cps-static.rovicorp.com

    DNS Response

    18.154.84.69
    18.154.84.22
    18.154.84.56
    18.154.84.46

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d9bdf60a855e2a543fe0e454e9abcf0

    SHA1

    3ddddebac5556392f1d13bb07ffe7662c1722b54

    SHA256

    6e7cbc9afffff8d7bc71fbc4e80895e6877fc2192cd138b18a5f683e5a25c15c

    SHA512

    a4ff271ac7aecddafdb10d34ba00e81a7fd7332b0072465f1c4dd0f4841871bb522a825f4cf3dcc5e2d73226a1f4df9cd89ac0fd0fc8c3bbe67ffe64db928448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1dc9dacf90de8e62245208d9882e298

    SHA1

    c81d0059edf8380a5f27908836a6e3e4d8e4a1c3

    SHA256

    b255d038e7c5b63d04dda4d4d46a5338a97683ef2307299c3f1f8543c27feaf9

    SHA512

    30382a11c81051e5090a7877680c1567c021789b39371e5e8d70ebc65581faf3836d2aa29b43399f162c0d8a632adc71f34867cfd295cb44e77918e157cf967d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6502b5310c79a555f8396ee5d96b61d

    SHA1

    23cdbd12243eae56223df0a2533cb180411601f0

    SHA256

    ccdd0f7c71b79eece01b2429863b3b64002d2e7e142ee3eac29959e0d8e92000

    SHA512

    3a0ac341447568811cd7442304e2c06f51e37512f7a43573c5400c0ce616d064bb8a258bdfa32251dc24d871074d8c9b283e8e64ba5ff69d2762d1224e32db2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d663b79ee763036a2381a5a4c8e964e0

    SHA1

    c02d95040e175d1603236408911089ba62fd1c38

    SHA256

    9ae4e2446eeaaa5a488e0011adc5570763755b9868de6e60d2bc29d4cd5567dd

    SHA512

    367df67036c1717cf1577ae72cb01a7f8ec61dec040b002e951ab862f03f7cec1c6befec53aa6dab3c8de01dbb5c334d2ea370a6547858b9c45e47d065535c28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    455a033f9c2267c991e288b9e926e105

    SHA1

    fadd9421e318eb2bf7a550ed70abe54f6f8b27d7

    SHA256

    f0ec2dd13eab19dd7cc2bf522e37bca0ee02df001c4aa277e4e056b927e5e68d

    SHA512

    0b1ef2d1942ff1ccb1fe0e3311deda21882a936c031f748e2adb1fefc7d4fd2f4266a377847069666167ce5eb09d1802e00ef4c593a667748cf0621cd6fb0d4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66a966011a009c81328c4840c148ed6c

    SHA1

    6bba6b58fd3c6dddf8b666aa3c372d40fc82e59f

    SHA256

    4e9e8dd606aecb9e277be3c26ecb0fd113343485c0948ec8ab6018bba012fa36

    SHA512

    ed79ed0958aa9bb001e78f9f4cdbb17069deb8b989dfb45dea51087afdd5cf947889b7dfa2f119d21e33fb61a0cb4215c59fae46b697f14a3b35abb4e8c63753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d71bcc97ab6bdafc1df834782e48609

    SHA1

    42aece49fae8c224d7ae274512614d119aff48cc

    SHA256

    f176438654bee907506c929f1b7ba260ecaeeb7bed76017fb00a0c2a9f7d621a

    SHA512

    b890276d6e15047a6f0f3a69797c9633e61d13dc894f7cabd10f1156dd8849d66220886bb4cc5429ead94d66e0f6b799d22afbf1fc5e6f1fd1f4f1d8fd13985d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddb51ea1763c67b7f089426e1864f253

    SHA1

    cf7078d770815214462bcdacf7d79765d452bdac

    SHA256

    13c58eb1bc2eccb5250d9f9d99e1ed5d3d21dc75b314e15bc1d3e4afb492c7f0

    SHA512

    56b4bdb81428f27f1489d6cadb4bfa403fb364728d6503432d5c01db0c72d6454876259ff7eb5c1ed3b8190f67fe741eb9f46285e10f18dcc30e646dab62fb36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c5843749ca9bc112c2aacdf98dd2a7fb

    SHA1

    6de2eb11ad0c199a29b0347cb751be9aaf8ddc36

    SHA256

    e6f80462758820a35c90726ff0a5893f5b13850ec25f1b488340627538535b24

    SHA512

    d30b81489b522fa100541ccadda05ff362272724e1e6ab1c6553afb66f712ed23fcd0ab02c49589683edf14b2fd195490636aa095ed8a8a73b4c2cbe4ad3b243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d30c681e32a5dab3dacde6e3854e4e0

    SHA1

    0b35c60c7b3ad7aeed117b260d9dc11bbcb94d74

    SHA256

    fc6b9dfc3e53849a118aff3cbfddf5aeee53356895ed1a2116bc27f92a51a7c1

    SHA512

    3a1fb5fe2493c3927709d8eab348dd105b44b1e038c562f79f6e508ca383c94f0caa04172a6ae85a37f43eb0148c34cd9b472e6da11d13c21b3c45ff4e4fb1e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1872.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1871.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.