7c2c89db222656e505ec32d69ee9bc2aa484e84435e31c66cc5e43b25f28290e

Analysis

max time kernel
141s
max time network
142s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 08:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

800b76c7cac6c70a522cccd41005f303_JaffaCakes118.html
Size

34KB
MD5

800b76c7cac6c70a522cccd41005f303
SHA1

c3318e41ff878d621e1ae7750e7d734ef526e970
SHA256

7c2c89db222656e505ec32d69ee9bc2aa484e84435e31c66cc5e43b25f28290e
SHA512

b1c5634a490ffc7b4fec2ef0993aec1f17cae1de67b2466ecebbf177f92681a4263460b1ceb1fddcec8974a2c044b94c591c19c406ea06c2f67482e9974df90c
SSDEEP

768:BlZ6uhDD6yQQeQPjW5/ixOmyq3i4sOwMQNSAIV2riISEVPgOrM68:BS+DD6yQQecWuwNNdY2GoI68

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000389cbadf03cd5f77f95cdabf4d16bfd12f20ea3ef039b70e651c370dbd32f473000000000e8000000002000020000000ba930502b208d9a5f3e053a15125fd84e9a0480e94af91888bd4a30a020aba5d90000000cdc9e1aedcb59e1cab3f5621f66f15ed6bb1411394b6656c2f4cc32b42b1b4ca73a966fb0158893aa83815a9674b9478d5b5a39bd475f802cb16ca18776c04cd31e29d84acaebb8153f9743304598e92489aeed24a3bb1837c6bdccf975a796ffd2530f27ccfafaeb5f3815e4c1eb3718aa7883d75a1fdd9607f642eb0912a8868bd53ccccd7fbfd6888c36f9be65bef40000000786f2d99323933ea32b764b375bd20bf60a59bf9b28ab49a868896d3199e0fed715f349d314c1dfea4be56d558686db7fcf03a52b01e4834a9b5086a960c0e6b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000914cd01614e6a6addd322b67f5b4b2d3480f405ae7a5cd776618d09922cc286c000000000e8000000002000020000000559737ff8d59e03c94358cefffae680ac70ee97b71e0993335c3f300f5b5092620000000ddeb960cbef78f1b04c107254f2f347bd76b4eb10127fe99546cc00511dee3f140000000a30caed1be614c409faa89ddc14b36d7aecc96f3e4906d2fd02935a022846a9a4b336f840fffc80597c0cea8c5e8604f7ca535283382acc1b3a8e8fbbff378b1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04212299fb1da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423131845"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5366A001-1D92-11EF-91AC-F2A35BA0AE8D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2612	2748	iexplore.exe	28
PID 2748 wrote to memory of 2612	2748	iexplore.exe	28
PID 2748 wrote to memory of 2612	2748	iexplore.exe	28
PID 2748 wrote to memory of 2612	2748	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\800b76c7cac6c70a522cccd41005f303_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

DNS

link.biz.pl

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

link.biz.pl

IN A

Response

link.biz.pl

IN A

178.211.137.184
GET

http://link.biz.pl/wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law.js?ver=3.9.1

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law.js?ver=3.9.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.3

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.3 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/themes/techozoic-fluid/style.css

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/themes/techozoic-fluid/style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-includes/js/jquery/jquery.js?ver=1.11.0

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-includes/js/jquery/jquery.js?ver=1.11.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law-style.css?ver=3.9.1

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law-style.css?ver=3.9.1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/themes/techozoic-fluid/css/mobile.css?ver=0.1

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/themes/techozoic-fluid/css/mobile.css?ver=0.1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://link.biz.pl/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.3

IEXPLORE.EXE

Remote address:

178.211.137.184:80

Request

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.3 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link.biz.pl
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:19 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

ads.voipnewswire.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ads.voipnewswire.net

IN A

Response
DNS

examhome.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

examhome.net

IN A

Response

examhome.net

IN A

103.224.212.214
DNS

www.learningtoolkit.club

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.learningtoolkit.club

IN A

Response

www.learningtoolkit.club

IN A

199.59.243.225
GET

https://www.learningtoolkit.club/link.php?zzz=4

IEXPLORE.EXE

Remote address:

199.59.243.225:443

Request

GET /link.php?zzz=4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.learningtoolkit.club
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 29 May 2024 08:06:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1106
X-Request-Id: dd1f0c1a-2119-42bb-a532-d7b501203c3d
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_uUAtDhY8Cdk+S2C1dxPVm+Ex5BVbIqYLtYzkVzw9e4kXfk0+90qCbLfJ11gsMRb0pt0ot+alM6z3XlKknjj+kA==
Set-Cookie: parking_session=dd1f0c1a-2119-42bb-a532-d7b501203c3d; expires=Wed, 29 May 2024 08:21:20 GMT; path=/
Connection: close
GET

https://examhome.net/stat.js?v=1.0.2

IEXPLORE.EXE

Remote address:

103.224.212.214:443

Request

GET /stat.js?v=1.0.2 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: examhome.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

date: Wed, 29 May 2024 08:06:20 GMT
server: Apache
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
DNS

IEXPLORE.EXE

Remote address:

103.224.212.214:443

Response

HTTP/1.1 408 Request Time-out

content-length: 110
cache-control: no-cache
content-type: text/html
connection: close
DNS

x2.i.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.i.lencr.org

IN A

Response

x2.i.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
DNS

x2.i.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.i.lencr.org

IN A

Response

x2.i.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
GET

http://x2.i.lencr.org/

IEXPLORE.EXE

Remote address:

23.55.97.11:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x2.i.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:55 GMT
ETag: "64cd6653-464"
Content-Disposition: attachment; filename="ISRG Root X2 signed by ISRG Root X1.der"
Cache-Control: max-age=3600
Expires: Wed, 29 May 2024 09:06:19 GMT
Date: Wed, 29 May 2024 08:06:19 GMT
Content-Length: 1124
Connection: keep-alive
GET

http://x2.i.lencr.org/

IEXPLORE.EXE

Remote address:

23.55.97.11:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x2.i.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:55 GMT
ETag: "64cd6653-464"
Content-Disposition: attachment; filename="ISRG Root X2 signed by ISRG Root X1.der"
Cache-Control: max-age=3600
Expires: Wed, 29 May 2024 09:06:19 GMT
Date: Wed, 29 May 2024 08:06:19 GMT
Content-Length: 1124
Connection: keep-alive
DNS

x2.c.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
DNS

x2.c.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.55.97.11
GET

http://x2.c.lencr.org/

IEXPLORE.EXE

Remote address:

23.55.97.11:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 12 Feb 2024 22:07:27 GMT
ETag: "65ca969f-12b"
Cache-Control: max-age=3600
Expires: Wed, 29 May 2024 09:06:20 GMT
Date: Wed, 29 May 2024 08:06:20 GMT
Content-Length: 299
Connection: keep-alive
GET

http://x2.c.lencr.org/

IEXPLORE.EXE

Remote address:

23.55.97.11:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 12 Feb 2024 22:07:27 GMT
ETag: "65ca969f-12b"
Cache-Control: max-age=3600
Expires: Wed, 29 May 2024 09:06:20 GMT
Date: Wed, 29 May 2024 08:06:20 GMT
Content-Length: 299
Connection: keep-alive
DNS

e1.o.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

e1.o.lencr.org

IN A

Response

e1.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

23.63.101.170

a1887.dscq.akamai.net

IN A

23.63.101.153
DNS

e1.o.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

e1.o.lencr.org

IN A

Response

e1.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

23.63.101.170

a1887.dscq.akamai.net

IN A

23.63.101.153
GET

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

IEXPLORE.EXE

Remote address:

23.63.101.170:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: e1.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BAD3750DB73B322256758781A6300C6F6504F9BC32BB8D3EE8DFABA8AA5ACF42"
Last-Modified: Tue, 28 May 2024 18:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6829
Expires: Wed, 29 May 2024 10:00:09 GMT
Date: Wed, 29 May 2024 08:06:20 GMT
Connection: keep-alive
GET

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

IEXPLORE.EXE

Remote address:

23.63.101.170:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: e1.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BAD3750DB73B322256758781A6300C6F6504F9BC32BB8D3EE8DFABA8AA5ACF42"
Last-Modified: Tue, 28 May 2024 18:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6930
Expires: Wed, 29 May 2024 10:01:50 GMT
Date: Wed, 29 May 2024 08:06:20 GMT
Connection: keep-alive
DNS

forwardmytraffic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

forwardmytraffic.com

IN A

Response

forwardmytraffic.com

IN A

142.132.202.70
DNS

saskmade.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saskmade.net

IN A

Response

saskmade.net

IN A

104.21.32.125

saskmade.net

IN A

172.67.151.247
DNS

blueeyeswebsite.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

blueeyeswebsite.com

IN A

Response

blueeyeswebsite.com

IN A

172.67.211.195

blueeyeswebsite.com

IN A

104.21.85.224
GET

https://saskmade.net/head.js?ver=1.0.0

IEXPLORE.EXE

Remote address:

104.21.32.125:443

Request

GET /head.js?ver=1.0.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saskmade.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 May 2024 08:06:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: max-age=14400, must-revalidate
Link: <https://saskmade.net/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJiaGlSwn5U5H3Qt7w3aQ50Ze%2FpHcEIh3uAQOfv4BOGxQ9IaJnif4htim267EfGeWM584R%2BS8xFt%2Fkgt%2FwY9595vOUBpfFs13tQ%2BK%2F1K9UDJ%2BmI21KKLXo6NjWsjm4c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88b4fc0ad9ce60e1-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://blueeyeswebsite.com/ad.js?t1

IEXPLORE.EXE

Remote address:

172.67.211.195:443

Request

GET /ad.js?t1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: blueeyeswebsite.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 29 May 2024 08:06:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Bpx-Id: 1716969981074614145-3-37713-97-33
Last-Modified: Wed, 20 Mar 2024 08:58:49 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: BYPASS
Set-Cookie: BPX-STICKY-SESSION=97; Path=/; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2vH4lbZ5J71qS5ec3Jrys1YQmib%2F%2BiQLHBuYbSeghO6%2B3Mi%2FLAN6qnKR8htEipYY%2FS30ETMPbzWghafAVi%2FFs6g7xyEjX17wACUfhNlgYzeeB4WtHADRpKm2rGCnVEJ5xE%2F49LQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88b4fc0add883858-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

cdnwebsiteforyou.biz

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnwebsiteforyou.biz

IN A

Response
DNS

link2.nazwa.pl

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

link2.nazwa.pl

IN A

Response

link2.nazwa.pl

IN A

85.128.128.104
GET

http://link2.nazwa.pl/L2014/wp-content/themes/techozoic-fluid/images/headers/Grunge.jpg

IEXPLORE.EXE

Remote address:

85.128.128.104:80

Request

GET /L2014/wp-content/themes/techozoic-fluid/images/headers/Grunge.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: link2.nazwa.pl
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 29 May 2024 08:06:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-CDN-nazwa.pl-location: WAW
X-CDN-nazwa.pl-policyused: cdn=1209600
X-CDN-nazwa.pl-cache: MISS
Server: Apache/2
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194

178.211.137.184:80

http://link.biz.pl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1

http

IEXPLORE.EXE

1.2kB
1.2kB
13
5

HTTP Request

GET http://link.biz.pl/wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law.js?ver=3.9.1

HTTP Response

404

HTTP Request

GET http://link.biz.pl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1

HTTP Response

404
178.211.137.184:80

http://link.biz.pl/wp-content/themes/techozoic-fluid/style.css

http

IEXPLORE.EXE

1.1kB
1.2kB
13
5

HTTP Request

GET http://link.biz.pl/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.3

HTTP Response

404

HTTP Request

GET http://link.biz.pl/wp-content/themes/techozoic-fluid/style.css

HTTP Response

404
178.211.137.184:80

http://link.biz.pl/wp-includes/js/jquery/jquery.js?ver=1.11.0

http

IEXPLORE.EXE

1.2kB
1.2kB
13
5

HTTP Request

GET http://link.biz.pl/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20

HTTP Response

404

HTTP Request

GET http://link.biz.pl/wp-includes/js/jquery/jquery.js?ver=1.11.0

HTTP Response

404
178.211.137.184:80

http://link.biz.pl/wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law-style.css?ver=3.9.1

http

IEXPLORE.EXE

856 B
690 B
12
4

HTTP Request

GET http://link.biz.pl/wp-content/plugins/pronamic-cookies/assets/pronamic-cookie-law-style.css?ver=3.9.1

HTTP Response

404
178.211.137.184:80

http://link.biz.pl/wp-content/themes/techozoic-fluid/css/mobile.css?ver=0.1

http

IEXPLORE.EXE

882 B
1.2kB
13
5

HTTP Request

GET http://link.biz.pl/wp-content/themes/techozoic-fluid/css/mobile.css?ver=0.1

HTTP Response

404
178.211.137.184:80

http://link.biz.pl/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.3

http

IEXPLORE.EXE

912 B
1.2kB
13
5

HTTP Request

GET http://link.biz.pl/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.3

HTTP Response

404
199.59.243.225:443

https://www.learningtoolkit.club/link.php?zzz=4

tls, http

IEXPLORE.EXE

1.2kB
4.9kB
13
12

HTTP Request

GET https://www.learningtoolkit.club/link.php?zzz=4

HTTP Response

200
199.59.243.225:443

www.learningtoolkit.club

tls

IEXPLORE.EXE

1.0kB
2.8kB
16
8
103.224.212.214:443

https://examhome.net/stat.js?v=1.0.2

tls, http

IEXPLORE.EXE

1.1kB
5.8kB
10
10

HTTP Request

GET https://examhome.net/stat.js?v=1.0.2

HTTP Response

404
103.224.212.214:443

examhome.net

tls, http

IEXPLORE.EXE

783 B
5.6kB
10
9

HTTP Response

408
23.55.97.11:80

http://x2.i.lencr.org/

http

IEXPLORE.EXE

344 B
1.7kB
5
4

HTTP Request

GET http://x2.i.lencr.org/

HTTP Response

200
23.55.97.11:80

http://x2.i.lencr.org/

http

IEXPLORE.EXE

344 B
1.7kB
5
4

HTTP Request

GET http://x2.i.lencr.org/

HTTP Response

200
23.55.97.11:80

http://x2.c.lencr.org/

http

IEXPLORE.EXE

344 B
720 B
5
3

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
23.55.97.11:80

http://x2.c.lencr.org/

http

IEXPLORE.EXE

396 B
1.3kB
6
4

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
23.63.101.170:80

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

http

IEXPLORE.EXE

518 B
1.6kB
6
4

HTTP Request

GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

HTTP Response

200
23.63.101.170:80

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

http

IEXPLORE.EXE

518 B
1.6kB
6
4

HTTP Request

GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgSKcuNrhKjkUw6oFMJqYm76oA%3D%3D

HTTP Response

200
104.21.32.125:443

https://saskmade.net/head.js?ver=1.0.0

tls, http

IEXPLORE.EXE

1.6kB
14.8kB
21
22

HTTP Request

GET https://saskmade.net/head.js?ver=1.0.0

HTTP Response

404
172.67.211.195:443

https://blueeyeswebsite.com/ad.js?t1

tls, http

IEXPLORE.EXE

1.1kB
8.5kB
12
14

HTTP Request

GET https://blueeyeswebsite.com/ad.js?t1

HTTP Response

200
172.67.211.195:443

blueeyeswebsite.com

tls

IEXPLORE.EXE

774 B
5.7kB
10
9
104.21.32.125:443

saskmade.net

tls

IEXPLORE.EXE

819 B
5.8kB
11
10
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

401 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

401 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

363 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

363 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

288 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

tls

IEXPLORE.EXE

288 B
219 B
5
5
142.132.202.70:443

forwardmytraffic.com

IEXPLORE.EXE

190 B
92 B
4
2
142.132.202.70:443

forwardmytraffic.com

IEXPLORE.EXE

190 B
92 B
4
2
85.128.128.104:80

http://link2.nazwa.pl/L2014/wp-content/themes/techozoic-fluid/images/headers/Grunge.jpg

http

IEXPLORE.EXE

879 B
2.0kB
12
5

HTTP Request

GET http://link2.nazwa.pl/L2014/wp-content/themes/techozoic-fluid/images/headers/Grunge.jpg

HTTP Response

200
85.128.128.104:80

link2.nazwa.pl

IEXPLORE.EXE

190 B
132 B
4
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
11

8.8.8.8:53

link.biz.pl

dns

IEXPLORE.EXE

57 B
73 B
1
1

DNS Request

link.biz.pl

DNS Response

178.211.137.184
8.8.8.8:53

ads.voipnewswire.net

dns

IEXPLORE.EXE

66 B
139 B
1
1

DNS Request

ads.voipnewswire.net
8.8.8.8:53

examhome.net

dns

IEXPLORE.EXE

58 B
74 B
1
1

DNS Request

examhome.net

DNS Response

103.224.212.214
8.8.8.8:53

www.learningtoolkit.club

dns

IEXPLORE.EXE

70 B
86 B
1
1

DNS Request

www.learningtoolkit.club

DNS Response

199.59.243.225
8.8.8.8:53

x2.i.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.i.lencr.org

DNS Response

23.55.97.11
8.8.8.8:53

x2.i.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.i.lencr.org

DNS Response

23.55.97.11
8.8.8.8:53

x2.c.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.55.97.11
8.8.8.8:53

x2.c.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.55.97.11
8.8.8.8:53

e1.o.lencr.org

dns

IEXPLORE.EXE

60 B
159 B
1
1

DNS Request

e1.o.lencr.org

DNS Response

23.63.101.170

23.63.101.153
8.8.8.8:53

e1.o.lencr.org

dns

IEXPLORE.EXE

60 B
159 B
1
1

DNS Request

e1.o.lencr.org

DNS Response

23.63.101.170

23.63.101.153
8.8.8.8:53

forwardmytraffic.com

dns

IEXPLORE.EXE

66 B
82 B
1
1

DNS Request

forwardmytraffic.com

DNS Response

142.132.202.70
8.8.8.8:53

saskmade.net

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

saskmade.net

DNS Response

104.21.32.125

172.67.151.247
8.8.8.8:53

blueeyeswebsite.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

blueeyeswebsite.com

DNS Response

172.67.211.195

104.21.85.224
8.8.8.8:53

cdnwebsiteforyou.biz

dns

IEXPLORE.EXE

66 B
128 B
1
1

DNS Request

cdnwebsiteforyou.biz
8.8.8.8:53

link2.nazwa.pl

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

link2.nazwa.pl

DNS Response

85.128.128.104
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
2ce08942ed58c67cfc5a3f1d57dc03a6

SHA1
1cf052f8f099092884f33f3b6734e4cb566cff83

SHA256
e9e604aec6e0baa795991286facd1e6cdec4bdd43622753049937e6f7bf9baa5

SHA512
998bc3cb7e82b57f8eb4a7710e383c84768aec12a59a86b3735096c7ae2ad57badffb216ece3be907e6514dc7d21a9581e63f42d600015c14ef2420e2d6a7ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c110969649a69e1b288ab66340f32299

SHA1
6b1e140dcde4be40f151153fe307ca445f7324d5

SHA256
3674e7832a8c24ada17d160e6accf79d3237c886b1b1ec0577bf57aa028b4f21

SHA512
4ffb8b618d9d732918fa817844f5f28e9713e827cefbfbedc19c6eecc8f9a18d9c5afa15b389c136f48417657d18044952f8ec2262006b200a319cb5b88a5438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a89655e8a1235e0d7b797a8295f0ea52

SHA1
e0fa6f4d206a1bf963ecf6a6c81a5b929e118e1e

SHA256
598752cf7b64d580831f6c1e54a9107ab09e9a193b8fdc9fb23eb6d911656e3b

SHA512
0d21bbe5ea1689205dfa9e6d81d09a6c6807eaf6a7b853d71f988434553501ac189c8d1f78cbc7c457fdd32c210433e2da6a4313afd1b862f67a4cb09db1765f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7efaf5f361c1e24324e125ffb85162a

SHA1
1a173981196025ef9dc27ff802a8dbc044e677c2

SHA256
28c3184af0e6edc7fd896028985242703865436d1b29e162b2cf7b2a3cf64be9

SHA512
044c2312cc83d7f08c3f0e94091f3f63b99f0152f4973e7ff7d1f795485dc222da19ad60235b9f4a965256548481255c1b41f75a3ef4955009b75470ae8a62c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebdfc77eaba68680abaab77c196b3f43

SHA1
339f0020110176c41acc948eac2f9f8e2b96a39f

SHA256
67792345c55174f617fd13c1927a1d747f20d70389e6a9d3bae1fdc4f15430bd

SHA512
18347d24c218b4079019c773ee7063fd2d225b733e196c0ac9a86728ec00cb43ef07d13bcbc44aef832b6ff19daf5d1d870379b3a9b7da0de074bda5953afa9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17318640753303022f84cfe76348371e

SHA1
9854ff9805246c093e3775729414f370393c8931

SHA256
02e150311e8fdfbe0359405b035486106b55e7b0bbef1966b34596b6cecf5212

SHA512
967195f929809519c0f7fc32b5666170cb5e46ac04a85d84c1c2f5c1687e581ad8a54a2c1beab6fdbdb625487bb8afa77f48708286f4ff4d2e78066c6465a20c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb094c818f9f07bc3da2472a35fb4168

SHA1
c74d9563047bcb76647126681dd87a51e720497c

SHA256
c628e624a8b3de63a61639148facc26ea92447ab3f2dc6a2ead05d40f6900ece

SHA512
d1fbb318671bab7f1bdca604a2911cd248ddf998ebfd161835d884de504f4dca25822ac03ef9e5c6c3f242acdda251e276556a461b533dac2d65a1f551b488b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c416e282d99e32eb806524179c6e5b

SHA1
733fc72c5ae0ef6037ce4d1df2006ed47e97c6b4

SHA256
e245ef7ba7b826ee528c774d8bed0e3a1f43d26d698dfe2912cb7f665f33165c

SHA512
c756e0fbcf1a3e8d9127a21e31d35daf3a1e33e0407e0c4398b06e826f7c87e834dcff7dc183e3640d8a8dab4771d29d7ae9c86ba03784e7f3def9cc783664bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca7871cee80eef68017e8fa3da63835

SHA1
4ac02c8333c4240d3736d5b4034134fb65cca968

SHA256
12f5b3d18c6ce8571fddc31fb18e1d06fd3f335f62309a2560630859c00d40de

SHA512
13cced5dbcf64c0195ccad9e697f558bfbfee12258b4bceae8652a90abeff321a194a11c1e73173559a52056666ea7ae60b1a476971bbf068a25f579ba5765c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f55d9ed56274e9dcfb5c033c1605fb6

SHA1
251f55f06c55a654bce185e8acfa8392f183a8aa

SHA256
9a19dce7401bab8e7af573379f2d5542c6400342a0c1f7f22ac0e4604bb1da53

SHA512
980ea7dcc9668f5ce0e081df98f2f8511a578af6d0f4502e64afcc1a3c42130490788f22fc450004f016dfdcd8ad8db8e222fa14a640c427ff582e4d0d625c2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
974e71747e0c24667cbd237cda3ab876

SHA1
3c53c0d5216bb2cee4e02226085eeaae4aa7c6e8

SHA256
a975bcfc47fc6f5a60091bd537d209a10f5b10bb9d39957328bcd00c7aa9e8aa

SHA512
dfb57c346b1f4ba4b67211efbd8a66e3fe19f23c7bce0cc9194f0a7e997aada0f16b6add4f6d9318cd7b30a6fbdd383f5ed828bb8f0e778318ace1eb880e53a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd4addd529f3c0515aea5f7ecd05a31f

SHA1
ac40e70433ac390282e3d55f38e7fdfd7ceeffe4

SHA256
9faaf00468deb70e47c64db001c7c2c0eb107face43aad686d266f7765f507c2

SHA512
60bc1b317f15dc5b8d5dafe567c5eb2937fd064a888cc166dc7a9865785f7dd9fa1b2e0601f10e4a227107da64d49a62332efde8e81459d4331b38e62a3d5a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea42c90795c9ae5b8506715df0986b33

SHA1
3724d949eeaba90d95d036566598cf4e5ca67206

SHA256
eb3d1a1422f7843eeb65c4fd9722e7dfdf407c9ace5ddaff3a0ab1248484bc75

SHA512
f4baf4021931596dff96d3dce5ad66f85d4331c836760613e35877c41606c76efd69422d8eac5c2ccd759de453e848eb5ca63a713e349affbf07e8022a9f3e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3fc9f91aa907f0a543f37b49e53b227

SHA1
f96f551daed47cc6b10c854c90c7c455c8febb21

SHA256
fc3dde73d04a489c43806fb8f368ea45521f9f60a7325609e53bdfc0a6d54373

SHA512
e316c9d3779751381f7d9a9fe5c3cabe69875267b0bb65f3ac577b21dac0f0a7391b6c4ea073168087438a00faf00adc46a3347006ab0918a354004c4bee836b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0827d0a8001c8cefc38d0936095ef13e

SHA1
6d7c42247ea46936a758efaae685cf3db4df10b4

SHA256
8654b24d38dee71f9805cc890a9fa02dabc150faa22f20ddb850e4dfe482e79e

SHA512
fa0b2ee0d4ec5497e3ef7a092b7676ac8fa4e3d5ac4d1c3803d8b9329737916a7acc885bfd07ff8f6c54cd57bef84d6e62a79f065f538421e5a98a62977d53f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
673f77e795990e2c952e6c9849a88e1e

SHA1
97c8c1466ebbc8f60ead654263a4abe146ad0801

SHA256
aceab2e7e997123ba42ef8a1b63e086b6e4ef5de037ea3965a5ff4db3a92162b

SHA512
618dea6bc5c39fb99596d088869a544c50461dc6c5f9b76e360283cd35463ccaccd01914a9cbb44c46ca8d39e14cf905c7de30e840aa0740e96e548eadc1fbb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dcd2fdc4e9475e7e8b5f3a7940e728a

SHA1
89b66a2f604719b66a1fddb09105df7f88ea7a1f

SHA256
0725074750c25cf96db9f90e2b0c5e8193d4be525f9799081266cd1ce1bf0707

SHA512
0615cacdaa7ac0175f521331a55f1c99f27ca0334e7d301ed85df7922ad1a15b1495e5ecbae3a0adda8a3529db1b1264afe14d2d6b29a007dba7ecf08907791b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54c6ea58131bf94a89f8d0be2ab6dd5f

SHA1
c46aeeb731b289192bcaf4ca124e7b2daa9abf6f

SHA256
d23c152860793331c78482328226d06ce886daf1e1b7b2f379551c39fb3b34ea

SHA512
728c5ceece7f793f5be28cda02cbfdc8e4a7ae4d6254c4b2571cb2638df7e29a09406426521e5f40ee9987456e7fe3ecff7101ff47986bd372f82fa588ce6df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da0bf401f7bcc015b59fbddcca1f0ca1

SHA1
dfb0369bfb7454fb85402843d697da07b9ca911d

SHA256
96dab7e756e6b4bfd520662407831690e3f5929c4dec27782a085db907eb32b2

SHA512
dd9b15251681ed86d422102c46385d08dd23daa2be35873a66e62499de3beb9a2499b27f496562e994ad2b1f35c7409e80feae9f728574f4fc9c959a7bbbe8da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0edd386b1e093bfda5deb8de88fcd6de

SHA1
ae3b25c486e25756951f0e1b9e2b0348480dfd86

SHA256
c979b706afe66506f001260e796118ea5101f43707d4feb7217b4f3844809109

SHA512
f914db55d4d18deef8e85642b59672f0a7aadc024e84f2023f2dd6bdb7078ec9054374393d4ef0dd1d48506ff868f6cb1a829fd92f5b4f745cfb5a06a68f9224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b245893763fc90d2bc1c74721a4b357

SHA1
6f310890b5435d06bc67168b7d2132bd9826a741

SHA256
be2231c20c7464e92307b073a711706fe5712a10cfbd6ead11cd1f0d1b960a56

SHA512
6c566c72d0c1955e1bf0956560041cf4dd7ba6513796d79938b65a30db2a29ab79f9c14b2c6b9c2c34c5f4e977c96ddf4f877dbd8b8de12bb37cab464e6c86d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
800c9cf3310d74a0d957ee2808bc6ba2

SHA1
6ea6c0296489b5b53a96938782ed2635bcae3c2b

SHA256
40f85df386b76e47aa35fd1a1da3c8d478c69e062d16c83cc1dd1b694524793f

SHA512
e5ebad6dda18a4d3312c0b720265993b9cd53b3ceaa62d64840a31937020794797032582e46a4e0e91542672d047890e36a2982c4a1a15b3220e59ee0e96c96c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
8639abe1e6dcfc456d0728a9ac8174f4

SHA1
556cb0ead5e58129edb8cb2ce7dc17e28f98b144

SHA256
b2a85d1503405a20d48d078bd037128adf00569d6f1bd3304eb0186a44fe5c9f

SHA512
b7847b43e067dd427fe0444af3bbdd7bef14116b70476424fcdd57dbcf3d6740d21bac85cde8bf023a0c3d4e6d2558db5319f85504317c053922123aa7e7c29e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bb35065807baa30b6b0373216e96443d

SHA1
841dbcdbf838956d00bc83378c91df23ba287bd8

SHA256
dc124fb1a0e230d5cb38432568c7ca54609c077302474330d6559ba89789015c

SHA512
e3acc260c907fffd6414e40fcb231e942abe315df4d67b3c9d50a5bb6e735fd66330e643cecec35d7a25eca0edf0ce393050f9d16e5c42117d0ee16533d09519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c49ad986a133c16cc99cbaf2a5fc8db4

SHA1
6bcce90f0a21e582b44f56679d4be394efff44e1

SHA256
49b413e597155a1574fe9d10f9b8852a9e11a5996ba942b936073aebf72ef492

SHA512
075ee292a9ca3f24bcc10616558111d278897dcc8ab9edeca91030b9084edc1a6c538ef6a19c01bea5b144a953a2fb5360c0565b3b899ac259ddaee901741422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3A34.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A36.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3AD9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response