6e61734c0e881eea453b48c1425a4b9ea9e40ff175f9b4a27e4661007cfb54a6

Analysis

max time kernel
140s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 05:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12125a7072292b0c040d8842f1df01cc_JaffaCakes118.html
Size

56KB
MD5

12125a7072292b0c040d8842f1df01cc
SHA1

74a43710effc284294b4516c7a7f2cf36c489d3f
SHA256

6e61734c0e881eea453b48c1425a4b9ea9e40ff175f9b4a27e4661007cfb54a6
SHA512

2c22bc9f147ac788b4c95849c209bb8d933c35e30e0a52c30d66def3cf7e96f21c6f687acf8957d46a6751ec8986ef0d80e7a39ecb8a26fda82c69960d3729d0
SSDEEP

1536:gQZBCCOdB0IxCLXgUKe8amCsNtRAb7oypdsrAXeMKWKxoBcoeSO/tSChqcsbxovv:gk2v0IxPUKe8amCsNtRAb7oypdsrAXez

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000006040f5d6b2f8518cd3cf68d86071e2e9cce30e73d83c0b1ddb00581b68650cd2000000000e80000000020000200000007f727206aaccfbc0a023cb23c25fdbdcc10c86193ab9c0ec1f2611a194022b95200000000922cf06c94ce80d178ec32cf7e77c834c97478165c710f475db2d7677ca94db400000006dd6f888f3810b71ac4c1e83b0380dbfe5d3c34b4f160acf4152e1f323509dae8e38d17412457530e0991afbe98712b8666f78252816f177e74ba59c7f6b55b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a034e17c2016db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A604D211-8213-11EF-A540-C28ADB222BBA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000c9612630a2e0508ee9d6c2929188b7b0abd8a2866e22fc4468f90de3af3ff432000000000e8000000002000020000000e0e36f890a30f8506ca40dddb6ee24970c635bbd049d8938cde76bb9e181d8ee9000000010464b965a24f16980830d562e494f16cb48859fc25b7a183e5a7b4887119ae1b43fca95b426c0b55c01a2e79be7e5c941c9866948cdc9c8e5dadf3c9e4c059e4a40fe95313dbe72d84d42980a5e28a94f538e103a7d3d4101eba35b7327a0ea7549b651171b79b796e83bccae7f1c11c3c43574fd436bc5d39a2683c265a371d390ac291574cb6b954c65687d91b87440000000db6be6f8b478a2cdefcb012e830f5bbcb06204f4f994a2073087a239c69824d4c90c1f6d66329dc65b16c3b84d2f9fa44ca4a0a637d2fb160aee12e05df30f38	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434182504"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2052	2384	iexplore.exe	30
PID 2384 wrote to memory of 2052	2384	iexplore.exe	30
PID 2384 wrote to memory of 2052	2384	iexplore.exe	30
PID 2384 wrote to memory of 2052	2384	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12125a7072292b0c040d8842f1df01cc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2052

Network

DNS

spellmanshow.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

spellmanshow.com

IN A

Response
DNS

double.boublebarelled.ws

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

double.boublebarelled.ws

IN A

Response

double.boublebarelled.ws

IN A

64.70.19.203
DNS

spellmanshow.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

spellmanshow.com

IN A

Response
DNS

web.icq.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

web.icq.com

IN A

Response

web.icq.com

IN CNAME

www.icq.com

www.icq.com

IN CNAME

www.ovip.icq.com

www.ovip.icq.com

IN A

5.61.236.229
GET

http://double.boublebarelled.ws/FrMal

IEXPLORE.EXE

Remote address:

64.70.19.203:80

Request

GET /FrMal HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: double.boublebarelled.ws
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 04 Oct 2024 05:44:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 577
Connection: keep-alive
Access-Control-Allow-Origin: *
GET

http://web.icq.com/whitepages/online?icq=8765463453&img=5

IEXPLORE.EXE

Remote address:

5.61.236.229:80

Request

GET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: web.icq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: kittenx
Date: Fri, 04 Oct 2024 05:44:02 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://web.icq.com/whitepages/online?icq=8765463453&img=5
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
GET

https://web.icq.com/whitepages/online?icq=8765463453&img=5

IEXPLORE.EXE

Remote address:

5.61.236.229:443

Request

GET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: web.icq.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: kittenx
Date: Fri, 04 Oct 2024 05:44:03 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://icq.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
DNS

www.website.ws

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.website.ws

IN A

Response

www.website.ws

IN CNAME

website.ws

website.ws

IN A

64.70.19.170
DNS

icq.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

icq.com

IN A

Response

icq.com

IN A

5.61.236.229
GET

https://icq.com/

IEXPLORE.EXE

Remote address:

5.61.236.229:443

Request

GET / HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: kittenx
Date: Fri, 04 Oct 2024 05:44:03 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://icq.com/en
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
GET

https://icq.com/en

IEXPLORE.EXE

Remote address:

5.61.236.229:443

Request

GET /en HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Server: kittenx
Date: Fri, 04 Oct 2024 05:44:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://icq.com/desktop/en#windows
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
GET

https://icq.com/desktop/en

IEXPLORE.EXE

Remote address:

5.61.236.229:443

Request

GET /desktop/en HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: kittenx
Date: Fri, 04 Oct 2024 05:44:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137

64.70.19.203:80

http://double.boublebarelled.ws/FrMal

http

IEXPLORE.EXE

816 B
942 B
12
4

HTTP Request

GET http://double.boublebarelled.ws/FrMal

HTTP Response

200
64.70.19.203:80

double.boublebarelled.ws

IEXPLORE.EXE

420 B
48 B
9
1
5.61.236.229:80

http://web.icq.com/whitepages/online?icq=8765463453&img=5

http

IEXPLORE.EXE

573 B
683 B
6
5

HTTP Request

GET http://web.icq.com/whitepages/online?icq=8765463453&img=5

HTTP Response

301
5.61.236.229:80

web.icq.com

IEXPLORE.EXE

190 B
124 B
4
3
5.61.236.229:443

https://web.icq.com/whitepages/online?icq=8765463453&img=5

tls, http

IEXPLORE.EXE

1.2kB
5.4kB
12
12

HTTP Request

GET https://web.icq.com/whitepages/online?icq=8765463453&img=5

HTTP Response

301
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

395 B
215 B
5
5
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

395 B
215 B
5
5
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

357 B
215 B
5
5
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

357 B
215 B
5
5
5.61.236.229:443

icq.com

tls

IEXPLORE.EXE

824 B
5.0kB
11
12
5.61.236.229:443

https://icq.com/desktop/en

tls, http

IEXPLORE.EXE

2.1kB
20.1kB
18
24

HTTP Request

GET https://icq.com/

HTTP Response

302

HTTP Request

GET https://icq.com/en

HTTP Response

302

HTTP Request

GET https://icq.com/desktop/en

HTTP Response

200
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

288 B
215 B
5
5
64.70.19.170:443

www.website.ws

tls

IEXPLORE.EXE

288 B
215 B
5
5
64.70.19.170:443

www.website.ws

IEXPLORE.EXE

190 B
88 B
4
2
64.70.19.170:443

www.website.ws

IEXPLORE.EXE

190 B
88 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

spellmanshow.com

dns

IEXPLORE.EXE

62 B
62 B
1
1

DNS Request

spellmanshow.com
8.8.8.8:53

double.boublebarelled.ws

dns

IEXPLORE.EXE

70 B
86 B
1
1

DNS Request

double.boublebarelled.ws

DNS Response

64.70.19.203
8.8.8.8:53

spellmanshow.com

dns

IEXPLORE.EXE

62 B
62 B
1
1

DNS Request

spellmanshow.com
8.8.8.8:53

web.icq.com

dns

IEXPLORE.EXE

57 B
114 B
1
1

DNS Request

web.icq.com

DNS Response

5.61.236.229
8.8.8.8:53

www.website.ws

dns

IEXPLORE.EXE

60 B
90 B
1
1

DNS Request

www.website.ws

DNS Response

64.70.19.170
8.8.8.8:53

icq.com

dns

IEXPLORE.EXE

53 B
69 B
1
1

DNS Request

icq.com

DNS Response

5.61.236.229
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7a82f2adbdd327a7e1c9d7baedd10b35

SHA1
0361ce5a62a2df8667f166a023d0e85b74ce2559

SHA256
493185f8bcf615744845d898aaaca36980c86b1c58d252f18237740d829ae6f1

SHA512
631e7a378287c35e5a2d040ab8adb6866c57fb021df4e8866ae4135149bfd9c26aac92fcbb6d84f2fd99ef74dd995c3a4019a5855a26e690cf7eee402045d2d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c650e365a3fa770fbd0312aca95476f

SHA1
39dc3b0099b1b0f076dcf42d64e919f941544520

SHA256
310697587bd1903cd3a5aad26a839eab998b8314fc6f9851c536d07733173278

SHA512
96a3259d2039e6c469bc031e0f2eaeb5ae12692fd92c97b0435b480954c8ba1591212bebee2c909d48aa6edcfb8ecb91d0c7fe16fc8d10bd8fe21933f2b0aac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d75d90ceec85fa43703fc15df5c0795a

SHA1
ce3a0d2a63ab7880690bc126ebbb8ad1cac21ed0

SHA256
fbb1c6151cbd6b8ff927cdf2824fb1203245fcf2ef2ac13c95772b4927e689be

SHA512
54f7095b7f72ffaa2a45ba44c6e29957abb1a484cf0334738432ba596a7d1ba6a3b2c7705c82ab4a081e91db3c827ce1a35d57e7348cce771ad13db9a12819af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a51b0731fb6336c4b4b177ad640907a5

SHA1
79d718bd4e9b6ef7433184b58549a953bb481175

SHA256
77d1b1a247221f6a1bd5c8b1b25c06bb509610250d116a56825a3839e9d7e583

SHA512
9525cdc4b25c326bd3ae6a146375d94ee24a68412b6be8cebcc630665224a9c4e58289d1c3ba908f9b9f3c0cc8d3ba9711f73b13f9bd6f300c1a023a57000512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5da7891a0bdf1ffa450faecd8892b99d

SHA1
4fbe20d98b20fbfa5345de60625a3a71052b03ba

SHA256
26d9e03e79490a083df59a781340ed455331e83d04a57e5c19c7f540002baf8c

SHA512
0c2d3b59f7f16638a437546d2e583613aaf3f79ed06e74533456034d178e2acc0baae1104880a7ef51d7bb1cce16fdb8bc40d73813282841b666278eba272156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd095c5b7287df916838e175ba70fc81

SHA1
3803745b188b42835e8b99cc05433c9f289d6fdb

SHA256
d04ece879d5e43bab2320713199125509d2e4b27e06e8fbbf7bae797a212c7a7

SHA512
6ced18378e64f7be7584694a237d0ab0c38c25f2c1a44a7c7a147f052a186ede02a06008c56742c7de629810f7c2e77b3a1e29587ffb6e4a59ae2408555a95f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70bf7e96a542629993791e389f3b2d23

SHA1
34a4da38848bd16f55b969222bc56f4b58af7789

SHA256
77f907c41a2b36202678fc124be21eb789c76e56248de7a385079a7f9dae40c2

SHA512
037ce42c133ea6815df464d3463687ce9bbc16ee784375bdb543e39ca31f446079f8c72fa5b21596afd33606550a77ae6d978d643632340b51633c2a8d366a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82c4c25986fe311efd85206dbd5026da

SHA1
691242cd541d05e8f2495971e5832b14d5864fc7

SHA256
9d7215a54c737244eb03d94a1d1327820385ba674055a8042425b47bed322f3e

SHA512
f67bd021090b5d39beecb517a6be45b96768c8f38d44844e5910941ba35066e11ef9ed601269a2c32354d7ed7e3c458669645869ae6b383b31366b1ece2913ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1751d0a842df5251fd0dc41346c1bda9

SHA1
2b77692b22fcd096ccbb48bca1cedb685d0a1907

SHA256
7072d22a4ee173a051ac06a46b71a633d3ad05dec30329c2a42d149085e23f3b

SHA512
7f311888889fdb424e7392ea70402a88b3e082a942cea34cad0698245157231900e21517d37543b7f6087814ca15a3d95627244e1cca9b9fd1800d58fe18b318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05f03f40749ff28fa5e61ce2d12e9744

SHA1
001246d965f9315f1b126f22c1c424e2564d0c5b

SHA256
bacfc192ba24b2e7243d9a3bb685277fa02097c92cf30cdfeb75332a24d67c08

SHA512
c5ba843bae9f56cc7afd12b59faabdb0ef21e438a82da7b935be1e33f05d1bee1bf3482894af7e56d677c03a1d05166643a0836e076a48f59ea13ec3f241051c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f40028fa596f72425e8122cdcd3fc41

SHA1
dca0d09ba0c2d815fe6bba35236b7a784636fc19

SHA256
c9ece722a59b8ae4ff34df46853ae75dabdfed6a36a48de47741453889c1ac38

SHA512
e275f91aa1191d8cde5c0591d26d3d521e3315d05697475bb1e83af0aee5e1705ada2e08cf67a35a90617d1a27d1a50a06563f035e9015262271c89101e9c258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3615c8c27448767b412e1e70f9cab72

SHA1
8d4c4aee57945a5a27e93f2a589dfd151b7ae6ee

SHA256
a40f83fd38e9479a5fbea72b958c0d04d5299192b355f7faada490fd66bd9f99

SHA512
1c9fa2472c279c8018c4f456055f8caf3f0f81752d2d81ed9edef73d3e5be70feb3102c5f04e0934a9866e07edf107831a266e8bbc33b54cbc0109243634215d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7884b8b11980c82206f353910fd64d74

SHA1
f5c8ddc2f3a3fa149d6089743179dc06b3972ee7

SHA256
a6557765df50be0e9123fcedf1c20aabb697e5259ed0b1b9db24cf9760b75954

SHA512
3ef18f2f5d0db424443fb14b0fbaf93b6a185625a89de79e031167163f14ad59df25e612723c9b69cea6a5225f5d63a57b483f6ba8c552473c75a4ac76dba6a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f732c3c281f85cf09ebc540974307a74

SHA1
5270dff39405f2d4c46233f52ff7656b268a8814

SHA256
78ad0ed22e4186d23ca42cff4c36e8abee22283f068ecb1327320e506d2b7dc4

SHA512
69d617a0b8fc9866cc1fc49e8a1ada4a1525fcc9b3b59baf67a26e673339d4f20e658d74a43978d2d061950f93daaf77383d4959e80f8f0a2544fb007dbbf4cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2adf7f37cb6af9b4f236ba6ddae80d67

SHA1
b975f58365fdb8c136809e72891d07c120741249

SHA256
01765da979699c3e93c1fdb20fbc984af3f145273b5516580a9d6d684c17a082

SHA512
b42f8db8f181677889ccb56ac35cb977607e620f3ed48db92e4c0974000e4116e758fab7cfcbf3d7241bc23d25e502d015fb73c269270130e00a02fc7460da02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24cbd85b20ea862bc89ffd795d4fdbc8

SHA1
929ea1ad5ecbb7576df25f2239f7f64b6a568640

SHA256
288ebc4aee4320fe16e3c68ba07e83ea44c24f7bd297a6b4bd8e206be4aaff6c

SHA512
d38e5b446c1efdb0bcb4a94e103328e7e96b41fb302fa018c38c6471bff92990b612c4eca4f307edb2213df6df8d5153fcebf2f24a71010645c795d14e632a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b675e5d88b3eeac9c64cee473a8cedc7

SHA1
11439e607735a579f93d84f02edcfb9450f68d79

SHA256
4e8d230282c99cda3e5eccbf4e6eaa6087e56fbc25d6d60d83a8a7854c68b255

SHA512
808c65fe9ac0c0ba83fab0fc6de1a5acbccad9b6133d78676fe224ebb2463279bd244ec9b2e6c8c70824bb47ccaf578a11284aa16517ed9b67a92de8f0147ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f5a9f7751f2dd4c60ab60c6d75acf68

SHA1
68d66e274fe7297724af6c9dc2eb1cf5e5fdf16d

SHA256
049ead8eb885ff1da9d4e5d226529eae26d676a6b06c537089e900b0359cbd9c

SHA512
c15ff3964c8ebe462552c235c5c864109c80f316f369ed509d92025b46a40fcdf24624c4fd9a5f56c552c76485a7924a1fd8e84e7ae7f34d6ddf63c244b59140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1ced0b1b896ca16131e33a59212a896

SHA1
7adeeadebbbc9855d8cdd1896a724c617cd61c61

SHA256
24e51ac05c074f6ad182e889b513139fa11da6435b182b95824da7e4b7b1fa48

SHA512
6b7d99af539907fe87b71f440137571dd1a01a1ae1824c1f391f688caeaac2f0ef6b7cd88091bf002e094136d3c9d7f7344796c17ebbef64bb658e953000559f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
16bb25ee46a057e1a655f72c68e518ff

SHA1
42cc46a6f98c3b5a07d1e9eba3f1fc8be0e47ecf

SHA256
ccce3789b6fb34b6b0bb910e5b9b31e2874a030f7ef7a868602ba2813a2c5123

SHA512
904537c1533a8b8cef5805d22af070def9dd0a68392448d02e21d3cf4e0268a5fe5d9000fd706f69acf615926d75e76ecaf4e7e1154d304206390492124984b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBDE4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBDE7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.