d07ef72a95be53e5337b83245eb14a1a9a04333209c3fadf96c852b13e1e2cf3

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 01:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4408efb1b43e11d010244403feb91a14_JaffaCakes118.html
Size

25KB
MD5

4408efb1b43e11d010244403feb91a14
SHA1

0dce10855f23c293af093ab74576be9a5e72373f
SHA256

d07ef72a95be53e5337b83245eb14a1a9a04333209c3fadf96c852b13e1e2cf3
SHA512

5937906d423f23c864dfbe9f053cf071eec0e2c1d81ca3b2d554ef015edf88fa7e576734a43d89e2d836fd01694f3f3ba9069282edff6967601aa708e7e04133
SSDEEP

192:uWPWSb5nDL6nQjxn5Q/anQieJNntnQOkEntqYnQTbnhnQcYqCxA4pdEk4cwqHXMg:pTQ/TtVtOa

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000327dd032b3cbc02e8084e5d31ce10a4ec6ea20969b16a7d86369e9e045db8f7b000000000e8000000002000020000000f10012ee07c46dadc8de212f57da6373d2ebb15d2e9dd0348176ef0749df4cae9000000070d75035bd285aa9d8675565a463421b0f075ec5dbf2ffeed150ceb312287b6e3134771ad1667ac9dbd032ac0a95b84de504ff549330a6ec3195a8cb8fbfd4cc6be233a7ebedf882eb51fee870694eb3171c4b6ed2b9565d91ed6c9babb33df3641db0c40a87c91fff45972707956fc5ff1c7f49e4e81fd86884e9aa877c9d71db50e8614ee797a9d2b367ae06a9e2b840000000d3f25b238fd6d51894f94333c585ffe34816d07c86d164a921919589bf6fdfa583aa71cae33c44920c74f6e00a9794b7c8221c58d0217b3db116d1de026949b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000081a2cf9715eff3f727d5afe769302d23e87b25270b1a5020a7d61a7df6b3d6e4000000000e8000000002000020000000a18be6ef95ffdef502a3c52d40a253aad8f87dd47d3b12c59e53493e13bc21d220000000d8fa496d290311afa245df1f105283c4aedac876ba070780b31b7197f036f6c6400000002ff602685eeb2c770aab837fa5fc504887f716eff9bf5c105b19a3f3b89b6711847d6ff002b31d687c8d8bc5cd085c9eecfc9df863086103b324106f77098dd1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421899365"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBA7A4C1-125C-11EF-A6D5-5A791E92BC44} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e6829269a6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1412	iexplore.exe
1412	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2820	1412	iexplore.exe	28
PID 1412 wrote to memory of 2820	1412	iexplore.exe	28
PID 1412 wrote to memory of 2820	1412	iexplore.exe	28
PID 1412 wrote to memory of 2820	1412	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4408efb1b43e11d010244403feb91a14_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2820

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
GET

http://cdd.net.ua/apothecary/images/rev.jpg

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/rev.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_write_review.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_write_review.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/store_logo.png

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/store_logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_checkout.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_checkout.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/carta%20cdd.JPG HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:03 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_products_notifications.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_products_notifications.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_account.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_account.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_in_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/stylesheet.css

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/stylesheet.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_reviews.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/back.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/back.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/pixel_trans.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/pixel_trans.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 15 May 2024 01:45:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/rev.jpg

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_write_review.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

http

IEXPLORE.EXE

2.0kB
2.2kB
11
9

HTTP Request

GET http://cdd.net.ua/apothecary/images/store_logo.png

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_checkout.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

http

IEXPLORE.EXE

1.6kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_products_notifications.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_account.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/header_cart.gif

http

IEXPLORE.EXE

1.2kB
1.4kB
8
7

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/stylesheet.css

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_cart.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/back.gif

http

IEXPLORE.EXE

1.3kB
1.4kB
8
7

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/back.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/pixel_trans.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

HTTP Response

404
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

785 B
7.7kB
9
13

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b3ba7c4e76e3808ba00d6c6baf11c2a

SHA1
08bbe601577c7806ca0d67be5f6787a8a08f7f8d

SHA256
0e8c2133a152e7074147c540ee5e9451b945161aa8c4818d11662a07c1a37820

SHA512
cf836710a7be26a8370bd93aa9f6f29d391d5d570c4f69719e2a37190fd00e452b03f769bd2eaae9f700611c13acd00c04b2dc79f127d325973a78619da4feb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce3c4d3a3d6a8e994f9579a67f01ea1

SHA1
0afbd80b2a72ac4394aa3669e451a6c283f4739a

SHA256
42382e7df2a090f461bcd222fd6c9eea69b652eb1664d23cdb6411b2cceed7d5

SHA512
0066640c587176b54ef36077ab5a22a4e08bd276ea04b349a24e7be1c6a6760fc9f9e3a14d7715241c6c822bc82ed938f7d3513bc99a423a085356a3fa0883e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c17618449bfc505ebf71467be3518e7

SHA1
017812505000a350179aeaf7f6c78545f59c2e4a

SHA256
477d1e1a8819088584bc85fef4f7b45f1ef770f5e909495fcf25e3708d0fa450

SHA512
462b8e4737dc588b28be91eb0ce97ab4a00a807dea68a2d3977313e3075250bf5e0d00b73e7f4fbf2f9c7b45e76e24c7d2788951a806fea8cb5755e65a65d75e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d79a01dc781a944770acde163b6448d6

SHA1
29730a986cf8d063f56c2270dffaf286cacccd18

SHA256
7cdf2e6206c9746d4a7788451cc388f64c91e2aca30c4b1601e8d63c41fed006

SHA512
55839c770f484692b76bdcf9d3901904942df16405fe5ded1d250e333ad1acc982f1fca4d095c8879716b8621289e0ba6770fb967479be607346aede68e7dc63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c0e16bfb00fb91241bd46ce350cf632

SHA1
ca0db79ad6f2b444ba45411a0ab803bf2ae1d2f9

SHA256
2ca3b73a727a98e8f15013b46f0cabe4aa3a551b24fd9a99d5666bc79c49535b

SHA512
d6677d5927f245820884f5b1e4ef95b25aa5484c849e7440c77e407c7b0d7dd535848757757430f247d2739a6fdb91caea3d75d4053cd443825d4b6430d91061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c3f426528b3796ad090fde6d79bc1d4

SHA1
d50081946695631cf6de4de6ee325da96759d2b3

SHA256
08c552d034737d35e59667689ec1a40f25d5a7857353bb0352c49e95cce6088e

SHA512
04f50f580af92666ce576d9c6dc172f3ebfdd36a3fed7a7d1ee4698f9e952e56f55f37c47d98b5c64b0cbc00b9c2341f71df9c81999ef8008bc8d978a8bb7415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b687fb70406b9391dce86c8f42f492e4

SHA1
ca68e2219f01b70e452721c33ca45640049dd194

SHA256
7d21683afb8837c8881457c04f71b30f57cbac92504f71926560fe0df48b441a

SHA512
f1196a7d44109a9ce1bd0ebc8ae367546ab41ef2238c033619934fbb1a2eff4b8ae978fe4352f1f0450a18ae96c68e798bac6c21aaa051b54fa63ef7e56bcb92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52e146261321c23b9af3ecfca3d137f6

SHA1
0fe30421c30d32ee370b77e8cab775f1fad5980c

SHA256
e7843aca0aa786a8b6215989023341f03417fb6c6e567d5b275b0dc6133eb4ff

SHA512
859c4f6648280825ec055ae6c7dd738c6e858a5fac1452564bda9b304ca04cff184ee03f5f0b6db600a0783df783dccd83211c5662f8a2bd55b57a5e12a9e235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857f417db01aca7b85b3f0f0ae4581f7

SHA1
47b8d7c1d8031256cf28b633365aead0d244c191

SHA256
ade0af59605f945f7b0ef1eddb8317ad79e44de0bc855d36ae5f92ea8c5edb4a

SHA512
1ee5a67473f0940838f874ca29eecceef7eec668cf47bd8cfad413f9a30fade6bae5fedb9f6ae3d312a9e7945ca6dba7a447ee0b11b750bd8d1e340395d143e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
117e356badfbbb862831615da33a8efc

SHA1
30d80ed097925b3b5b96690ac01b170676ef55ca

SHA256
fb4b35437e71198807aa9b48ba637822be5fc6bd7cc7840d18447a4dcb52d1c2

SHA512
987d756eb564605a7272b7af85d807754c1281652012c7de900c0b6e0a4d1e39ccb5402803c3a93ce592f07c9db975d26530fbcbefa125762906743edf315ba4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f60572fae5ac047e6e8fd43a9bb6f087

SHA1
782a9380fdef87231d0748a0df9d1738ad7d6d2b

SHA256
7031453eed0c7dd792075ca4ef9c777ff3a9ec22c2164f1c0ba085266bfe0523

SHA512
63472a6e3613cd0c0237bc75974a7d6e132c3a22cd752036a4c54a4b365ef9ea350150c6978b9a0c10391908c652813e614ce89cfe2a1a9920c87d51ee73a5d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c82c16ba63f4a3939a00b51acded6ab8

SHA1
200ebf99ad51bf0efddf8e8b3ef09bb6ed67a8a0

SHA256
acfbca27ea0db831343d1eccbaed6101ea2445cf38a4b0b5f0bed06fa67fbc53

SHA512
579d15817d244cc5eb4d6c6bf0c7dde095bc5904248c9dbdc774a6c8af3554644881b46c0aaeb7abcc7cffa28fe6b83168001ae7486c6a2c17abd20c0ed8159a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e4da830569db3a16fe66ca3c4a3eb51

SHA1
65761ec9acd93e46791e0f2265415205c0a9899a

SHA256
495762cba2a972f6d1cb7df33d291c0d9b5d8f963d080e93da32a492816a7856

SHA512
a6e13aaeb98a602ee4ffb3c66c01cc995e486c7e00bef9aa926adefb6a4815e29ed67aa6cd24d06fbbc7bcc22682018b346e7a305983fb51fcb10239ee3417cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6061c3ffda3894ab9e6fc91efd2c2ab7

SHA1
5c2002f06950b4282cb03a7399f11fc54d3defe1

SHA256
7e8fff150e4ca0b5392ede33ed8fa9ad682481b09ff1bd1bdbd24ae74e6f7a76

SHA512
d375c266b8be6bbb9852101f8369961e7affab25a884e8cbf04abdb12619c0b86e8cf714a2eb269e383ea832319fccd94cf9acf1c84025f74d3e90436bb216ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06b748df03f97c76ad8f5abdcd37747e

SHA1
bbf295f2e78bd60e99c9c9ae837b3c458ce38124

SHA256
16c5b8aaedce8258a0c9c37a6a40dfa8eea1f5cfbcb489c0ba3798d5dbb78a48

SHA512
3677c2030732569cac983c812a2c9ef7cb143f0886ee5b0bfa3da2f5525dc5164c38fa51b7b680a053e2e1fc79c23a113540436320efc3d1c7a8710909910c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff735a478961ed7173804cb34ad7c849

SHA1
2ca822f87821a980321d18b53cd326267ae37181

SHA256
29f3b255dd247d7c15fedca5f13202239b56f0274bbead63e4aa6a095f7eb8cc

SHA512
08ed6d0972ad47eccaff565b97add4e2710616cb1699fceaf3e0cff0658ead9614863327a3f426c13e331fdc40e966b4738ce8e5fcb84d2bd4a452df0e93191f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdc5f4c1bee2e1e56e289f7f9d619ad1

SHA1
815e6fe0b629850b150bcab6e029958f1fa115b0

SHA256
e0a694f9469ad721a8845d6fc952c1500d201fd8ac030fcb22c4ab9923e2b0f4

SHA512
fff1fbdf8fc38dd976ff7894c9f648ffd103186021155533e9c48c5653d446aeb40272ae23fc281b5583faa56224a9a5fbf7932a60622d9510b1080739de6528

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD460.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD5CC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD62D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.