20d2f2a3f2f6f62d37acde6aa7c18d0c105d3426bca843e1c7702d6ea39d0106

Analysis

max time kernel
141s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 20:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html
Size

51KB
MD5

d05b25e85a1242fb9fcaac47de773e9d
SHA1

f27c47dbef198e6abbefa475c230744529a7deeb
SHA256

20d2f2a3f2f6f62d37acde6aa7c18d0c105d3426bca843e1c7702d6ea39d0106
SHA512

f0ef69f1fc630911b30ca67b99f4413e3af7f6d750f717462313b242bf0277d119b568208b1c833b67dc6db9f34b90f4faaa3c36add216983932a004e9f1e835
SSDEEP

1536:Llz+4bbbbvvvvqqaa006bV8NmL3uw8NmjJmn8NmiHfCDUaUPUz:LlzM/CDUaUPUz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08788f19700db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000ffb41d7af8cb230dbec8bfbf825248bd36c9973af4e8d9aade039d49cc95a261000000000e8000000002000020000000c41172088700a89f7f99e468e561a2c59224f017c3f4fc2e88b82188b2f20fcc90000000ae5dea3dc526f0221740224cfbefe40ceaaa5d555ce9c58a75b57d1fe53666c51c04697bdc173ddc351ff92ba899d5a231a83c001447b98714139de2265fd0964fbbc848425b868f67bbf74bf38e238b308bb9e513432ad357c3e92658a9752f8f4503196e8f682bd65b8074abad40627cb464fcafb9793adf0fd5b1186451a4ff57ce356bc0655d6bf55a83e277f4a540000000a609af0bce3839bc9b1a529bc30680daf14bee9a996656d0d7c9a981c00f23f9834c5fd319c6410fec257243d62a316782dbd97cefc3ffd7734b4489b42ad3e8	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431814883"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{182C3111-6C8B-11EF-B0EB-7699BFC84B14} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000d398fe862adea8b665c4e1b353fbd25400eaf54687408c72dcd5ada1600a6a82000000000e8000000002000020000000fca1295dddce7dd65af9f89b45348d66900fb07062ca4261aeb44210ff18bbae2000000051986116cffb78aa6db5836633dd3c572bb5d8d06e06cd50b7014f04fef7ede840000000b264ef5044bae4545b3e5e0f0c9b3e752986b95d661704b953005d2c004061e82cd7a5798941a5a0a627ba410e10fe60d3bd6305b380394dd3d31f87a9699472	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1580	2232	iexplore.exe	28
PID 2232 wrote to memory of 1580	2232	iexplore.exe	28
PID 2232 wrote to memory of 1580	2232	iexplore.exe	28
PID 2232 wrote to memory of 1580	2232	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1580

Network

DNS

js.saleslimhk.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

js.saleslimhk.com

IN A

Response
DNS

www.expression20-20.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.expression20-20.com

IN A

Response
DNS

www.heatwiseplumbing.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.heatwiseplumbing.com

IN A

Response

www.heatwiseplumbing.com

IN CNAME

heatwiseplumbing.com

heatwiseplumbing.com

IN A

5.134.14.38
DNS

www.heatwiseplumbing.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.heatwiseplumbing.com

IN A
GET

http://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

IEXPLORE.EXE

Remote address:

5.134.14.38:80

Request

GET /js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.heatwiseplumbing.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 795
date: Fri, 06 Sep 2024 20:03:40 GMT
server: LiteSpeed
location: https://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=
vary: User-Agent
GET

https://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

IEXPLORE.EXE

Remote address:

5.134.14.38:443

Request

GET /js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.heatwiseplumbing.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://heatwiseheating.co.uk/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: 11d_HTTP.404,11d_404,11d_URL.aee194651a7be89763b303ffec9a1c86,11d_
x-litespeed-cache: miss
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Fri, 06 Sep 2024 20:03:43 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.18.190.80

a1363.dscg.akamai.net

IN A

2.18.190.71
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.18.190.80:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
ETag: 0x8DCA14B323B2CC0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ff7d3404-301e-006c-4d37-d3bc7d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 06 Sep 2024 20:04:14 GMT
Connection: keep-alive
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.201.66.15
GET

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

Remote address:

23.201.66.15:80

Request

GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 03 Jun 2024 21:25:24 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: cyz+t2uRxNE5eKALjGZu1w==
Last-Modified: Sun, 18 Aug 2024 00:23:49 GMT
ETag: 0x8DCBF1C07FCB4BF
x-ms-request-id: 5857f354-001e-0015-383b-f24059000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 06 Sep 2024 20:04:14 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV1770e9bb.0
ms-cv-esi: CASMicrosoftCV1770e9bb.0
X-RTag: RT
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.201.66.15
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.201.66.15

5.134.14.38:80

http://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

http

IEXPLORE.EXE

2.2kB
1.8kB
13
5

HTTP Request

GET http://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

HTTP Response

301
5.134.14.38:80

www.heatwiseplumbing.com

IEXPLORE.EXE

144 B
92 B
3
2
5.134.14.38:443

https://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

tls, http

IEXPLORE.EXE

2.1kB
14.9kB
16
17

HTTP Request

GET https://www.heatwiseplumbing.com/js/jquery.min.php?key=b64&utm_campaign=snt2014&utm_source=&utm_medium=&utm_content=file:///C:/Users/Admin/AppData/Local/Temp/d05b25e85a1242fb9fcaac47de773e9d_JaffaCakes118.html&utm_term=ebay%20xi%20xui%20tang%20weight%20loss%2Cfruta%20planta%20location%20update%2Cmeizitang%20pills%20definition%2Cmeizitang%20pills%20manufacturers%2C2%20day%20diet%20quote%20funny%2Cli%20da%20daidaihua%20slimming%20capsules%2Cps3%20super%20slim%20802.11%205ghz%2Cbotanical%20slimming%20authenticity%2Cmeizitang%20amazon%202015%2Creduce%20waigth&se_referrer=

HTTP Response

404
2.18.190.80:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
23.201.66.15:80

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

http

445 B
1.8kB
5
5

HTTP Request

GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

js.saleslimhk.com

dns

IEXPLORE.EXE

63 B
136 B
1
1

DNS Request

js.saleslimhk.com
8.8.8.8:53

www.expression20-20.com

dns

IEXPLORE.EXE

69 B
142 B
1
1

DNS Request

www.expression20-20.com
8.8.8.8:53

www.heatwiseplumbing.com

dns

IEXPLORE.EXE

140 B
100 B
2
1

DNS Request

www.heatwiseplumbing.com

DNS Request

www.heatwiseplumbing.com

DNS Response

5.134.14.38
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.18.190.80

2.18.190.71
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.201.66.15
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.201.66.15
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.201.66.15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
632c8f29ea9d34adacfc6e53cd24e6ac

SHA1
3f65445c6a98b491ea80ed96aa2f359a55b89345

SHA256
630a34202785b1a81c1328d00a21022a80ea10ade5305e244f8aa7cdafb01979

SHA512
0d9401aa060432747568553f757bb46e797524f50c754dfad8cbf97321a5b4b9f95d6adea3ce00e412890ac7cac30dd4b0164b99ca2fcb646cb7909c99e7b739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f40315bbe9b19ecb0d144eeb80c75483

SHA1
b6d531bba3839e722b4ab0bfab9bbb49d390f852

SHA256
830f927a2af3fd7e6b87bcacdafacfd0a2185096d9357fe1d4d8b35ac78a3186

SHA512
e3671c80cd3884b9b5a7793a860d63dc2e81996157e353f75ab8a112e26d15c62f2c6c99d2e5bcf919ad5ac7758badfc3d741d77dbfba607e61972b3d29a92ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d929b566268d5b0c2ae29a2166905e3b

SHA1
4bd8e331b59ad6ce960548673526cd96f754dd60

SHA256
c7cb1b92c84962b942556b510553eb41e0881687da259a031eff6236e6d3214a

SHA512
465a5b42934fe1a3ea23b767300af5a8b791b8e5bdfc238a94a0f4bf4c9d73e2c90d6483d04e4006085e7deca4935a1b61ab80d26f5959bc5d3a8fb006bfbf0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13b52153c255de92be6cedbf2b1d6b56

SHA1
4ba2db9a65bf511075566d5232b7eb224910eaea

SHA256
da0655928ab420e903bfc3eac80403e93ab5c981187350e1fac5b9a5e36deb5e

SHA512
f2ae942e73617a2ce8654e5fce798ab5891ead28f6a874fdac6aaad8034fbd83120d28db2ca041e59925e630814759682530a4f3499df9e8bdb9d686a1e36bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a77b3b14f073c6fe038e0e37db7da8

SHA1
e568a7249632f480c638f84f356a9eb1593b7699

SHA256
f8c19102a46559350009a89d37cf02cbad75c83e0d5b9fcbae0d1327dbfa5104

SHA512
427dae120bc6b1d0b5a3f797512bc66537fe011d258b04184a9288e93f08021945ef5f1824dcfc4ea278785962a16015bb5d0b297a867f48ef2397f606fac394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb8a310f064953c3c80e93aaba45312a

SHA1
9dfdc844da3d33278f6c2de81579c3800e34706a

SHA256
0f9a4f59ec185b47ac373a4e5a3635930ac6b8d7de98216cafe6b15f9e09c184

SHA512
a8bbf9f2eebeb4b3aa39ec822a6b02445617edba3218c01530516824857b6735e6752496520bafce241ce538ff84e821d4fbd103953c8f64b94bf43a7d136903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d4dfb1f470ba36aa12ca9170302c9ef

SHA1
a329f3f52c29a4f7e62295b0a849b9c174275f1f

SHA256
dbe621c9433c4cc6de8cf1465317b37c2c78c92c279d3cc15f4701004a33d926

SHA512
c0df22cd8d66b0b27247cc68eaeddeb5dd16d09ab1c9ab8537ccf4fbf97830fb7d654bfc659f4ebcb807cda420c4aa841a59a09e4447d854eba0878f4ba77e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dd030ae67af7dd8a78742fa118200d9

SHA1
aa78f8272bf9ad2ed82f1700a66a76e770b4e4e4

SHA256
07a22175ede930ead1d6914109fab699817d96a54e134a79170bf746acee7662

SHA512
3f8ffc408503630afb1b3952b0a41fb42c5e0285e0962d03d840a4997f3a534307fc6baa2ec25fb6e8cc0240edcfa4969cd17d532db86cef3d3551b525bab7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8905ef2df10be4b3ed5b860d39fd476

SHA1
d68b107aac0522582e1dcd21043ffab70eb637e7

SHA256
59a6100a4d6fef35b92d7698f13889f6d3c74949ada4d6d958ddcac8c77105d5

SHA512
05f703f6908f2598b21b741be939d21dcce071263078d6cdfec10085ce794b0793c66aae87565cd73740ecec323d447bfc082d924a7c66183c75065e91773309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dd22476b48c82da2b17a074e4450b52

SHA1
aaba111e3a7c2e8f46116976f296382198ffe185

SHA256
8854ff282deee43bd818cc4a9036289ff654c42f28b40910711a1e4c6bdcabce

SHA512
1363edc1f299501ed5795b7bdbffa3a00263cf8962b8b0c239f0dafad8c6da36409ffee69adb4af71f5a86aa021af226d35eb07d25c1482e31f3ef0f03cf108e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e69ef0b874cade13144c69a39634c4cf

SHA1
ad9eb166c1dee057c39548ecb254270b2c4c2b45

SHA256
5a2147c35c3ff3175da45b26b82b833a6f989e28a7608ad64923598e106038cf

SHA512
6de97fb8e0f9b941c29ac27aaf71b1113253088856217ffa87fbe376b4ff7e3743f9432c04e13770ba396a75f3c9cbb78009527d2818ee749bb43e8e662b4eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
004b56d144f1b1a5affa736508520b4c

SHA1
bfce3016678fc3633be4d6b97a376f21d25b8522

SHA256
6b0d3381979809a30de854a42b10c867b816943ab3bc812aad2f6ea57bd05042

SHA512
56ae0c3d325ad5114429799eb75d2e63e0fefa0c9b10f62c2dd1b86089ba609327029697d6b5f1e685d2ca66b965851df40ce4b5ee50be9e6c44b7fca3c723ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79f7cf9818c2da432362cd21df946b18

SHA1
5ea2f3667d6c5c5a517fa43967c871a3a5d337ce

SHA256
203c5afd02181c672f0c4122cf0324c7a75ef071a471a7cd3147ec307e80f323

SHA512
c0e0d025a97000e581b63070a59d0ea77ac12e7e2a6d96e884c40b1b573182a8d36a105e9d78934c22d4e7e4c6f9f912540a63aa62ca527b19a7189ca72fcce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6213f18cc5cfbfa42b0b9fb4baa643fb

SHA1
bf3a958148277e139078b2fc4640fd57c99cdc39

SHA256
2c92eb39bac1f979268f03e01cd9ab63923a64b442c45d7ac65e42c5a70d90fe

SHA512
de742b2919bc0d4f918e00dd98f976959de5559324924892102398fcb6613f27533ac2817d25e4cf99f410f23a592992a239a5674681213bf359554f29c508a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e32c5fad02cfdfaec9c6556ab02905b1

SHA1
10a442c6b71bb3fa270f590111465c9a8ec94c48

SHA256
1a9fc95e622e4f9d9a451bdb77aa6ad5042810778db0178b02eba4c726925a2d

SHA512
b308e5ede790e0b57c731ea92181d4286a4364dc617ccd1334e7ed2b6e0897a4a606f1d5ef820f500e5c635bc62d9ee3c9856ae27fcc5469c01d43961d81a72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e5c2dddd14536510f5c40975b053e8a

SHA1
bc2b1bae275452692cbd1182cf6c95be52087d18

SHA256
d7852876b7383818a2bc6fbf8df4a466a53b894a859011a1be0a9de7a0578132

SHA512
eea354dfa4e21264539938fe461f2ffa3439dc8bee241f958eeefafb654fb0e46f7aba61d75d578685309a30e2a7b4333d30875b6f4b5c0036bf7a3d7711fa6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2efd76ea5e5b35beaa7ceafabd0b2e4b

SHA1
7dcddc118b07e980445e90d3c7cf5938a4748ea4

SHA256
3bc600e237cfbcc9de16a91c183b9c005c5af545f64d194c46f552c8470be32f

SHA512
019c5bb7e2da9697a559b804f3f318003b46c947443ba619b6d9271556ce839a171dede3ad8bce5846b48b92e84fd84d9a098c410c68de01e477a5f917d9361a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE59F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE5A2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.