447fc2b7326e234156d515505ea59f82fa3617a8e15b149448ca306e94da2e53

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 04:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d0167601c2db343c45b5303fda83141_JaffaCakes118.html
Size

33KB
MD5

9d0167601c2db343c45b5303fda83141
SHA1

d924cd1890d00c273bc418dc1ae0f1cb5f1523d6
SHA256

447fc2b7326e234156d515505ea59f82fa3617a8e15b149448ca306e94da2e53
SHA512

15cc132c703fb227701e392e2606cf2beca4b0c6af58350a40dc8498503f0bc45b9ab5c06da0072ee4fc41b99c18dedbc8e444959c5c8527c322b9c53c740607
SSDEEP

768:i8EG5PbdgiuuWKplQDBqxb98575XgjjcN7sVdrajf6qkYzQSkLphgC:i8F5PbdgiuuWKpeDBqxb98575XgjjcNo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1124	msedge.exe
1124	msedge.exe
1556	identity_helper.exe
1556	identity_helper.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 928	1124	msedge.exe	81
PID 1124 wrote to memory of 928	1124	msedge.exe	81
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1344	1124	msedge.exe	82
PID 1124 wrote to memory of 1076	1124	msedge.exe	83
PID 1124 wrote to memory of 1076	1124	msedge.exe	83
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84
PID 1124 wrote to memory of 4060	1124	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9d0167601c2db343c45b5303fda83141_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8791346f8,0x7ff879134708,0x7ff879134718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16185236460940307958,13467889614030080916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

dlyaoblivok.ru

Remote address:

8.8.8.8:53

Request

dlyaoblivok.ru

IN A

Response
GET

http://fonts.googleapis.com/css?family=Open+Sans+Condensed:300|Playfair+Display:400italic

msedge.exe

Remote address:

142.250.187.202:80

Request

GET /css?family=Open+Sans+Condensed:300|Playfair+Display:400italic HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 11 Jun 2024 04:40:55 GMT
Date: Tue, 11 Jun 2024 04:40:55 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Tue, 11 Jun 2024 04:40:55 GMT
Content-Security-Policy-Report-Only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

counter.yadro.ru

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.198

counter.yadro.ru

IN A

88.212.201.204
DNS

www.ja-zdorov.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

www.ja-zdorov.ru

IN A

Response

www.ja-zdorov.ru

IN A

104.21.50.96

www.ja-zdorov.ru

IN A

172.67.159.239
GET

http://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

msedge.exe

Remote address:

104.21.50.96:80

Request

GET /wp-content/uploads/2012/10/svechi.jpg HTTP/1.1
Host: www.ja-zdorov.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 11 Jun 2024 04:40:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 11 Jun 2024 05:40:55 GMT
Location: https://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2B7mDIvPzzKhn6E1IEUYcbkY2pe93JD%2BaX4nBZ3lSNLsV5Pnz3cEoqplROy8oqtARG0yz1QPOqz%2BogMCouaJ2CXoJshH8gkYJ2UeIvbTp6fIgM4rybqtz9AJVaCDJLssDUNV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 891eed052929631c-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

msedge.exe

Remote address:

104.21.50.96:443

Request

GET /wp-content/uploads/2012/10/svechi.jpg HTTP/2.0
host: www.ja-zdorov.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Tue, 11 Jun 2024 04:40:56 GMT
content-type: text/html; charset=iso-8859-1
location: https://obrazovaniestr.ruwp-content/uploads/2012/10/svechi.jpg
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9o9R%2BaRkZ866EQj%2BlU10gCxetEyPpKJRW5dzHO5SHZd5NscY8L9rQkfFO7sYvDUaLlQ3qx7uwBO%2F0IN6vWFmYaAYTW%2Bo4DxdkGyOCQ1eA0Lv7EcHoGNhdPlEgOxHIbYzUf3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 891eed084be55317-LHR
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

23.14.90.74

a1952.dscq.akamai.net

IN A

23.14.90.99
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

23.14.90.74:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 11 Jun 2024 05:40:56 GMT
Date: Tue, 11 Jun 2024 04:40:56 GMT
Connection: keep-alive
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

96.50.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.50.21.104.in-addr.arpa

IN PTR

Response
DNS

obrazovaniestr.ruwp-content

msedge.exe

Remote address:

8.8.8.8:53

Request

obrazovaniestr.ruwp-content

IN A

Response
DNS

74.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.90.14.23.in-addr.arpa

IN PTR

Response

74.90.14.23.in-addr.arpa

IN PTR

a23-14-90-74deploystaticakamaitechnologiescom
DNS

counter.yadro.ru

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.201.198

counter.yadro.ru

IN A

88.212.201.204

counter.yadro.ru

IN A

88.212.202.52
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response

142.250.187.202:80

http://fonts.googleapis.com/css?family=Open+Sans+Condensed:300|Playfair+Display:400italic

http

msedge.exe

745 B
1.9kB
8
8

HTTP Request

GET http://fonts.googleapis.com/css?family=Open+Sans+Condensed:300|Playfair+Display:400italic

HTTP Response

200
216.58.201.99:80

fonts.gstatic.com

msedge.exe

236 B
208 B
5
4
104.21.50.96:80

http://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

http

msedge.exe

706 B
1.2kB
7
6

HTTP Request

GET http://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

HTTP Response

301
88.212.202.52:445

counter.yadro.ru

260 B
200 B
5
5
104.21.50.96:443

https://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

tls, http2

msedge.exe

1.7kB
6.0kB
16
15

HTTP Request

GET https://www.ja-zdorov.ru/wp-content/uploads/2012/10/svechi.jpg

HTTP Response

301
23.14.90.74:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
88.212.201.198:445

counter.yadro.ru

260 B
200 B
5
5
88.212.201.204:445

counter.yadro.ru

260 B
200 B
5
5

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

dlyaoblivok.ru

dns

60 B
121 B
1
1

DNS Request

dlyaoblivok.ru
8.8.8.8:53

counter.yadro.ru

dns

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.202.52

88.212.201.198

88.212.201.204
8.8.8.8:53

www.ja-zdorov.ru

dns

msedge.exe

62 B
94 B
1
1

DNS Request

www.ja-zdorov.ru

DNS Response

104.21.50.96

172.67.159.239
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

23.14.90.74

23.14.90.99
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

96.50.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

96.50.21.104.in-addr.arpa
8.8.8.8:53

obrazovaniestr.ruwp-content

dns

msedge.exe

73 B
148 B
1
1

DNS Request

obrazovaniestr.ruwp-content
8.8.8.8:53

74.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

74.90.14.23.in-addr.arpa
8.8.8.8:53

counter.yadro.ru

dns

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.201.198

88.212.201.204

88.212.202.52
224.0.0.251:5353

526 B
8
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
c2fbf79509d5f91c481bd66570e76c95

SHA1
7067b6bda98bcb184aa972f9cc16af8cd671a51b

SHA256
47b99fa8d1339e235abca57b40444ab48c2f4b61849c66a3616bac160d6d321b

SHA512
df354bfe415649218cf558ac98859e3168b863ebf8307c673096ebac572af832eeaeedd37c06f4152d028e07d7b6053d9b5932efef9e764970e7e97c32fbfd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48af14d9d73a2937689ac453bc860341

SHA1
c1496b9fc421abec8f9364b2f8469d4d65af4f5c

SHA256
acee2c141094390d64307107c87fecbf3fda7ea7ca788191563b50a13ea7a0f5

SHA512
c3e3d5357390b8c6870dc2a44fc462140a235778596780416511a53340b3406b47739da036a34b82fb1607a15d559cb988c10cf8c49d9cc466a4a3d1eb067a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca5ac355027a74464e82671ab4e81319

SHA1
9c86237452058b1f0de16dcda25707692a21f193

SHA256
3261112857d6c1b125071064c4103a08d16898469dfceb0c83a08443c3cc9600

SHA512
9d88d5b202c7b6c2df11edcaa3b6801f2f8c2fdf72e20fc00dcd0083d23198604891a75ad74df16cf6a5268797512d2350ec233978d2c503bf901bc06cdcb6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f540fca42159999b8b07733f175dda9

SHA1
56ac333b602fcd848f3c39392911c7ab5b445e06

SHA256
b149d2dcb9c0adabbbffe987a670926806b3d2746796bba56d2560b418cca5ef

SHA512
045f4e56014159aee11f25223e6fb6d40262c08c1a103551bbd900d4d16f145695d6b8c658fd2aa04812479d14e367f06b764b9f491c0898322101ab3e978c41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.