Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 21:47 UTC

General

  • Target

    4d2b71a652a867ec6e6b9b36f06a7b31_JaffaCakes118.html

  • Size

    31KB

  • MD5

    4d2b71a652a867ec6e6b9b36f06a7b31

  • SHA1

    a5c4c6353e8637e88d63728629d424e2d4f2f5b5

  • SHA256

    49719f35fd7927a2ac6955f8968d0dfc1408788428497e8b4fa53a84c481c0f0

  • SHA512

    5aee664cd245dfb56835e3397bca63d90a3aaeab6eba6e437097ca868061aba423ba748508db39c335da7176b6641775f1f2e365c8e63455e66807a6d3aa104e

  • SSDEEP

    192:uW/lb5nqNnQjxn5Q/RnQieMNnDnQOkEntfnnQTbnRnQjMCAANbLU/IfyINcsitOc:JQ/HSGLuxVP2ZIAlkvOW

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d2b71a652a867ec6e6b9b36f06a7b31_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1836

Network

  • flag-us
    DNS
    cdd.net.ua
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cdd.net.ua
    IN A
    Response
    cdd.net.ua
    IN A
    89.184.88.6
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/stylesheet.css
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/stylesheet.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/infobox/corner_right.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/header_cart.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/header_cart.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/pixel_trans.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/pixel_trans.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/russian/images/buttons/button_in_cart.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/infobox/corner_left.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/Pikovi.jpg
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/Pikovi.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/box_write_review.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/box_write_review.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/sup%201.jpg
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/sup%201.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:03 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/header_checkout.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/header_checkout.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/store_logo.png
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/store_logo.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/header_account.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/header_account.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/includes/languages/russian/images/buttons/button_reviews.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/back.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/back.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • flag-pl
    GET
    http://cdd.net.ua/apothecary/images/box_products_notifications.gif
    IEXPLORE.EXE
    Remote address:
    89.184.88.6:80
    Request
    GET /apothecary/images/box_products_notifications.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdd.net.ua
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 16 May 2024 21:48:02 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 196
    Connection: keep-alive
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif
    http
    IEXPLORE.EXE
    1.6kB
    2.2kB
    10
    9

    HTTP Request

    GET http://cdd.net.ua/apothecary/stylesheet.css

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

    HTTP Response

    404
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif
    http
    IEXPLORE.EXE
    1.7kB
    2.2kB
    10
    9

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/header_cart.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

    HTTP Response

    404
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/images/sup%201.jpg
    http
    IEXPLORE.EXE
    1.6kB
    1.8kB
    9
    8

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/Pikovi.jpg

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/box_write_review.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/sup%201.jpg

    HTTP Response

    404
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif
    http
    IEXPLORE.EXE
    1.3kB
    1.4kB
    8
    7

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/header_checkout.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

    HTTP Response

    404
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif
    http
    IEXPLORE.EXE
    1.3kB
    1.4kB
    8
    7

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/store_logo.png

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/header_account.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

    HTTP Response

    404
  • 89.184.88.6:80
    http://cdd.net.ua/apothecary/images/box_products_notifications.gif
    http
    IEXPLORE.EXE
    1.3kB
    1.8kB
    9
    8

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/back.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

    HTTP Response

    404

    HTTP Request

    GET http://cdd.net.ua/apothecary/images/box_products_notifications.gif

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
    7.7kB
    10
    13
  • 8.8.8.8:53
    cdd.net.ua
    dns
    IEXPLORE.EXE
    56 B
    72 B
    1
    1

    DNS Request

    cdd.net.ua

    DNS Response

    89.184.88.6

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ac780862359dee0e469ae8f1e49e1191

    SHA1

    10af07406ecd0029205aa9b53822ccbd009c3f7c

    SHA256

    eb0f3fc738fd3bae47b64932e1c59b5c5954604224139e9a2b820f32701c7da9

    SHA512

    9dceec9f3da9d1dff35c9a5186fde4879b5bdd2e2e40400b6c9b7dbcfefb3eedfc4c44ff799f71262b6f24bcf9d521dfaef0576e8dcd2c534e18c8a69491271c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b0d48e60816686abc9e08ac80a060044

    SHA1

    3e417ab8b276994f49e3ee3451e7b9f18235f7b3

    SHA256

    9e5cca7b0de5e0398c7f127f5ee5c8e2d71ad7d7a84f17821e07e9095536a449

    SHA512

    7d5c0504d4de6a439d3dc68cb17a8d6b873a91f1dc23ec0d7f02b4f17cf88897e2ad1c6fad3ccfa4c1228e82d9e87ad9919f32aca80da0fd2d8a9b3c49e7a7f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f3dfd5ad3c49d8a91e51e276934795e1

    SHA1

    4963026dc67b276dc87d826a79b84b36c0e69eba

    SHA256

    45db7324ec9950c4a470e654f8fcf136cd47f7fa00acb1b9705cd0f57d99076d

    SHA512

    dffcb078deb45f4b26f23d82d53c826b55b43bcc62b02944cc618cc09d4f59a36063960f040243ab8bc191a2729fbbab91bb6b160e93d370f749c3e990d7cb30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79e0c693a8af7cfbc4e1a369f1ec5eeb

    SHA1

    305bfc72c0adc546ca6e8a7d445f76b3b2c0169a

    SHA256

    a1e3f03cf67d61d35e1e03d679666c672e47a989cedfffd8a30176a64869f79b

    SHA512

    25ee65962d478968f75d190b95846a1c1bcff0c731a5ad802f19e1330dafc147f62501d751b0872a70bf9e5aa27c13c5c583ed2a18f9d509a122c9a6da86979c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    db89e5a5ae38ed17c480a75f12fa7d23

    SHA1

    12da8c0f25a895f9695a88efd3dca030385872e5

    SHA256

    1d6955a31adc8f61589681e80e71e8a1bcc0c230075b95ca62b56f655c4f7847

    SHA512

    ad5b950d6aabe0b61d1187b114a7e353cdfed62fe5e4776d57a3e89a45bfc228d51586f68db555999ccf1d847e1950c10e9e3c5e29d070809a006ea964bc944d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bb3b1f2ffb495c86f19808a4265ced1e

    SHA1

    54a480883140578664b87fb56d0930e4fda072ce

    SHA256

    aab5a192af404e4a3163881d1c60118cdee00af7d8adea5154c3ee62ebdab647

    SHA512

    6fde4e392e9e9ac3282d50c40f726165b4a8249e0d02cd8d9637126d61a1eb43ab2c97afe286ca7a2de07e2ef97774252360e228482272816677ac4e3e139265

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2061a4094f1096e75a86f88951905430

    SHA1

    b97cc979acd5b6d2a8e1530dfe47716b561b20c1

    SHA256

    c0cac275cb845a724fcb9a9e486439aaf168be1b59d7c30eecf1910a49bc8196

    SHA512

    390a59a592ec553ce4a99da448a384809beaf462bc175914a9331fd2b96a94f32a93efd255396f3cd6f244dcc156e377fc9af939059cc3c77dff903cb41d7dbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04c186e14f3d3c7b33b7069ebce790c2

    SHA1

    ee47a01ed10847f1b45523b5945b76545de8695b

    SHA256

    5ac147446ef5e87aa545db185fd33c99095e28fe8e80a4dc2ad9cfdd89b1a6d4

    SHA512

    64ad36bb2381b50aeddfff8a6e6f9f80f521d2b76313b84c36a8981d9758e8687aad89b5fcbfdb9cebd77502ee3e03d416091b7dfbaa3bed2861dd977218d463

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fca7026c6c80b279aed085872e4c3a60

    SHA1

    29999e5eb2b12ad23869b3e0189c146a3fb2d258

    SHA256

    96db147e481d42e87d77d17033366fac74f38893285ec96089414d50b8102cee

    SHA512

    8b9b6610850c5c37627d2c5ee2d0609d1ae535fdf169735747f7f0beb06afed3364ca669b4e1adb11717b9f89c83d1711adf2708caf02a0225add1d7317d359d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    54a65a85ff476081233a1c3f6e42d26f

    SHA1

    27f4b43ec76e1c4f6019dc37dcfc710718f85e72

    SHA256

    d8f27366580c5ca9f416ef1fcec9b5d8bf254e4ca74d8ffa5305d93e2919d5fa

    SHA512

    87006330dcb81ff72e3d6c528149959b1af0d71f319c459ca77950832545ba782179952bb7e7e06e08ad0a3cab01e2485079b382d48d753679ea3ad12ec636bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f54098bb652f50556f73d68a02c4c242

    SHA1

    56fb43c68170f367d1acb1fad03e04d72d0364d0

    SHA256

    bf45cda493cabfc6395943d5b1e17790256d5175f9f5c43ce5ab3af271e63ed0

    SHA512

    a5a8734fedb3e324d41728ecfaf0e76e11f943e03815af71e3f26443029625be9677af57582792572b23a4bed2f87d4fd28424da16dabedc3a8a1548c1d15f6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa17a83fc6be90c5ecb1d17b9c0a3227

    SHA1

    f8a2456c7f44a41523e6d9eb17dc1f55fe0ea8bb

    SHA256

    ae20ab1d0eec2c5922bac06d30c9392eac5504b348ca94d9d03d2d4c827e7d5e

    SHA512

    478c382805a7abb619a3fd833cb7ab93e7470ee1a0120e8634d3766b82624bfd384228bda045b25b3c1adc882b53a18049d0afb7a13c684b171f855ca1dd0dba

  • C:\Users\Admin\AppData\Local\Temp\Cab3BFA.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3BFD.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.