49719f35fd7927a2ac6955f8968d0dfc1408788428497e8b4fa53a84c481c0f0

Analysis

max time kernel
133s
max time network
131s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 21:47 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d2b71a652a867ec6e6b9b36f06a7b31_JaffaCakes118.html
Size

31KB
MD5

4d2b71a652a867ec6e6b9b36f06a7b31
SHA1

a5c4c6353e8637e88d63728629d424e2d4f2f5b5
SHA256

49719f35fd7927a2ac6955f8968d0dfc1408788428497e8b4fa53a84c481c0f0
SHA512

5aee664cd245dfb56835e3397bca63d90a3aaeab6eba6e437097ca868061aba423ba748508db39c335da7176b6641775f1f2e365c8e63455e66807a6d3aa104e
SSDEEP

192:uW/lb5nqNnQjxn5Q/RnQieMNnDnQOkEntfnnQTbnRnQjMCAANbLU/IfyINcsitOc:JQ/HSGLuxVP2ZIAlkvOW

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000034e4137ad278500e75d9bde577c5fb4579a3cb80381e8f03d460bc0cac2c241e000000000e8000000002000020000000845253a7512ce01f57a3d7347c71e6521ba82a6d3de216fa5d1f491b10d194b62000000036e9e8b37c3242b920f1ca708fed9abd126fe5357bcc79d5572a85e17ce7b816400000008b3c04ca974d8b729c466da948d33cf87faf35b4d57846b5dac06f08639fa739954c3a18efb550dceeb4b97cb65ac922b3c54d05bdd2a2a82caacf7657eb2490	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422057948"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6F065E1-13CD-11EF-931A-4205ACB4EED4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d096b4cbdaa7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e9582aa17755cce9202c0d81398cef65bd3caeb24c14eff4b1d67e062bbb54a0000000000e80000000020000200000004e9aee20c951dcdca7421046e275e568acabf433fd98c71bb94706510687bbaa900000001923c9baafc0892baa3ba80ccb14b4bb02c2d019fbfb8e850b666a23f475c0c21f42e5b2687e235ca7bd387ce3b8ac908641a0b1b40b0bbc10325fbadb7d7cc449113150d166c955766b9d5c3f0374dd330c1699953f8d7a1c02ba94faf25f6117bdc254a34fb79f0e0924b8785458ed9db2611b26c5ab2fe85db180b9aaca91e1f0a8d3616e36937ec1c51583640bba40000000e0a8f290682194cf00b4e4155948294a41341a069ace218e42b7904f621b5dcb0ae8635b2b6e5f369673deee67e61d44c0c0ca8575da007712cb7004dc4b7f5b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2428	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2428	iexplore.exe
2428	iexplore.exe
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 1836	2428	iexplore.exe	28
PID 2428 wrote to memory of 1836	2428	iexplore.exe	28
PID 2428 wrote to memory of 1836	2428	iexplore.exe	28
PID 2428 wrote to memory of 1836	2428	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d2b71a652a867ec6e6b9b36f06a7b31_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1836

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
GET

http://cdd.net.ua/apothecary/stylesheet.css

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/stylesheet.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/pixel_trans.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/pixel_trans.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_in_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/Pikovi.jpg

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/Pikovi.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_write_review.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_write_review.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/sup%201.jpg

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/sup%201.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:03 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_checkout.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_checkout.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/store_logo.png

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/store_logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_account.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_account.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_reviews.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/back.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/back.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/box_products_notifications.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/box_products_notifications.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 16 May 2024 21:48:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

http

IEXPLORE.EXE

1.6kB
2.2kB
10
9

HTTP Request

GET http://cdd.net.ua/apothecary/stylesheet.css

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

http

IEXPLORE.EXE

1.7kB
2.2kB
10
9

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_cart.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_in_cart.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/sup%201.jpg

http

IEXPLORE.EXE

1.6kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/Pikovi.jpg

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_write_review.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/sup%201.jpg

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

http

IEXPLORE.EXE

1.3kB
1.4kB
8
7

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_checkout.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_tell_a_friend.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

http

IEXPLORE.EXE

1.3kB
1.4kB
8
7

HTTP Request

GET http://cdd.net.ua/apothecary/images/store_logo.png

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_account.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_reviews.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/box_products_notifications.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/back.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/box_products_notifications.gif

HTTP Response

404
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac780862359dee0e469ae8f1e49e1191

SHA1
10af07406ecd0029205aa9b53822ccbd009c3f7c

SHA256
eb0f3fc738fd3bae47b64932e1c59b5c5954604224139e9a2b820f32701c7da9

SHA512
9dceec9f3da9d1dff35c9a5186fde4879b5bdd2e2e40400b6c9b7dbcfefb3eedfc4c44ff799f71262b6f24bcf9d521dfaef0576e8dcd2c534e18c8a69491271c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0d48e60816686abc9e08ac80a060044

SHA1
3e417ab8b276994f49e3ee3451e7b9f18235f7b3

SHA256
9e5cca7b0de5e0398c7f127f5ee5c8e2d71ad7d7a84f17821e07e9095536a449

SHA512
7d5c0504d4de6a439d3dc68cb17a8d6b873a91f1dc23ec0d7f02b4f17cf88897e2ad1c6fad3ccfa4c1228e82d9e87ad9919f32aca80da0fd2d8a9b3c49e7a7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3dfd5ad3c49d8a91e51e276934795e1

SHA1
4963026dc67b276dc87d826a79b84b36c0e69eba

SHA256
45db7324ec9950c4a470e654f8fcf136cd47f7fa00acb1b9705cd0f57d99076d

SHA512
dffcb078deb45f4b26f23d82d53c826b55b43bcc62b02944cc618cc09d4f59a36063960f040243ab8bc191a2729fbbab91bb6b160e93d370f749c3e990d7cb30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79e0c693a8af7cfbc4e1a369f1ec5eeb

SHA1
305bfc72c0adc546ca6e8a7d445f76b3b2c0169a

SHA256
a1e3f03cf67d61d35e1e03d679666c672e47a989cedfffd8a30176a64869f79b

SHA512
25ee65962d478968f75d190b95846a1c1bcff0c731a5ad802f19e1330dafc147f62501d751b0872a70bf9e5aa27c13c5c583ed2a18f9d509a122c9a6da86979c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db89e5a5ae38ed17c480a75f12fa7d23

SHA1
12da8c0f25a895f9695a88efd3dca030385872e5

SHA256
1d6955a31adc8f61589681e80e71e8a1bcc0c230075b95ca62b56f655c4f7847

SHA512
ad5b950d6aabe0b61d1187b114a7e353cdfed62fe5e4776d57a3e89a45bfc228d51586f68db555999ccf1d847e1950c10e9e3c5e29d070809a006ea964bc944d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb3b1f2ffb495c86f19808a4265ced1e

SHA1
54a480883140578664b87fb56d0930e4fda072ce

SHA256
aab5a192af404e4a3163881d1c60118cdee00af7d8adea5154c3ee62ebdab647

SHA512
6fde4e392e9e9ac3282d50c40f726165b4a8249e0d02cd8d9637126d61a1eb43ab2c97afe286ca7a2de07e2ef97774252360e228482272816677ac4e3e139265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2061a4094f1096e75a86f88951905430

SHA1
b97cc979acd5b6d2a8e1530dfe47716b561b20c1

SHA256
c0cac275cb845a724fcb9a9e486439aaf168be1b59d7c30eecf1910a49bc8196

SHA512
390a59a592ec553ce4a99da448a384809beaf462bc175914a9331fd2b96a94f32a93efd255396f3cd6f244dcc156e377fc9af939059cc3c77dff903cb41d7dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04c186e14f3d3c7b33b7069ebce790c2

SHA1
ee47a01ed10847f1b45523b5945b76545de8695b

SHA256
5ac147446ef5e87aa545db185fd33c99095e28fe8e80a4dc2ad9cfdd89b1a6d4

SHA512
64ad36bb2381b50aeddfff8a6e6f9f80f521d2b76313b84c36a8981d9758e8687aad89b5fcbfdb9cebd77502ee3e03d416091b7dfbaa3bed2861dd977218d463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fca7026c6c80b279aed085872e4c3a60

SHA1
29999e5eb2b12ad23869b3e0189c146a3fb2d258

SHA256
96db147e481d42e87d77d17033366fac74f38893285ec96089414d50b8102cee

SHA512
8b9b6610850c5c37627d2c5ee2d0609d1ae535fdf169735747f7f0beb06afed3364ca669b4e1adb11717b9f89c83d1711adf2708caf02a0225add1d7317d359d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54a65a85ff476081233a1c3f6e42d26f

SHA1
27f4b43ec76e1c4f6019dc37dcfc710718f85e72

SHA256
d8f27366580c5ca9f416ef1fcec9b5d8bf254e4ca74d8ffa5305d93e2919d5fa

SHA512
87006330dcb81ff72e3d6c528149959b1af0d71f319c459ca77950832545ba782179952bb7e7e06e08ad0a3cab01e2485079b382d48d753679ea3ad12ec636bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f54098bb652f50556f73d68a02c4c242

SHA1
56fb43c68170f367d1acb1fad03e04d72d0364d0

SHA256
bf45cda493cabfc6395943d5b1e17790256d5175f9f5c43ce5ab3af271e63ed0

SHA512
a5a8734fedb3e324d41728ecfaf0e76e11f943e03815af71e3f26443029625be9677af57582792572b23a4bed2f87d4fd28424da16dabedc3a8a1548c1d15f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa17a83fc6be90c5ecb1d17b9c0a3227

SHA1
f8a2456c7f44a41523e6d9eb17dc1f55fe0ea8bb

SHA256
ae20ab1d0eec2c5922bac06d30c9392eac5504b348ca94d9d03d2d4c827e7d5e

SHA512
478c382805a7abb619a3fd833cb7ab93e7470ee1a0120e8634d3766b82624bfd384228bda045b25b3c1adc882b53a18049d0afb7a13c684b171f855ca1dd0dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3BFA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3BFD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.