| Source: 2.2.regsvr32.exe.df0000.1.raw.unpack | Malware Configuration Extractor: IcedID {"C2 url": "grandeprunto.casa"} |
| Source: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0.dll | Virustotal: Detection: 22% | Perma Link |
| Source: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0.dll | ReversingLabs: Detection: 58% |
| Source: Yara match | File source: dump.pcap, type: PCAP |
| Source: Yara match | File source: 00000008.00000002.248961723.00000206676C2000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000002.00000003.233210344.00000000011A5000.00000004.00000001.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000000.00000002.266211945.00000168EB8F1000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000008.00000002.248995795.0000020667718000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000009.00000002.256456346.000002944EE04000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000002.00000002.235285129.00000000011A5000.00000004.00000001.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000008.00000002.248977002.00000206676E5000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000009.00000002.256477930.000002944EE24000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000009.00000002.256508994.000002944EE59000.00000004.00000020.sdmp, type: MEMORY |
| Source: Yara match | File source: Process Memory Space: loaddll64.exe PID: 6276, type: MEMORY |
| Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 6624, type: MEMORY |
| Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 6676, type: MEMORY |
| Source: Yara match | File source: Process Memory Space: regsvr32.exe PID: 6300, type: MEMORY |
| Source: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0.dll | Static PE information: certificate valid |
| Source: unknown | HTTPS traffic detected: 13.32.16.68:443 -> 192.168.2.5:49713 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49728 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49729 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.32.16.68:443 -> 192.168.2.5:49735 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49746 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49747 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49745 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49749 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49748 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.32.16.68:443 -> 192.168.2.5:49750 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.32.16.68:443 -> 192.168.2.5:49752 version: TLS 1.2 |
| Source: 15b65ccfeced9c5ae3359db9d3a0e68ad0201912b65a0.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
| Source: Malware configuration extractor | URLs: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5283:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5290:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5294:121; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5297:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: Joe Sandbox View | IP Address: 104.20.184.68 104.20.184.68 |
| Source: Joe Sandbox View | IP Address: 13.32.16.68 13.32.16.68 |
| Source: Joe Sandbox View | ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS |
| Source: Joe Sandbox View | JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c |
| Source: Joe Sandbox View | JA3 fingerprint: ce5f3254611a8c095a3d821d44539877 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5283:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5290:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5294:121; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=2919708693:1:5297:122; _gat=10.0.17134.64; _ga=1.329303.0.5; _u=383939353532:616C666F6E73; __io=0; _gid=67AFEDD28876Host: grandeprunto.casa |
| Source: de-ch[1].htm.6.dr | String found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook) |
| Source: loaddll64.exe, 00000000.00000002.266307970.00000168EB928000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.235939874.0000000003100000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.248995795.0000020667718000.00000004.00000020.sdmp, rundll32.exe, 00000009.00000002.256508994.000002944EE59000.00000004.00000020.sdmp | String found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook) |
| Source: loaddll64.exe, 00000000.00000002.266307970.00000168EB928000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.235939874.0000000003100000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.248995795.0000020667718000.00000004.00000020.sdmp, rundll32.exe, 00000009.00000002.256508994.000002944EE59000.00000004.00000020.sdmp | String found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube) |
| Source: msapplication.xml0.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbf6b3380,0x01d73846</date><accdate>0xbf6b3380,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
| Source: msapplication.xml0.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbf6b3380,0x01d73846</date><accdate>0xbf6d95c9,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
| Source: msapplication.xml5.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbf6ff81c,0x01d73846</date><accdate>0xbf6ff81c,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
| Source: msapplication.xml5.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbf6ff81c,0x01d73846</date><accdate>0xbf6ff81c,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
| Source: msapplication.xml7.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbf725a8a,0x01d73846</date><accdate>0xbf725a8a,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
| Source: msapplication.xml7.4.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbf725a8a,0x01d73846</date><accdate>0xbf725a8a,0x01d73846</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
| Source: de-ch[1].htm.6.dr | String found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail) |
| Source: 52-478955-68ddb2ab[1].js.6.dr | String found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter) |
| Source: de-ch[1].htm.6.dr | String found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+" Ref 2: "+e.html(t.clientSettings.sid||"000000")+" Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, O |
Play interactive tour
Edit tour
