a4404d09a95e69886798ed2744c9b24a40941f91541d4316d15221363cb91f67

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 13:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa855af1ec77440a0c230d7549d279a1_JaffaCakes118.html
Size

6KB
MD5

fa855af1ec77440a0c230d7549d279a1
SHA1

f859a1e9abb0305fbd4ffd5d4699e4e52db3c5c2
SHA256

a4404d09a95e69886798ed2744c9b24a40941f91541d4316d15221363cb91f67
SHA512

624d70266dba9a6b4586eba683c3cc91b7e8ff9798a8f2e51cd54dc4e7831dc1eac6045850eb0ddf91f7eb8fa856a70ec450780c411100d761abf23b7adac195
SSDEEP

192:bsCx47zPc9jI2OHZDX/ORw3RXPEqHIvKxm/KEYRRqphnWhZVzaxmD+T:bsCU6EXGO3lPE5H/KxaphWhZFS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
3712	msedge.exe
3712	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 2156	3712	msedge.exe	82
PID 3712 wrote to memory of 2156	3712	msedge.exe	82
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 4604	3712	msedge.exe	83
PID 3712 wrote to memory of 2952	3712	msedge.exe	84
PID 3712 wrote to memory of 2952	3712	msedge.exe	84
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85
PID 3712 wrote to memory of 3668	3712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa855af1ec77440a0c230d7549d279a1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

onlyfind.net

msedge.exe

Remote address:

8.8.8.8:53

Request

onlyfind.net

IN A

Response

onlyfind.net

IN A

185.53.179.170
GET

http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco

msedge.exe

Remote address:

185.53.179.170:80

Request

GET /in.cgi?3&group=18&parameter=agenzia+viaggi+lecco HTTP/1.1
Host: onlyfind.net
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 27 Sep 2024 13:52:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket011,bucket088
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_JBrU4718Ao88r8o77l1HZNUcOx7UcJMu+ACWW3jyoBLfQWZR4m667k+ExjLpDZvdAcpF/scZh00XKeGMrVuvJQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: english
Accept-CH: viewport-width
Accept-CH: dpr
Accept-CH: device-memory
Accept-CH: rtt
Accept-CH: downlink
Accept-CH: ect
Accept-CH: ua
Accept-CH: ua-full-version
Accept-CH: ua-platform
Accept-CH: ua-platform-version
Accept-CH: ua-arch
Accept-CH: ua-model
Accept-CH: ua-mobile
Accept-CH-Lifetime: 30
X-Pcrew-Ip-Organization: Datacamp
X-Pcrew-Blocked-Reason: hosting network
X-Domain: onlyfind.net
X-Subdomain:
Content-Encoding: gzip
GET

http://onlyfind.net/favicon.ico

msedge.exe

Remote address:

185.53.179.170:80

Request

GET /favicon.ico HTTP/1.1
Host: onlyfind.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 27 Sep 2024 13:52:50 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Thu, 26 Sep 2024 07:56:43 GMT
ETag: "66f513bb-0"
Accept-Ranges: bytes
DNS

ifdnzact.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ifdnzact.com

IN A

Response

ifdnzact.com

IN A

208.91.196.46
DNS

www.mydomaincontact.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.mydomaincontact.com

IN A

Response

www.mydomaincontact.com

IN A

54.72.135.125

www.mydomaincontact.com

IN A

54.72.39.107

www.mydomaincontact.com

IN A

63.33.162.142
GET

http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95

msedge.exe

Remote address:

208.91.196.46:80

Request

GET /?dn=onlyfind.net&pid=9PO755G95 HTTP/1.1
Host: ifdnzact.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://onlyfind.net/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Date: Fri, 27 Sep 2024 13:52:50 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Content-Length: 300
Keep-Alive: timeout=5, max=112
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

170.179.53.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.179.53.185.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

99.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.209.201.84.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response

185.53.179.170:80

http://onlyfind.net/favicon.ico

http

msedge.exe

1.3kB
4.1kB
9
11

HTTP Request

GET http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco

HTTP Response

200

HTTP Request

GET http://onlyfind.net/favicon.ico

HTTP Response

200
185.53.179.170:80

onlyfind.net

msedge.exe

190 B
164 B
4
4
208.91.196.46:80

http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95

http

msedge.exe

827 B
1.2kB
7
5

HTTP Request

GET http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95

HTTP Response

403

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

onlyfind.net

dns

msedge.exe

58 B
74 B
1
1

DNS Request

onlyfind.net

DNS Response

185.53.179.170
8.8.8.8:53

ifdnzact.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

ifdnzact.com

DNS Response

208.91.196.46
8.8.8.8:53

www.mydomaincontact.com

dns

msedge.exe

69 B
117 B
1
1

DNS Request

www.mydomaincontact.com

DNS Response

54.72.135.125

54.72.39.107

63.33.162.142
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

170.179.53.185.in-addr.arpa

dns

73 B
151 B
1
1

DNS Request

170.179.53.185.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

46.196.91.208.in-addr.arpa

dns

216 B
216 B
3
3

DNS Request

46.196.91.208.in-addr.arpa

DNS Request

46.196.91.208.in-addr.arpa

DNS Request

46.196.91.208.in-addr.arpa
224.0.0.251:5353

584 B
9
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

99.209.201.84.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

99.209.201.84.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
216b36062793a404265326f0b2912a8d

SHA1
3ac0b87d3c35be086fe2e9e7668d77139da08f69

SHA256
5ea936fc473fc9c39f123933f1f89c5e7ae82ad23c8ddd08e0ac2793f73b9aab

SHA512
0641a2f728a6c3b062f146dd79a2192bb8862d31c2d69f83f7c4205850502d299b77d14a85e848add8ea1b49e6385fb05142ea8df16737cf11426da1319c70d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b9435498172eec9451b192681971d39

SHA1
df1ce9d691ef2579dc25206eb39776967ff47893

SHA256
6615fad9f0e10c6b554c52f1c723650ff6bfcb7e4cce3e410ca296350b9368e5

SHA512
26698dca53ac08d9df475128f8db6dbe029682b86d41f4142a12cc84b6acba9fef82f11085e965ea52a1fcbe51a6fb7cba5b0a9c496b842ce5ded8f6d87b0706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e91c47834e59d56d7168cccc284ff52

SHA1
1aa0d5184374a6e683206acff63eb2faabfbee2c

SHA256
8197a1b63d5d5c062a77e27efc507679bd568597dd8893809f09f0d3a0186868

SHA512
2f27e96b3cbe29856f725a82f378e9e5d51e1f0f1a8a891566b210fdd10e54d652842843153d97cffecc689d88a3844f45b294007eb50792fb69923c5b36a6a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.