40e8cd20fbba8fa44f29aefe95e8df44c3d5e7ff0f026d37ec44f8c71e5b7ce9

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 12:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

html.html
Size

5KB
MD5

7ae675def8e8254fd53c0a303cb16505
SHA1

b96084059ad36ed3cf6ae2413f8ceb8aa5c90269
SHA256

40e8cd20fbba8fa44f29aefe95e8df44c3d5e7ff0f026d37ec44f8c71e5b7ce9
SHA512

11ddaf36040b9e41c238ca1628fa449a169846155b2106bf7e2426642dd7e1c7fff8749fab63f91c530c89c6f4ba5d875d28f51049d128d7d8014c7eba06d78d
SSDEEP

96:1hJtNj1Bq6gMXoPtwZGT3CQJFandwErtlKD9I4mNN:f7NjjPloVQGT3zFaGzI4iN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1DD8051-5E2A-11EF-BCCD-5E235017FF15} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430234242"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07d1eb837f2da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000001dd05e02274dace7589caf3fb2a37f42fbbd6402aca0a357239432e77481150a000000000e8000000002000020000000cdb9c595eefc3aa0c321ff44610896efdccfb5285295e5f5a10858055dda21039000000097ae4de548b896d5b6fc5a22f4ff946eedc07d4f22f728b491c61e0da0421407155fe73d6196416088d835d247097a7932fc2d13331b596b6a3c37d635d5b16c3a673eb2b42886beb70dff7c68ee56ad87ba776bac62eab55ba66380a9bd20e8f6b93ffdb9457b997817064c956a1cd8641e977bc1b949e5f98572b7e952ecea464b817f6a70a67afe6918106d561b3e400000002e39579f12ba18ce6b5c98cd4375ea7328bf138763a483e3b50273a4d1c35c36e546a34bd084d262000f3d21d58cf99e3e6d3ba18562b683b58b2df131ce9704	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000d2e9e3eb3d2e4df706549325103521782cebf3c64e094697a547e9d8816c20b8000000000e800000000200002000000006ba54cbc1e52a6b63afa1cc095ebba5ac4e393dbdde69ed168136b6a9604de52000000070597f2b1c803583fe3ef261c6faee8ea89ca6a5093bc1cbb73ded5bea71775340000000cdd0392e54525aa77a5e9900501960b19b246fff7656ad442eef9c4591f0e1358378c526b69a21596a33695263bc28f13c1ee01bdd1b54970158e48e4188a205	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2160	2132	iexplore.exe	30
PID 2132 wrote to memory of 2160	2132	iexplore.exe	30
PID 2132 wrote to memory of 2160	2132	iexplore.exe	30
PID 2132 wrote to memory of 2160	2132	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\html.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2160

Network

DNS

cdnjs.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

IEXPLORE.EXE

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdnjs.cloudflare.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 19 Aug 2024 12:59:39 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 16725
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03e2d-bb78"
Last-Modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 397711
Expires: Sat, 09 Aug 2025 12:59:39 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqsRYRiL9iNTxWjbrP5jjvV%2B4PApcmuEbYXG7zplQbfjFXUiLxFRMgEh0IkyWXWTbnOHmOIZ6z3b30FEel7WDrUfTX1487iQHuOD%2FGkRuprRx2BLcl6jjkxn%2By5yXxfL8J8zjdtf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=15780000
Server: cloudflare
CF-RAY: 8b5a52713e1c94ba-LHR
alt-svc: h3=":443"; ma=86400
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.214.67
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.214.67
GET

http://c.pki.goog/r/gsr1.crl

IEXPLORE.EXE

Remote address:

216.58.214.67:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Aug 2024 12:25:10 GMT
Expires: Mon, 19 Aug 2024 13:15:10 GMT
Cache-Control: public, max-age=3000
Age: 2068
Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

IEXPLORE.EXE

Remote address:

216.58.214.67:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Aug 2024 12:29:28 GMT
Expires: Mon, 19 Aug 2024 13:19:28 GMT
Cache-Control: public, max-age=3000
Age: 1810
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/gsr1.crl

IEXPLORE.EXE

Remote address:

216.58.214.67:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Aug 2024 12:25:10 GMT
Expires: Mon, 19 Aug 2024 13:15:10 GMT
Cache-Control: public, max-age=3000
Age: 2068
Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

IEXPLORE.EXE

Remote address:

216.58.214.67:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Aug 2024 12:29:28 GMT
Expires: Mon, 19 Aug 2024 13:19:28 GMT
Cache-Control: public, max-age=3000
Age: 1811
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.16.170.49

a1363.dscg.akamai.net

IN A

2.16.170.123
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.16.170.49:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
ETag: 0x8DCA14B323B2CC0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 546be232-c01e-0078-1f3a-d3f412000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 19 Aug 2024 13:00:10 GMT
Connection: keep-alive
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144

104.17.25.14:443

cdnjs.cloudflare.com

tls

IEXPLORE.EXE

751 B
3.6kB
10
10
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

tls, http

IEXPLORE.EXE

1.5kB
22.3kB
19
25

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

HTTP Response

200
216.58.214.67:80

http://c.pki.goog/r/r4.crl

http

IEXPLORE.EXE

554 B
3.8kB
7
5

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
216.58.214.67:80

http://c.pki.goog/r/r4.crl

http

IEXPLORE.EXE

554 B
3.9kB
7
6

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
2.16.170.49:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

706 B
1.7kB
6
5

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.7kB
9
12

8.8.8.8:53

cdnjs.cloudflare.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

216.58.214.67
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

216.58.214.67
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.16.170.49

2.16.170.123
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2c81e6355ce1cb9a85b76f8dfde765fd

SHA1
eb5db71c9e79747bdac851121a1a541efe0cbb29

SHA256
e3fc1f5772fe1bb7a1148f2b4e700081ef4051a8d067b342ca1829ed2d04f512

SHA512
23e98332ac8f4b68896924c7e250ccca31009b870ed4a7cbde0d1228fd8ea4b467a1432839062c806d5d78c31f60824affaa5c5959cb77390c5bb2b7d9c4fc6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
529bfc45853916882e89a6769c60ce28

SHA1
0e5a5774e2eda4dca0d854209e3541f926eed511

SHA256
edbd6521f8c67310429764c346bf49dc93c22a3d043165bd4ad1e0c11a441472

SHA512
ff497c654589bf37876cc05b5198658b90c2ad9fb27b7bf45b8e5308e5fb4dc8b5dbd00fbdf4c1011487df3236b7ee4c6c0c816824a9c311ede13534773bd9fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3d30948f37fdb31d2eb003d6fc18a5c

SHA1
a9c5aeac7e5e61ecd85a92b65acee8089853e6fa

SHA256
63ee2fb6bd9979e662f02a763a9324be2dde8b9f003707c62af8de3cce217ebe

SHA512
c58122d6fff88f5b86cad1ce0514c8f6b7b387a2ef7d386cf13b033034314506c8ecff4764596cb650a40f82e274e8fafd4cdbce4a8661f59d3996ca8bd74e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8821485944db5c743e0120a7db47715d

SHA1
2d07336a3a4be2114f2eb93f5d2583a38f96540e

SHA256
a028f6fddcc10251d6afd3a9f24c157f4166adfeb9fed7e5456531b735c48e61

SHA512
c3fc4eec7636f735bec9ed9df2f28a5dc040d0dfc402533b4ff6511d4eb9b2e3f3ad3d2cda6374b2f87c1684639eef85d3114b53a99dea86d572619642215c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb238bfc80ce861b87b4aa6efbd636c7

SHA1
3bd79d6881f18104c4133e83eed24c4b6d65e1d9

SHA256
55d807ece65a6a5f7f08613f98ca3c33e60c4f917142cb31b245abba40d33b79

SHA512
3f0d5e67e516b1ae9fc0957de5e55df5ca77b22485e2e653fad5c70804a374259d5e0bf9685a2669bda2a7dea496c3e89b05341df4bcd17e953782e4f60cd6d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39341ac65d0e841e2c35868b9b7b19a6

SHA1
82628a543087300138574d5af6f737261577401a

SHA256
4bfa291d4d6a4915974e1d1aff70d01c1631a72f5ca1c9e880fe68e67addd7c8

SHA512
ccd719ab83405f0dda290193919ee919b04eb6b6494234ec8c150cc56e891b73b329abf67b99b6d2826fe4d3844f5baf46e0aa50b1fc19b5b223c45973f7e2b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be92de76349f6ea338441de2cbe8860e

SHA1
0f724c5fcb3fb7b21780b3efb61eb6b2032ae3f3

SHA256
11a0e6aec44cb066e01139c0d27474cd0d499642450858e3b2a0371e247ff65b

SHA512
44438554be03efeda8f5371ce0d512b64c6c408b28bc96ba503465da43173db7534e6424a0a920c76253590d0b1091c34ac07d3ef047a02c7cd3c4d477933a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dda41bfe92ebe2be676551e0ea0bb39

SHA1
eb9abc0076f9582c57a4f2f95ed96eaaceccf131

SHA256
8f5820ee8f5f9248e92f602144ac2e5b2db94bd180edd843ac2118ec78f82b30

SHA512
8f58bbca984f0d7f2c303dde71a45df2f3554b6f27fbf3fb7ea6c5b55af5eed4c6bf50f6e354fb3fd68ba51e040461bcf25161752fa8a05346b7564332abdc25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afdfd3b525c254e0393661bf9591f340

SHA1
2dd99016e221fb0e50de3092a0efcbb0c5b5a183

SHA256
8332e0240ba73755aebf5fee8c507f5638097719752f76f4aff435ca2ff3640e

SHA512
045b3a10db77ee0726c4bb9833f74343eb7c9e0e2f44a67ba0dba4ff987315df1baf3eceb326a3f521ac215b32ac1811767bc71a1648ca0b310c804cce1ff8fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5aa98554e9af79495ad0fb421b9aec4

SHA1
8cf54bcef51b113600686595e2a8cb14a2e8853e

SHA256
fcef2e9ff74ef88cdfb2e3dfeae90e1183008e35a1dd262516ff1d69a4d8c2dc

SHA512
33286cc351c1be42eab34d8a9a02ee9cfe50cb81c7b7a7e0dd8692dc102648d5b26fe212e6fb12eb37748fdbaee4aef183ef2b496b2cc293664ee3035b86ec33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
126f37ceba59d0316f6d8d6b05daeef6

SHA1
ce6370763fd5db5d27f16ef88c09a4579a5f6a9b

SHA256
66d86cc53585b7c00b0d845d792e6cd6e3de4726316d143ed8ea2fa933e7828e

SHA512
423e90dcdb063a99621d528dbbc237037869d0dfec14fef6dd84e56eafe0e01bf104a0f08938e3b0cad4af7e7103c794e8bde1b26bc344e319625a9ac504139d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31c42fc3fa02eff4f1f628946b0b3c50

SHA1
48c8a2ae669311d4338af7a4622374539ea38e97

SHA256
0c2ffecb458ede1078ec7051b4345462e5c43f904aa43e0cdc5cce633b3d97a8

SHA512
a7221f501c33440b41005740d8a3459ff4befd45c275a6e788d5a3be2c7827ba43a616b2e596f3e9d92b54762c4d20d0f37c6f726c088e7e305a48e431788645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce96a6ffe34899c524dc18a883f2853e

SHA1
09d4f82d8c55a6831818f7ca546d4ae1ee58c93b

SHA256
5328db12b29c09124163f2425085c0465baae6af038db3ac1a874f68b8719b65

SHA512
a52dd69ed21769d4eafabbd2a96bb5559a2745a290c7c1fcd8c0431a92c36ebf08f351861916db32b51f23171210f1489c45a7ef59c02b95b5dba1047ba35554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f17b6ca7fbf70fb033f33fcf51c47bf

SHA1
a090fbacbe1bcece5fb8a00c8dde88d69949a13f

SHA256
623a08de4b8e3f2e601bc6136ac61f09840905d24cd84c635be31adbe9d33793

SHA512
0b6f8bc8152d529b7a1018c4d5e6f602b946f9afe98ad567d5844a51dbbe66f3c2e049f6a7ea1771ce10df2e1f9faab8c4f30b60d46d94936a499b1e56ae0ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
261c8232a9e966c93c069e79c33ee73d

SHA1
2ebc6f9528dff8d6570acbeccfe311b6eadcec2e

SHA256
8e66deaedd4a66489cecda45703b8bf90dee60c8749bcf64ec6d1eb9e709f41b

SHA512
ab8ca94a4b91891bfa01abcb68fc1507e183ee0f7c5376c081297d8cda789f9907225fdc9be89fb079aa81cf2e3d4a208c50fe16162a7b9510f547a2ad3e50d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1359e5125620d3e940a22a6892756459

SHA1
49e79eac8c6cb3a680c0b4d8ac729a3bb4de2e77

SHA256
f29ce026a074ea54594d268fa292fa37a691936756e31aa61be3d81dec9727d7

SHA512
0f634b6fa88029cf1d5121cdf2249620f58354778e3745fe2498ca147477382ed1034329ac41880d0abd97afd4bed4f807b46c4a316c7064c30afd429fd9addc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3a7527b869c8ab11d3e38256b81dbac

SHA1
cc2bd368c03fcc1f3fe16328cbc88ea4b9f781a8

SHA256
72949740f1e10418855a1302c03e34161339b1607bc8d5159e691198ddb0833c

SHA512
2e82da3ae4fee4b9e5b79d528bbe7d38e995c1062660f85b77d15929e7cc57cc00bf0e376102621ac997e6a6899de8dec40ff27fa4eed29e455c146866be0bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c121a7532cd05c34c7efb129c723fc17

SHA1
e0191c4b6edb0818c4c01b1d6ad61d5fddfad5b7

SHA256
35d9c766a9eec97ef53645fc3ee4c72269a8c26ef54cb7eaafc72b4a0089fd54

SHA512
0c6fc388791ee9f750701c6f88f5ba29b9f171503be780793530e16cdad3da796fa20f5a3a5aea5ade9860358564ba4ab513549c220c2ff8a2ab6ca9aa966511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8321e0394a3ca58fe0b7dcd97dca23bf

SHA1
e536e180eb58a5fbbb6de8b382bf7661d9419422

SHA256
6ea3beec2718a7eec53a4f90b593e0072f8537a61e6087bd75ef24c4445efc69

SHA512
3300d471f959fabf51ab4e7fdc4a6376a30b2e8b5bc7be0244b749c1c47dccd39ee7c9aebb91a092847abb35fcc22e9c86f46160a090de71d3b57f4d9b23665a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2bfbb814f5d7a840011ceee201490394

SHA1
023a6e142372d0b386f5e9dc2ecf3ae3a52a522b

SHA256
6f3757e8f439c75ab2948346ce246d7ba4d6af52069407fa4cfe1ec889c5860a

SHA512
900862b6702065383ce5eb044a7d89139a09f4b3e47bb0251e21c71cd60d7e52b85628d06baae4e64de46d3efe2e29711069bb23fea89511cf15f49788efc7dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE11.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD2BC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.