Overview

overview

3

Static

static

1

70284adcf5...8.html

windows7-x64

3

70284adcf5...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 15:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70284adcf5c1de215b220b8c93ee90a3_JaffaCakes118.html

  • Size

    41KB

  • MD5

    70284adcf5c1de215b220b8c93ee90a3

  • SHA1

    731a62187c31d5340552fbe9878d01ec872684fb

  • SHA256

    40aa8bd6c3073df625c46b13facaeaa3d62ecd1dbc2819a59fe459daf08b56b6

  • SHA512

    bd7d1dc6d74a423bb2a50b382db012d847d79efe77b1afb1ab33e0e36204fe6b516e60ab69109b4b66b44ac93bfc3ec8e89177726cdb5a923438ced5cf469190

  • SSDEEP

    384:IGAU/guo8BBVxV8uHNPpUxkAGAc1GGT3cdXMPnjGA4Xaf7AYc0emmz7hsQ6d0lDA:IGAM5o2HhHkkzpW+7AYc0edjIKQtv

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70284adcf5c1de215b220b8c93ee90a3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

  • flag-us
    DNS
    udrivemyr54.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    udrivemyr54.com
    IN A
    Response
    udrivemyr54.com
    IN A
    190.2.139.23
  • flag-nl
    GET
    https://udrivemyr54.com/fd8e4217d99abad1d95dcee389e8c9f3/invoke.js
    IEXPLORE.EXE
    Remote address:
    190.2.139.23:443
    Request
    GET /fd8e4217d99abad1d95dcee389e8c9f3/invoke.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: udrivemyr54.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.24.0
    Date: Thu, 25 Jul 2024 15:33:14 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    Vary: Accept-Encoding
    X-Powered-By: PHP/7.2.34
    Cache-Control: no-store, no-cache, must-revalidate, max-age=0
    Cache-Control: post-check=0, pre-check=0
    Pragma: no-cache
    Content-Encoding: gzip
  • flag-nl
    GET
    https://udrivemyr54.com/b1/f5/76/b1f57639c83dbef948eefa8b64183e1e.js
    IEXPLORE.EXE
    Remote address:
    190.2.139.23:443
    Request
    GET /b1/f5/76/b1f57639c83dbef948eefa8b64183e1e.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: udrivemyr54.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.24.0
    Date: Thu, 25 Jul 2024 15:33:14 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    Vary: Accept-Encoding
    X-Powered-By: PHP/7.2.34
    Cache-Control: no-store, no-cache, must-revalidate, max-age=0
    Cache-Control: post-check=0, pre-check=0
    Pragma: no-cache
    Content-Encoding: gzip
  • flag-us
    DNS
    r10.o.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    r10.o.lencr.org
    IN A
    Response
    r10.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    2.18.190.80
    a1887.dscq.akamai.net
    IN A
    2.18.190.73
  • flag-us
    DNS
    r10.o.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    r10.o.lencr.org
    IN A
    Response
    r10.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    2.18.190.80
    a1887.dscq.akamai.net
    IN A
    2.18.190.73
  • flag-gb
    GET
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D
    IEXPLORE.EXE
    Remote address:
    2.18.190.80:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: r10.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "E868B2B91B00DE820F4EB7A23E3964A44BC42F588DE5EBB44DBF8ADA2F19BC80"
    Last-Modified: Wed, 24 Jul 2024 20:25:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=17825
    Expires: Thu, 25 Jul 2024 20:30:19 GMT
    Date: Thu, 25 Jul 2024 15:33:14 GMT
    Connection: keep-alive
  • flag-gb
    GET
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D
    IEXPLORE.EXE
    Remote address:
    2.18.190.80:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: r10.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "E868B2B91B00DE820F4EB7A23E3964A44BC42F588DE5EBB44DBF8ADA2F19BC80"
    Last-Modified: Wed, 24 Jul 2024 20:25:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=17825
    Expires: Thu, 25 Jul 2024 20:30:19 GMT
    Date: Thu, 25 Jul 2024 15:33:14 GMT
    Connection: keep-alive
  • flag-us
    DNS
    statinside.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    statinside.com
    IN A
    Response
    statinside.com
    IN A
    172.67.146.166
    statinside.com
    IN A
    104.21.57.149
  • flag-us
    GET
    https://statinside.com/counter.js
    IEXPLORE.EXE
    Remote address:
    172.67.146.166:443
    Request
    GET /counter.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: statinside.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 15:33:15 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Tue, 27 Feb 2024 08:02:54 GMT
    ETag: W/"65dd972e-2f4f"
    Content-Encoding: gzip
    Cache-Control: max-age=14400
    CF-Cache-Status: HIT
    Age: 3501
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJAcTu2EyCfRdjaI%2B8KZTqjvFdqLhw%2BGpv2%2BAieXwhs1fZkQ%2FAK6C9rfhx78C791Uiuy1zoX%2Bs%2FVxA2iO8Ou0Jxvo7Y%2BDRobavjlcn11CUSoZZBWIYxDCJlJENZserguuw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 8a8d35143b476559-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://statinside.com/api/add-hit
    IEXPLORE.EXE
    Remote address:
    172.67.146.166:443
    Request
    POST /api/add-hit HTTP/1.1
    Accept: */*
    Content-Type: text/plain
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: statinside.com
    Content-Length: 309
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 15:33:15 GMT
    Content-Type: application/json; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Content-Encoding: gzip
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Nee%2FUIfpqUplpifmhdeeywQYW51EAp385ISFu%2Fvla3CPoTyyUSswnL9z5%2B0gELC0MS%2B8oMSKnyWBhLMmTD%2BnyjfIclsh8dmZbU1nbX4w3AzIEgcbPnhAiLL%2BhTcq6QpXA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8a8d35149bd06559-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    c.pki.goog
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.3
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    IEXPLORE.EXE
    Remote address:
    172.217.169.3:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 14:59:57 GMT
    Expires: Thu, 25 Jul 2024 15:49:57 GMT
    Cache-Control: public, max-age=3000
    Age: 1998
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    IEXPLORE.EXE
    Remote address:
    172.217.169.3:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 14:59:57 GMT
    Expires: Thu, 25 Jul 2024 15:49:57 GMT
    Cache-Control: public, max-age=3000
    Age: 1998
    Last-Modified: Wed, 01 Nov 2023 07:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    IEXPLORE.EXE
    Remote address:
    172.217.169.3:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 14:59:57 GMT
    Expires: Thu, 25 Jul 2024 15:49:57 GMT
    Cache-Control: public, max-age=3000
    Age: 1998
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    IEXPLORE.EXE
    Remote address:
    172.217.169.3:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 14:59:57 GMT
    Expires: Thu, 25 Jul 2024 15:49:57 GMT
    Cache-Control: public, max-age=3000
    Age: 1998
    Last-Modified: Wed, 01 Nov 2023 07:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    2.18.190.71
    a1363.dscg.akamai.net
    IN A
    2.18.190.80
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    2.18.190.71:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
    Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
    ETag: 0x8DCA14B323B2CC0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d53bd6d2-d01e-0074-0737-d3631a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 25 Jul 2024 15:33:45 GMT
    Connection: keep-alive
  • 190.2.139.23:443
    https://udrivemyr54.com/fd8e4217d99abad1d95dcee389e8c9f3/invoke.js
    tls, http
    IEXPLORE.EXE
    1.5kB
     7.9kB
     13
    13

    HTTP Request

    GET https://udrivemyr54.com/fd8e4217d99abad1d95dcee389e8c9f3/invoke.js

    HTTP Response

    200
  • 190.2.139.23:443
    https://udrivemyr54.com/b1/f5/76/b1f57639c83dbef948eefa8b64183e1e.js
    tls, http
    IEXPLORE.EXE
    1.5kB
     7.9kB
     13
    13

    HTTP Request

    GET https://udrivemyr54.com/b1/f5/76/b1f57639c83dbef948eefa8b64183e1e.js

    HTTP Response

    200
  • 2.18.190.80:80
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D
    http
    IEXPLORE.EXE
    475 B
     2.0kB
     5
    4

    HTTP Request

    GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D

    HTTP Response

    200
  • 2.18.190.80:80
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D
    http
    IEXPLORE.EXE
    521 B
     2.0kB
     6
    4

    HTTP Request

    GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgSWCZmHTWs5J1r8hcRt7kppUw%3D%3D

    HTTP Response

    200
  • 172.67.146.166:443
    https://statinside.com/api/add-hit
    tls, http
    IEXPLORE.EXE
    1.9kB
     10.9kB
     15
    19

    HTTP Request

    GET https://statinside.com/counter.js

    HTTP Response

    200

    HTTP Request

    POST https://statinside.com/api/add-hit

    HTTP Response

    200
  • 172.67.146.166:443
    statinside.com
    tls
    IEXPLORE.EXE
    705 B
     3.6kB
     9
    9
  • 172.217.169.3:80
    http://c.pki.goog/r/r4.crl
    http
    IEXPLORE.EXE
    560 B
     5.0kB
     7
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 172.217.169.3:80
    http://c.pki.goog/r/r4.crl
    http
    IEXPLORE.EXE
    560 B
     5.0kB
     7
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 2.18.190.71:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
     1.7kB
     4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.7kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.7kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    785 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    udrivemyr54.com
    dns
    IEXPLORE.EXE
    61 B
     77 B
     1
    1

    DNS Request

    udrivemyr54.com

    DNS Response

    190.2.139.23

  • 8.8.8.8:53
    r10.o.lencr.org
    dns
    IEXPLORE.EXE
    61 B
     160 B
     1
    1

    DNS Request

    r10.o.lencr.org

    DNS Response

    2.18.190.80
    2.18.190.73

  • 8.8.8.8:53
    r10.o.lencr.org
    dns
    IEXPLORE.EXE
    61 B
     160 B
     1
    1

    DNS Request

    r10.o.lencr.org

    DNS Response

    2.18.190.80
    2.18.190.73

  • 8.8.8.8:53
    statinside.com
    dns
    IEXPLORE.EXE
    60 B
     92 B
     1
    1

    DNS Request

    statinside.com

    DNS Response

    172.67.146.166
    104.21.57.149

  • 8.8.8.8:53
    c.pki.goog
    dns
    IEXPLORE.EXE
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.3

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    2.18.190.71
    2.18.190.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b560b6272f85364e63cb7e178fdaa6c1

    SHA1

    55fed5f18537651ace13699a27fb5a3f80571523

    SHA256

    76e1f284b6c9a3d894cffdf770887e1538b4c1d55b31eb83173cb3ba05b74b1e

    SHA512

    d36abfc359c32433a0a0e9597f32a1dcfb92882c2897ba9348d6fcffd08f73144a323a4dd0a668e3477ef6e70adf78bb7f9c7dd0c2a5ab253a3de26232c27a03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a867444b21fd4b08a0c5cf24bd42f6cc

    SHA1

    b6a44508dc65838195235e4ab0217ec3c0891b06

    SHA256

    e01b6f66fe5b37c44a6faa255de7c40aa3accac44c1c8108f4a4107d79322092

    SHA512

    88866747673784dfa51b6bdc437417223d6f96ebba8f45cad03abc42adcf915f676505bad42aaf99c7368661673a708c6da207a9dbb8bc4baaeedf5a453ab47f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f64a36bd6f09404ae3f215c7999441a

    SHA1

    ffdd4e4b093081c90b250c8d69fe5f85f3033f97

    SHA256

    9e71ce1436d6f85a1693eb49920bd5e03342c924fb6f5b7b379498c7272b1c68

    SHA512

    8b0a6245a59cf7d3ae88fcf0fd3f699ca349ff8e9aa96b3eb3224a50a19f1f1717689cbd3029b403c03b59ce749cd66f61cbd9ec8779392ea2128815f95456f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c71b0fa1e55f419061519c6b671b688

    SHA1

    0324c3bef8792fe5baa81ccf455a2e4d1b2f8583

    SHA256

    5876d00950f290f249cbf278cadb1795e4556032484d20794ecd052d76c69acd

    SHA512

    5dbc859cf697186c56c5f4cdaa966e62e91a3d2e9caeddc05a6da8a725e2849b7562c6c99762e13adfe366f9b035da7d4e6996d995a193f201abf751c2304fbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8018d600a2a593bf531e51addfeddff

    SHA1

    fd4c37591ab81e9c8124105c568b595d2c5eccc4

    SHA256

    459aaa390e073f890d7e7b7d33b583d81bd626ea96b7ae250fcec0ae7a6b8978

    SHA512

    19712cea5a6df111c620c3f4cf0db0917cfc68960ad1c8c7169184d319684dc8626b475cbdc974a05da0435309a48e79469240e8699c51a5cd74594da790bc70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17cb7671fedad89d29a416a8d916101d

    SHA1

    7717745ec176662b725fc8d38dd72932e65fe427

    SHA256

    4d8b18a985aa1f3b6f95d0c4c7289012746c4ff73da0a5fe2527702f8e7044b1

    SHA512

    40b679c78e203397d258d23674ec4df49487b74b7b5e5ff2b3072437f03b1360a4e63f2c0f39b0ac43b3e39c5d153461bbd244c4cd645d2a7881ddae7c4be5ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7f49fb67c2231a06f57fb666b808515

    SHA1

    2aa2fbf845782f15b99f35cb83f733bcf01097c1

    SHA256

    94ac4a5375e4bb7f2decdc55d1f66670dc6c759eb4fe8d55e51ab7b5a5e7ee69

    SHA512

    2556d4ca9bf02703d7c60fb730b0301eb28c601aa53fbd7bf250529cb3fc13263618f9f252a638ac852d8ceb56715bd0df3fa4596848ff40a69e303c79d17a62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0490956be8d325826c93f99f508b214

    SHA1

    2356559a95f293867a32934f1d4dc68ea5c52bbe

    SHA256

    01d359c3a72df781dbb0dcc7f421f4c4234a52c4e65d5944a07c72aa52cb1b29

    SHA512

    6508ec90b1bb380c68988b64af8a3eecf965d94850bc34ff04809fa45541eb5c5e384ba5fb907cfe4a7c140f372b3c0ce925128174a9d39f65c5964b0b91421d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e248196b24b42df16e8581df0faac692

    SHA1

    f887785a2a702b7a2b275ee3e6d078505ff44f31

    SHA256

    2d9bec557642e3fa5c0caac145c700422d14c14166d0fad7fffc6ec67700e87d

    SHA512

    d0f794cbaedd13684e4130fba8d2929be7735003e2b2c4bf82104d08fc7855d5a1af730546abf6fffd05e48b2bd5c12b8d6af81111494d127c547e725a563105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55d724c6ea3664950e6217cdcfd69917

    SHA1

    e641be7aea78724fcd04d5eef650feaa519daacf

    SHA256

    2af8a3376493e5398293269c3824a7f92da91c8fc0abfc6102d1961927fd29e7

    SHA512

    8a5baf09019695e386483493e6fcaf86c9b70da659038be378f3ac8209735e1e5c48bb07c7881d067ac18e0c39d15f33d71229514d56cb8fa0aceb71ddd961e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93b055fca9afbbe83a6c56372f3c9328

    SHA1

    77852dbff7cffcdad0c6140f52be07279cdf5db9

    SHA256

    fa6040fae3684b6ed30648afd3b4879433de95caf3e0f728b2a9b2db8e635354

    SHA512

    2c5ca763f869bd1c2862a04ebd1d8a68acf8cf7ecf71f6dcc752c3447bc866be0b4b7e8c3dbfd16981a0851688c5cf11972bb485c2f758a63c829f16b90e78d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6050a181d2858abdaf40cfd595c3981c

    SHA1

    4aeb6b09a519c331898f8f3df8ba4e7a0b8b17cc

    SHA256

    927055169757ccefc17059e60c2dfdc67b108d5297a1335eb3206a02c7786839

    SHA512

    aeb5561f01c03f243344910806382bedda7e918979d30191655dafcaaf799deb997fb7c35bdc23fb1a0e9de4d1c32d8aade6f6d96fe2e352e01b0059f1cd461d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98b00b8fad5b3b2e8e8ba648568dce79

    SHA1

    ce6e10479ff8ef7117297b297d1eb89f4193ff66

    SHA256

    43872f855363e11bb9852d8b94eb9bef7fcb2135a4f78074d1cef930eb08ca4c

    SHA512

    77321f07a7721aa783b0abc0743f0adb59ee90ac5c87c0dc5af1cf13cf162d17a2414eff1556a4b5724bedd1830be4ceeb24223c2ee4abd66bf4d777783bc0bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc9a6f36fcf18316180f472174dfee9a

    SHA1

    75ae09946fbb77ac40d01005875a6f9ca64afec5

    SHA256

    e30b232d1def78da2c6bbfc3d85bd4b0f99db3fc274df35c464c3a18b147984e

    SHA512

    c748e438d72903b2c6dd6ed1af1eae0978c88c4a96c014792fea9c42dd7d1054fc34866bb0376b01f83decd1ac9ddfcb89da4a12df09317fa35acc40e703b8c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb7b96f97e8d4b3b6d005337528f26ee

    SHA1

    3d6b062b83e736451887a4c153d765449cbc019a

    SHA256

    fad2cfd9507abaa60e0344b974687c383609d270108afd2886a29cf233aa70a0

    SHA512

    34748a279d8210c777b08cfca1c53269ec4da8721c9711a2492b0207eebebf2bda6020e94201185247846a0a8e8a064e0f2826a6eec53e0e4b26814ed398a8fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4174b9925ae4076e57eed74c2872bb1b

    SHA1

    782f91786a2ae7fe0df96968fa5cf8c1f1d1d2f9

    SHA256

    1404bd82532435362f101c65609c508b7b3faf7616127569cc207784f4ec961e

    SHA512

    c2860556708a98523be269b674c9420b53c60990db6390a9de52c5382741c7bcf992ae17e9d128fafde286c45c112c4ce4f6bfe04909be05ca10e478df8e7368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    002c49492a9b44f61b49bf1d5ecbe8ac

    SHA1

    33beaebf49f700f885ddc400eab66fcc31067aa1

    SHA256

    588f79947906cdde541e00ade79e155208ae6a3b0cc05326d458fa5393c95030

    SHA512

    17ad93958fd8e3fc730984711aa06af0b2dd752b4d8e06f8e55a96b9a1e96be2e548fe3c2360e4bd84782d5936cb845781cf22001c73a09b264cd02dfcbe00b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a1cd4f52bf99da475950a5e11c35d67

    SHA1

    5dd7affea7bc532c6cd86ee2f4c7ef9df1065467

    SHA256

    405cd749299289dd219cda862252380758c3da8102730b7ad9fad439200bf103

    SHA512

    0931c296372b4eb1104009ff1c9bc2148ac338b48b2c09372a63763750e87a537e9cb45f91498073dfed5f720f3c20cd79f2046bd78d4c7529503749e2500a94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca6fe83d3c95e4e7def5363bfc78b095

    SHA1

    707729e5a729f70800788e660634b6da48c73708

    SHA256

    1b2c7b14e3a5c58edf68d7d960889a7e87eee018d92d3201130d5a7237272596

    SHA512

    7fe60a57db99efbea5c2f5b534d20122787aaa40533901fff40780ae238548a8d76569f5c4136c53fb39e98550b23e522015d5d1a19d7147b42620558d4472c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    953b6e8b5a9a57486435d686897e068e

    SHA1

    f951c7cc9ac90d4180ff279b52884fc6b12e06f3

    SHA256

    21027a8f55a21d58868f3fa8debe5e63179c67e5540d1a5b7539082653aa4b20

    SHA512

    b417e5de4bf34e15aa8dcc941b545f30eaf7c9de59b94e49ab9de43381636b25a0ce29c6e6a13281c2b5fba573ee3bd43f1969ceec7bfe0f4fd721c11d6f8d1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b0029fd0b63dfbf9f2c9bc19ea1c35b

    SHA1

    9a06448522d91471132ecd039ceedb680b66bbe3

    SHA256

    8ccba9a02b3cdb23f1c35675bbd08653e3bc9964a02dac65b81187699c91b6a2

    SHA512

    f234d616caa9fe6519769fad53693e24d1a96616717e81f536b002b8a6caf85b04917d78a98a2bb4e829d2017e2e02a2e7c30ef49bbd4d2bcc00655b8be5b246

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffc101d91a81a556145fe2b6cf7f2a0d

    SHA1

    979881db5cbba3adf4c4baab5bf9adb3953d693a

    SHA256

    9df5dde7d35494d14a5ec374110d951f15e0b193bfc5884c885b3e4e3d0a8259

    SHA512

    28a24e41f8a9c97f4e5c764967d27c2e7426c9fdefd7d14631c4a531be4d470bed58b4900e64511b7a901bae596440f7de5cbd7082239629f67df4b398941695

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8980be0404f9d54e547947bf263a4c26

    SHA1

    2e2ae04d8642830c81ad20a4b4fbb35af19e2aa8

    SHA256

    8f430a41c046ec393420f4959014e83b37fa92ab77ea939ae9bb0367d0202cba

    SHA512

    fe54bfee595a7e8a7e5c48f36c9fe6d8c51fb4580bdb83cb4520b66de56429f70ee879fda452b8a24dd24c2d7062d23b4f66d2b23deed7d86d84729138326346

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab43B7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar43B6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.