8fd6eb3ce82c5ec920db6be2b9afbc3011e7e8dc591fc1bff94c38eadd85404a

Analysis

max time kernel
125s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 03:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
Size

1.3MB
MD5

ce8ca7e7de258fe34c7d17d968de034b
SHA1

bf9c78747d406fcafd14f93ce72e020d06ad8816
SHA256

8fd6eb3ce82c5ec920db6be2b9afbc3011e7e8dc591fc1bff94c38eadd85404a
SHA512

373e2b4e079321a4a8d97ab185bbe83c9cb9ceaae14d5bce2f214fcdafcbcd008ca629a8804e78a2ae65c3febc7d0514ebd75b2c028ea65c157fa0660fc729d7
SSDEEP

24576:Omyt7GQZ3MwhkylWPdQbXoO076GehFEyQCZEihjB:iQSW6doFejXB

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
704	wmpscfgs.exe
596	wmpscfgs.exe
2944	wmpscfgs.exe
2588	wmpscfgs.exe

Loads dropped DLL 10 IoCs

pid	Process
2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
704	wmpscfgs.exe
704	wmpscfgs.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe"	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe"	wmpscfgs.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\259461502.dat	wmpscfgs.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrotray.exe	wmpscfgs.exe
File created	\??\c:\program files (x86)\adobe\acrotray.exe	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
File created	C:\Program Files (x86)\259461408.dat	wmpscfgs.exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	wmpscfgs.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrotray .exe	wmpscfgs.exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	wmpscfgs.exe
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
File created	\??\c:\program files (x86)\adobe\acrotray .exe	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	2588	WerFault.exe	36

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmpscfgs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmpscfgs.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{86C22161-6C00-11EF-B984-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000000eebd2b50844951ba18ae37a6d23c38bebb7c210a19e4ad9983b4e0842091ee3000000000e8000000002000020000000fb946f1fe550b36edc1fd15ccfe4f9cb541596711763403dd7a1bbc48c32621520000000a682df955a395f70dd9dd1d0fcf22a7e138df2b9de155c1051ca07edb7a37c5340000000e0ebb8b17cd59f298d28e72ecdf861d18390f81d7b136afae27d2c0ddcf82fb2700c1fbf5d9ad5d1c228bb97d2633f2f5d04dd8b0a87b27fa43d22834a910d0a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b79b4c0d00db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431755366"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000009ffa6357858286ac04c313dac557f07a56c34c2abb91e91cf6bd8b6dbf4cea7a000000000e8000000002000020000000b0f355aff48a02b903dae286e8c2823dba46cafa848b4d956c43ee80179f668d90000000e5cbb48c72d74b1be7cd1ae0e57de1d800c78948abd50268012db00e06c4fca6976d5f5b70d3172f081023e91414c082596281585337538de240fd9b47917f92c98036e08996af83c276a2cf74a3bbdb277f93756bc4fea14188da3017bf4cb9fe4f44d775afa8324d272d2dc01f4139272fcba2afe0095d1fc59cc62cae005d39a8847e34bc1b6c21c38aa0153a2ea54000000080e4ff7584be7f33b35033d34b47c7ca895985c16e3691e6fc94c52ff773288506ddc0fac68ea222986c6371d9fa7708f5a61981023d72882a02dfbf81b43a12	iexplore.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
704	wmpscfgs.exe
704	wmpscfgs.exe
596	wmpscfgs.exe
596	wmpscfgs.exe
2944	wmpscfgs.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
Token: SeDebugPrivilege	704	wmpscfgs.exe
Token: SeDebugPrivilege	596	wmpscfgs.exe
Token: SeDebugPrivilege	2944	wmpscfgs.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2668	iexplore.exe
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2668	iexplore.exe
2668	iexplore.exe
1464	IEXPLORE.EXE
1464	IEXPLORE.EXE
2668	iexplore.exe
2668	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2668	iexplore.exe
2668	iexplore.exe
1464	IEXPLORE.EXE
1464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 704	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	31
PID 2204 wrote to memory of 704	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	31
PID 2204 wrote to memory of 704	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	31
PID 2204 wrote to memory of 704	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	31
PID 2204 wrote to memory of 596	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	32
PID 2204 wrote to memory of 596	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	32
PID 2204 wrote to memory of 596	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	32
PID 2204 wrote to memory of 596	2204	ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe	32
PID 2668 wrote to memory of 2732	2668	iexplore.exe	34
PID 2668 wrote to memory of 2732	2668	iexplore.exe	34
PID 2668 wrote to memory of 2732	2668	iexplore.exe	34
PID 2668 wrote to memory of 2732	2668	iexplore.exe	34
PID 704 wrote to memory of 2944	704	wmpscfgs.exe	35
PID 704 wrote to memory of 2944	704	wmpscfgs.exe	35
PID 704 wrote to memory of 2944	704	wmpscfgs.exe	35
PID 704 wrote to memory of 2944	704	wmpscfgs.exe	35
PID 704 wrote to memory of 2588	704	wmpscfgs.exe	36
PID 704 wrote to memory of 2588	704	wmpscfgs.exe	36
PID 704 wrote to memory of 2588	704	wmpscfgs.exe	36
PID 704 wrote to memory of 2588	704	wmpscfgs.exe	36
PID 2668 wrote to memory of 1464	2668	iexplore.exe	37
PID 2668 wrote to memory of 1464	2668	iexplore.exe	37
PID 2668 wrote to memory of 1464	2668	iexplore.exe	37
PID 2668 wrote to memory of 1464	2668	iexplore.exe	37
PID 2588 wrote to memory of 2444	2588	wmpscfgs.exe	39
PID 2588 wrote to memory of 2444	2588	wmpscfgs.exe	39
PID 2588 wrote to memory of 2444	2588	wmpscfgs.exe	39
PID 2588 wrote to memory of 2444	2588	wmpscfgs.exe	39

C:\Users\Admin\AppData\Local\Temp\ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ce8ca7e7de258fe34c7d17d968de034b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2204
- \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
  c:\users\admin\appdata\local\temp\\wmpscfgs.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:704
- - \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
    c:\users\admin\appdata\local\temp\\wmpscfgs.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2944
- - C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 48
      4⤵
      Loads dropped DLL
      Program crash
      PID:2444
- C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
  C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:596

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:406533 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1464

Network

DNS

www.supernetforme.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.supernetforme.com

IN A

Response

www.supernetforme.com

IN A

185.107.56.192
GET

http://www.supernetforme.com/dupe.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259462298

IEXPLORE.EXE

Remote address:

185.107.56.192:80

Request

GET /dupe.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259462298 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.supernetforme.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 06 Sep 2024 03:31:43 GMT
server: nginx
set-cookie: sid=8982c460-6c00-11ef-bf43-26ad848f67b1; path=/; domain=.supernetforme.com; expires=Wed, 24 Sep 2092 06:45:50 GMT; max-age=2147483647; HttpOnly
GET

http://www.supernetforme.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259464778

IEXPLORE.EXE

Remote address:

185.107.56.192:80

Request

GET /search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259464778 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.supernetforme.com
Connection: Keep-Alive
Cookie: sid=8982c460-6c00-11ef-bf43-26ad848f67b1

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 06 Sep 2024 03:31:45 GMT
server: nginx
DNS

www.superwebbysearch.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.superwebbysearch.com

IN A

Response

www.superwebbysearch.com

IN A

185.107.56.193
GET

http://www.superwebbysearch.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259547833

IEXPLORE.EXE

Remote address:

185.107.56.193:80

Request

GET /search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259547833 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.superwebbysearch.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 06 Sep 2024 03:33:05 GMT
server: nginx
set-cookie: sid=bad32113-6c00-11ef-a43f-26adf0a8485b; path=/; domain=.superwebbysearch.com; expires=Wed, 24 Sep 2092 06:47:13 GMT; max-age=2147483647; HttpOnly

185.107.56.192:80

www.supernetforme.com

IEXPLORE.EXE

190 B
124 B
4
3
185.107.56.192:80

http://www.supernetforme.com/dupe.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259462298

http

IEXPLORE.EXE

623 B
556 B
5
5

HTTP Request

GET http://www.supernetforme.com/dupe.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259462298

HTTP Response

429
185.107.56.192:80

www.supernetforme.com

IEXPLORE.EXE

190 B
124 B
4
3
185.107.56.192:80

http://www.supernetforme.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259464778

http

IEXPLORE.EXE

675 B
398 B
5
5

HTTP Request

GET http://www.supernetforme.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259464778

HTTP Response

429
94.75.229.248:80

IEXPLORE.EXE

152 B
3
94.75.229.248:80

IEXPLORE.EXE

152 B
3
94.75.229.248:80

IEXPLORE.EXE

152 B
3
94.75.229.248:80

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
185.107.56.193:80

http://www.superwebbysearch.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259547833

http

IEXPLORE.EXE

628 B
559 B
5
5

HTTP Request

GET http://www.superwebbysearch.com/search.php?q=2075.2075.300.0.0.cc689dccb276c1d5ff2b931be8cd93d93b8dc982fe6ae7b43e0faa8d98bc12b5.1.259547833

HTTP Response

429
185.107.56.193:80

www.superwebbysearch.com

IEXPLORE.EXE

190 B
124 B
4
3

8.8.8.8:53

www.supernetforme.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

www.supernetforme.com

DNS Response

185.107.56.192
8.8.8.8:53

www.superwebbysearch.com

dns

IEXPLORE.EXE

70 B
86 B
1
1

DNS Request

www.superwebbysearch.com

DNS Response

185.107.56.193

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15fc57ce23ec5672f390b66d1c8831eb

SHA1
f54b10c10ffa1989de89cdd442f1e6f92bb4805e

SHA256
7435c34c99ac0aa02d02c2574e69578f9eb261ae4bd5b4a14a1880a5d5e413f8

SHA512
d035957d06d547cfc997fa63e4ce232257163f8f2807c1214ab4a98937b9622a4e36bdcde521374465b9abaa2db875ea9cc1019b441b6f717c2d0937abae3eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
921f8bdf3cd65fcfebf0e221ec68acb3

SHA1
42e6e138b5fd7793f4338d579c583667ae180424

SHA256
bb71e36ecfca51a259f74c738975294fec626507db253551f2d1fceebf92902f

SHA512
d2a6fa33456b1b01e55fd60756972d11534fe181603d74d4da10b01476e23e15136f1906cdb2618c1dc2f0260ab40f602b0c68433e87003f7044f2baefa2d1bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a300cf9d2fd831c7e927b68772374189

SHA1
4457490a6b37c252f5b5eee2a19a5936a7cee151

SHA256
24be122ca55553fb3f00eff4c836101e3103a6e886985b530fa962f0b83ce157

SHA512
9abab54c54531a65fe6a2546a378829493d28a376a99333320e103e40b4bf2c8308166d5f4663bc557b94ca1e3024f85d6543cdd712688d168e15036e4991a35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdfe1c69d930a3dd1ddef73ebea59b33

SHA1
f7d6a1bf5953ef707067e435b62df1ce30f212cb

SHA256
f9a4bf2b9915fa57033ce059bd872091261b55a645908946e465d2c1fbaf7d21

SHA512
ef8b2089fffcf3fe96167c1349af17fd174ea28b512ccff35045fb516cf6372720023f849233d5327922edc32582c2c430648534aed5c0fefd7076a84dd118d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e780e3b250994822788a68824822e5b1

SHA1
04b31a537ccc877d21fa5e70a506b7c08f43a136

SHA256
063d556a9d89d182e84eb4abd8ffa2e442232ac92e0037f7bcb87c0d9a98b386

SHA512
f8349b12f1f17ff689d27600ed572b03cea65d38bc66c01ebac7309b81773d771dbe3fc094b56c7563d82176bec8d8aa1d269c81b69fe9cfe4f99af1526e1706

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6f7f0d060310527eac57dc2dc60c33b

SHA1
b1963895b86b076f0200dc7da870214bce6ef203

SHA256
009b01bf42a0a4e7a9c23b0738bd55e6a4430dab847066d1ab7c0bbb46df1c5e

SHA512
2a21971a7fdab6123596e0c52974b24911b29ee6c6a8c6ed977a5b2ade3d5639913cf26a76ede27bb8f2db6cf8903dd6f4cff2fea308b4803946a292b2ec3df3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e5f9a95dce484c99e3fe47cd4975745

SHA1
552163c0f730e0eaf804976a7927cc39174b541b

SHA256
fdff5c8a3e77328d5dbb9df4a47e03d433a7294b78811e1610b52b5142bc6993

SHA512
83c20da3c98191bd01211278dffab0e9893d0938092f0e03e8b934673acea4301ddca231eb4e32e68c1e320bc779af0aafd84574b46f2f3cb615c35b37ec8482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed584591fe7a32b42004b15fd0524ba3

SHA1
f7fa91c6d86f07bc4b248c72691f24a89f42c63a

SHA256
7ddf560645824de87f122428358e68245dc70c4d9045b7dc4af1ced7d86b67c9

SHA512
825c7f8b4865f75280bf8121ac116bed7743388e719b22d3f93618dd128ee279e797200f69761529b69632627e439ced58cbda33147a4c558d097af980771a4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9724e7acb0a6a8b5639be224b7afcd88

SHA1
3ef2f7e028580b23b294ef1e057f861e5be6cc39

SHA256
0e3bc07d04896b9222c740da791c396e3553c05eb7c18da6fa47a22d8eaa9608

SHA512
e21ca8e43657431787bd1775a50aab476d55588bc5b157f93071b37783c509b63b8ccfe7a9b43f02bd957eebe39403ef8c7acdf0dfd28687d0594e5b4c80671c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bba72056231c5bf9e34a7f4f9158f09

SHA1
be5602a4114195ef6b4ec9b767a48b0039d11175

SHA256
1e9ea75deb5f530fef1d415499f15bf9ad1172e7ce5cf0ead894a63c016229cd

SHA512
0da8f829dcde76e6f8c55b7c1c1f30ae593c9859d412833ffe9715133e2685712bd90a399653e2b96bb80e7335ba9a74ee7f038a3642b08fbc41f343237854f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a105ea8e04784d32c2d8f44fefd17081

SHA1
0fcc48f94370813f657fbc24299d5db8f7318284

SHA256
158cf66673bc4883113c5530bded395bca5cc0664c10ee85e1424f4d07d2a896

SHA512
3ea495ee177302aea55989ac6dcbe8ca63542a1fc625ad5b014d2fb3b89919e1481b2a13f0be0e7a7108d13cab8979b01bfaa11481465ae5c8a38e3f9e3fac81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a4a69dd2d06625df0dd191610c14230

SHA1
42f765997d00e5b3ec70c8fef86a04fb13211a42

SHA256
ddeabdd540bff940cb4ff434bdf165d3862c100005e8e021d997c4543ebc6578

SHA512
26712a8d9b592235a01f7d8044ac125e29b54fbac8e30b1a90144f60e4993ae01a98102364705797f3dc9abff24b92fb04b53823804dc842586bbb63064d2825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5b3e988aca5ebed335c3d2a5c4db8bd

SHA1
c6c1efe1e3ad13bf914f84ebe0eca910598a49a6

SHA256
764a8720cd956c2738221f71e7a02e0f67c13de36f6ed258c55e859d4bab3deb

SHA512
c6735910e6af6b0f4df6c5756ae017ec401162cad889033e85395252c0fc5e098174018dc3bc4238fc646c7ddb0ab5e673c28431a5ba2a98fd0c38728d5f8e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da1896af8cc92b091457239a8c500397

SHA1
00132b48384f9a9d41a885f8e0881e7641da36cf

SHA256
a5e1d614fb97ab642d9509c65037ba89a47c0fe4b947ecd2456df79b6ec9b03d

SHA512
49f53bcdd8cf5f26c345a76c92c04b8ab24a7fdbbcfaf17bea1f16a90b714326cabbb7292400223b406546988e3b93bec96b92cc1761ced4e72c8a34a471124a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a467674ac147f6a2f5371b2edeb4b011

SHA1
b80bd2c8276058d44801a70fe360c61efa5ad16d

SHA256
72abfdec520a3386c5d84c44eb3cc4c5152d9f0dfc15522ecd457afb2436fe35

SHA512
4121c472bcdf69c804c5e44cecf804ea317e588b19800426a30ee1920c36394e466ecaba9c3740ff5cbd9cadb2eb24512c29be95071a00e55de5db4d61283f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d796b2fe77d028d6a2a1a2f0b7a7128

SHA1
f99fe018b0b4ef2f4023e12c731d58327f3ba83a

SHA256
4757af4ba96132fed9d19f70f26d974b8297ce0f20a554743d4e0f14a9d8f757

SHA512
d885d2595efe187396ce4ff64ea51990663d7000039810feb5ea8595d7b0d69b58780b801fbd34d4a6f45b490067e0f34ccc3ed62dd1893383a504d6f58ca216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2def40f2a5000d8519f2b3ddc3b9ac7b

SHA1
8c5125e859e826f103d0b091e1deadb9e3eabc0a

SHA256
e379b037f163f51af67c947263e575d252d8b53538f8f44491c2ff3e37e0a5c5

SHA512
ade490f981aaf69ac0e5f6cfe574fee8c938c972f775b924017318b4f13506ca6d7e26c337c4e3f872f4c85cd8344a18911b4090a0097771e53b3fe34fbc244a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4f67a26229056f061d45c9bb90be60d

SHA1
afb4412f2d52b5d729d4135cae45992c42d41db0

SHA256
ec03ba6b383c4d785cf18fb8228e38449245ed5c9692d00dcf1864a01613569c

SHA512
6745684be8fe3bce732f8ae79a1342e72298af3f3b517199cefac1892ed656cf89d5d9684bc16203e9fce649618924daf8de1cb20c13d86dedc12fda1f6a8052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91168dec0b81bb04f3cb4149df45765c

SHA1
27153f6385504d1e84426538ba72acf0e1d2c1f2

SHA256
01b7adf31d4053eb252c65b46850555261ae2cf70f6e01ec0edffe90210c51ef

SHA512
b3c3b6d18263c8e6ca87973849fed8f20d35943677a65ee9bcdb60edb8ec3d99ce8b22a26fa7b07ad53b90bc13a5267280637b637b15902b41c8f36699b9df2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab35D3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3674.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe

Filesize
1.4MB

MD5
b39f9e9dcb9ecdb66ee4a8483afc9cb6

SHA1
bf26dd14d88e0cc426904dc0f4752783e7878733

SHA256
d384f9054e0869d8d7a1ecf432bb38da2e4656dbcf4960d25329deefd0c3552a

SHA512
504263b638a2ceaae2bd2922db6d26fcb8d11cf9c9149d3a7fd15041535594f33b930b6f0fea15a2bbd68dbff919f00e478d0f166a3fbc77a602fe062f88bfe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFDD36C3DE94F966A9.TMP

Filesize
16KB

MD5
d23e2adccf48f2ef198709b669ce69af

SHA1
2d18fcfd01224e9db34e14d79d880f8bade31e99

SHA256
34b7e6f405d70ad9a330a9f1a754df2ced8145e606be89e2e2b74a75cbcb565d

SHA512
8110336678555749b665b355d9c14ea59cbd2e6ebb9ee74723d2ce83b075b05a763b130cc872245a232cbc6fd740d19f6dcf28aff39826de9f19b8d9f78d5604

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EZO1Q0BH.txt

Filesize
107B

MD5
d2448d3dbe35d3878823aa13415f3a79

SHA1
03fe5c6948eb41342a5a054edf611cd82a90b58f

SHA256
fd2a1592d3cd8f8ebd48cde1e5bd1e9af80730ca2569f0a469cbd4dcc7ef2426

SHA512
f6945016a9c852b996be8baa6aa853b5afb7054a71a56f287a00163f1126c285f0d473f2aca78bbfda60ecc10c8f602dd1c03e97adaa73dd0deeae41289b5126

Download Submit
\??\c:\program files (x86)\microsoft office\office14\bcssync.exe

Filesize
1.4MB

MD5
276ef999873a3219088f7739a38f6c8f

SHA1
d535aac6f77ab38c1787262575c1de63bfd5ae61

SHA256
c10ca92d2203e0916b371e99064380e8d9ae3544662dc3706d8df21179faf1a7

SHA512
ddd812d836146da2e47478ee6f50cdb58d5e6073bec469bb3a3fb7f8d129fa5aa8694e46e1bb359578b2099580f4bb1ee14ed9be55589d7dec6217439aca29a8

Download Submit
\Program Files (x86)\Internet Explorer\wmpscfgs.exe

Filesize
1.4MB

MD5
b19dd9879c7588bb6c558b4faa1e29bd

SHA1
48d0e066cc53d37482199d9b013dfbef54a8c590

SHA256
34bad2e8d9e33c81ef55c0fb0d99bf4c2b6310ec1177b8b71bc97d9d2c72e319

SHA512
41dd0af9ec0aac6732ffc896473f53a7c5bf3f8f21572a205c83f32a00cd3fc71dbb270c025e6938025f6b113119d2a6e580e2f9a9fad850bedbabbc7b1e10db

Download Submit
memory/596-35-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/704-22-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/704-49-0x0000000000340000-0x0000000000342000-memory.dmp

Filesize
8KB

Download
memory/2204-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.