691cec0e7c61f4a2846b32b134ccf81ba31f8011ed5539c0225ad96b58ab9a5e

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 21:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ca2067b06fd9cbf6d98c1adb0f67472_JaffaCakes118.html
Size

32KB
MD5

3ca2067b06fd9cbf6d98c1adb0f67472
SHA1

f43748d57887e0a7e9c9f004e8d18411f71abdb9
SHA256

691cec0e7c61f4a2846b32b134ccf81ba31f8011ed5539c0225ad96b58ab9a5e
SHA512

39acca65e9ef247dc270084a9ddfeb1aac6e24f6b12cc1710c5e4b812d7fc7102b64040845e1b6de63b15ce711e4d48f9aa0d05fa97198cd4d254d65b56cf6eb
SSDEEP

192:uW35b5n4TWPnQjxn5Q/unQieNNnqnQOkEntOcnQTbnRnQqXC+Ak6J+kAbieUTTVc:6Q/jpC8himM48IMOF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f93c227ca5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421797387"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000003dcf3cfebdcf7ad8bef573be6d45ce945bf615b46d5a4404d1dbf18fd4133d2c000000000e8000000002000020000000fabbf1ee2392e99cb8cea0c3a623e19a5b4668911efa30b5ffebf45edd60d555200000007a6606eecdbaae87f1215174e92ea5530fe39168c092209d08f28141b997db9a4000000096f1103e54b6b4c5fc5ec090f42400477a2acb724037c23bcc25b1c95bc427293292b7c20cffa5948e0c42f75d18265bdddccb64df33d89322b373db241cc166	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006f13f11b5823753db40be00bd1c148d6c574a675ec57d6d78d2863a5b5e50e43000000000e800000000200002000000073c30b5675769917252a368ebb680dc4f7bc75380fdc5e5cabdb2200a658ed2090000000581dc719c5fa2c161849a9d4a26dcd37686c13974b61fe5ded61b2d55d4e66147a5699a99d702da88239e60617fa9cf08428e75f54d76258062f5f6d15bab2dd09adbbd12b22f5383b4c1db441fb041a63a5237fabf25bcd4172087cfdb04c36e623b3e9479812286499dc8e758a6f83e29bda7d4c4e2c37c84ad542888f775200204f91ebe582949ce15e2bc68801e8400000005fa7e3d9a6b019b67495bf0038efef737e5ab4ea64a66ca94560e83caa3b3348fce55384b8132cbb9262770493ee36e6fa3361ef4dd6f50d75e054c5fd28670e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C619B91-116F-11EF-A692-6A83D32C515E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2516	3024	iexplore.exe	28
PID 3024 wrote to memory of 2516	3024	iexplore.exe	28
PID 3024 wrote to memory of 2516	3024	iexplore.exe	28
PID 3024 wrote to memory of 2516	3024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ca2067b06fd9cbf6d98c1adb0f67472_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
GET

http://cdd.net.ua/apothecary/images/back.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/back.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_reviews.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:24 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/p.jpg

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/p.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:24 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/stylesheet.css

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/stylesheet.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_products_notifications.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_products_notifications.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/store_logo.png

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/store_logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/pixel_trans.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/pixel_trans.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_in_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_account.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_account.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:24 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/sup%201.jpg

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/sup%201.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_checkout.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_checkout.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_write_review.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_write_review.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Mon, 13 May 2024 21:25:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

89.184.88.6:80

http://cdd.net.ua/apothecary/images/p.jpg

http

IEXPLORE.EXE

2.0kB
2.2kB
11
9

HTTP Request

GET http://cdd.net.ua/apothecary/images/back.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/p.jpg

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/box_products_notifications.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/stylesheet.css

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_products_notifications.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/store_logo.png

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

http

IEXPLORE.EXE

1.6kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_account.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_cart.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/sup%201.jpg

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/box_write_review.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_checkout.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_write_review.gif

HTTP Response

404
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
181867b2bbdd907f58b5addaa9a6ae09

SHA1
3b50dada008df42668373f9b9dfbe5f7844aed7d

SHA256
cc69baebb999ca5a6a2c1c5b0d3b0930b53d3aa740a072bdc80d8a173e44020d

SHA512
d108a4c8942f578ff38d0070a77011854f373cdec50f76cbbfbbaafcafa292419aa4ad2b00cef9dcb0b6785fbd7548d6bb2e6428ea730a7afbde86fef65ead79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b63b03f14b76469fdfbf243c518f31d8

SHA1
eb00ea8f8c66cc3b1223ced2215cc58b39e65396

SHA256
0e8e36c49bcc0e0342a0ca1108cc0cdb30494d0cfab3e535236ab80603421ac8

SHA512
cb2fb62965bb571adc0e64c735ec777280fb098a8ce299ce37cb7b330fa56bf98a2e93d644bf06f6a6ce11c4f7bd235444f3e08d9dd61b184dbc8c1e82ba8cbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f1a9e8e9e97386c0f6f324ba13b23ef

SHA1
53d541ac77f981fb0498496dd9b81eca121733c6

SHA256
2ef6c221b91b993cb98d1973896a2d488e1f928bda4b6e82d2876fd0545c268b

SHA512
9ffb7ad2d10795d32c8fc6a2aadf485e510bf522a46274e174a161b08c91b56ec2f197364c0b5151657d0a4134bb126d349c24ca7c1722b594a3044951e21b77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe2b95a21c47b713fe1a880ca7cb4300

SHA1
01c5422a7e30c8e091cde2d390944ce835856dc2

SHA256
7bcbba5782a303cfcb61cc9035f1262dcd1fcbba99253653f78295449ae5b666

SHA512
ae40822199c2a16a1d93f48c8562b4e69cf29e505e41ce81e4bd0d0102345f3be791cbead56e87ba0c9391b93ea7324066033009b406bfd62ddb01c086ead37c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08add715a3a0b2a1abc423e58376ae2f

SHA1
e65ed8eaa1c914a2a1eecb05ff5f55f33ba88730

SHA256
7e6641f571f814027a299c940478a92b9adbb0ec60136ce147fb38b0a7599f96

SHA512
dd63ae673885782ea31436a3c20050bb26b21c7129112b56e565b7e48af6d368b685b522a2b963dea4864cd79ab55d715ef43d6ceb96376c1b2b6291053fdf9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71a37741ec1a8275bf81bf4d5e34834

SHA1
ae5a18add1714830ddc3dd60637cb31a86cdf2f9

SHA256
39e1ad390ead670ff3b43fe741f40ea89e23e78ccef8a74bd5d4fc2a8567f9b2

SHA512
d38b706f6c2d330eb1975f62db64efcf6311a621204f67e253b25d5a6146297b210e11f213a4ae8d3eb81cec3cc2b5e5e61115a973048888144d378c859e6e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60d59b2bf44e8116a18551456e341825

SHA1
f8f18a87d93ff8133b65510bc66de5a6e4d85e72

SHA256
c82d1a47105f5b6a1580ae5907898dbc313fa65a1ba264d5f344889ebe52ab16

SHA512
98ee782618e1a008716f166b18106420408d8e83c25d86c89832ba5c045776f9ee45f05f4ff0e0d4f22e21e5fd84a1c22475c946f4e2e2dc20148fecffe64870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0985fd6c47dd522c965b92e4950c3965

SHA1
7f13db282858bb524bcce1597a5c70268f9ce38a

SHA256
3ef15e94828edbee480bd548ee9c9837bfd01862f92b2793095e98b7c2e92bdb

SHA512
afde80dd100b3a16017e259eafb9e502ddfcffa695788a563c2909acae752f6f321b8b92fbc73c2dc49118361247590cf8d7c8085c7d447b60dc1092cf45794e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3c7e2d48d98bd379fb374fd6511ad20

SHA1
5c3556a2279bfb273f8ee37788e791424b6f0fc1

SHA256
5f8c5c32dfb4999c76b49bc2fd249dbce93696e18b38ce1cf1f654efec6e2af4

SHA512
8f10e211a96af4a370147d42dc5b231d17a5264d98721eb6ad1d23a66e6ba7ee02e3108bdcee287bb8642fe4841447b154781a605f29726152bbd31aaab3c235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e9906af4eabd0e98795c703faec951a

SHA1
5fa74adf09313e30c19f01638461b5d484aa9f63

SHA256
a23ff7e6a982d70098a9309bdb712d3f195aa661f704c3e168689088dd2f5cd1

SHA512
2451dbeb71942fafedb37431cbaddbcc7a782096930e7c3d6217bb885e847f38172b5c8056a7ad148b4709e71aad88cfca013e22b53a779a6aa872761c30ad78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca151fa24a72484f8f33ce53a2ca3397

SHA1
d9ecb5b0622a8682f7547399f7c645c961ae2d2f

SHA256
2516d937df68d0a1d094353c5536228316209f030776c1ea00a9cba5f26543be

SHA512
d56b9ee7b0e17c788b2578c14d0f96e91e869121d83670d36eaf875096f044838fb407d8598590f08e6b902d45849abc9db441a17364d0760fd3d2e8cff7f796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e8e37a23be6ac6f3bba5e71efa8740c

SHA1
d2da98a58864a7dd8a99012df9a56aecc881280d

SHA256
138bcf9ef91198a46976dce5d09c3f523630aa2ec3d4aeefa50083ba272fa2d1

SHA512
95cae93695d855fea14585f96391bee20655344151f2f97528d49f496770b63f2d233c8fb212a420f1134fbc538659ff7cb35f9c65a3bda5e10e5c7064f6b36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e67ff305860df8169082421e34e44bb8

SHA1
bb3f99092fd7e3037d16dcd91d0eaee505ea7380

SHA256
bde463f810b0890e8f0939bdf7918bcf863e5f0babd8767ea29352962e5014f9

SHA512
550b7cb78c0bbf44aa5469f1d2584c2a270f6bfb688a4548f1b941d438264e148c72a91be0c920f1fd321f83a84ccf08f3632b8c932472ec6f95f414371c55f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
103aa20c3af97662696a2fee30232538

SHA1
48b777eb2ed6956b37c36c1bb15b99fc8ba7c6ce

SHA256
31c6a506c041360ba7de38474509d854892c8b96043f4f0b1edded3b55f40ed2

SHA512
823f872bad64d7015a036454826bb3603355e0fa9e0b6fc0c6dac9bc7e26d289a9614f7f2ab6d7412157fef3e1f43572f1193a1d23703f057d5b6ceda09e102b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2f55aaae6f3954fba0ac92a36a6aae2

SHA1
cdd5841fcd5ce6c302b63900ae0c7d0a69a42079

SHA256
2ea8d7ecfdab689bed64fb31ff207a4ff4414b0e0b4bc81d41c59ae7304b8879

SHA512
a3d29d976fddf2f086d63f13aee6ff57722cf27d0da7d3f8e66eea3f537bda4beacbc4404ed213b92c4985adab5beaad474dfd6fe8003e6e3b6a2c1580ddc951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3537d7ed61537a9f98c1c127784afd71

SHA1
4245b6fdd24a9579afe3ccd6875855822f15b2b6

SHA256
b4e7c82bac5da797ed011a234d36dc4303c753446fcfcd0f6472a0c9e15c6d48

SHA512
72f0bcecfa6b5f673db0384cfdaa8b3fc27a9ed1002ca2a8141288a6a572f190c001c3a12cdf00248022bf8b2a6abb18555f33aa7a8cb82bff9fd1b343834fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae107638af9050a3b3083f013397fab6

SHA1
8b43b0d1262a5a8638a7864cc443196eac93d423

SHA256
ab9f184a944fa13820a94a9f5d965f88d061998fc5adb89dbf8608b0d323539b

SHA512
4eb44d3f27f35eea1c56544c33b5d09be620629f07280f7536d71af7eb8c44dfef4bd97213d56ac986fb21a108882f3dc5f8c1d73e7c3ac8b723565666632473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
369f8f7c749a86c347d35bf037bf7e3a

SHA1
b7a985fe845a02ac4a1dd740ca4d82517fb598bf

SHA256
e918db5060062c3ab2914b191c9187f1b623484e1b463847262a0070ee8e9c8b

SHA512
24e8fb0bbb60e8f3c8a75400cc6ae45e57e81a89d1aa177ffa29bf165cd917c9381942536b1b10928cc7e28728b338eff9c6dc463e84f60b6461ef2b40341a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab88C0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar89D3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.