18612ddb4e432ccde95c9e30404615930ad9f9fed34eb86d9b9263af89cbc145

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 02:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9943ec0506685bd514d7b60e641f039_JaffaCakes118.html
Size

26KB
MD5

f9943ec0506685bd514d7b60e641f039
SHA1

b2a4ccff9ff81be6d268c14e91cf71446e0f183b
SHA256

18612ddb4e432ccde95c9e30404615930ad9f9fed34eb86d9b9263af89cbc145
SHA512

0b363af5f9e9e987838d65bfeb741f693e71a348ad901f2866957f88179d5b7c83e5ec392924792f7a2d95c0f1172814690d729c04ac7513a5fae0125d9b6587
SSDEEP

192:uqbiGiDwLbb5n1unQjxn5Q//onQieD3NnfbnQOkEntByknnQTbnZnQXCJVevo7Nw:n/Q/VygcV5VSu4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000003151b5cf3b9981128772f1c88b2577b4f694ca24eaefd930ff7ace332a38b411000000000e8000000002000020000000410738344373b886f9a5bb03d70e1c2e7b43fe43068a422eac8613960ca093859000000035bbc85db0c9a493e796829f72a28975ecd59a71f4db9e47e133a597a7d530df22a771b8e23690db212b0f19a6650e56a126be67213706bb7391cfb185f8464264b38cf2fb82ab791b2f4d8736f42249d8b8c8d351e79daf9e65e4d5c9b333292a595d57a64e67ffa6aa53acb01dfae2dc01d6e76869e37627d302b19a3e41bc9ce07d22b1ddffa4249ebc4168c83bd7400000004be755cd0a261f84ba4764a0ca13d4ae57590cd728e0d53d8648ec42c68516fb9f5cba6e3ed99e95627d76cc3417f799e283e4e5ecbb02ae51799fff0c15c230	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433567564"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFE7A2C1-7C7B-11EF-87F4-7694D31B45CA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000008304848277ee87edbf9b648c21e9682b48db7f5897b751cf74c1d6661bb1ea81000000000e80000000020000200000001b1f98eefec0c09e34503b75544fde88d56bedc876612a5dc91d0d7ed34219e120000000327a85d5457d31c219d7474a84daffc9ca7e38e59cf70414b9bd50c2c2b60a5f40000000b5189aeeb6af4b916e34934d4bdc800668d00d3856fb6876073b5d921254dda1d12dfe33c22d756416fe10233f70ef8c5aba62c0cf16fccb268955c6908e4c08	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405125b58810db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2704	iexplore.exe
2704	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2964	2704	iexplore.exe	30
PID 2704 wrote to memory of 2964	2704	iexplore.exe	30
PID 2704 wrote to memory of 2964	2704	iexplore.exe	30
PID 2704 wrote to memory of 2964	2704	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9943ec0506685bd514d7b60e641f039_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
GET

http://cdd.net.ua/apothecary/images/store_logo.png

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/store_logo.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/arrow_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_login.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_login.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/stylesheet.css

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/stylesheet.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/table_background_login.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/table_background_login.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/back.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/back.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/pixel_trans.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/pixel_trans.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_account.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_account.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_cart.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_cart.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/carta%20cdd.JPG HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/header_checkout.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/header_checkout.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_quick_find.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/english/images/icon.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/images/infobox/corner_right_left.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
GET

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

IEXPLORE.EXE

Remote address:

89.184.88.6:80

Request

GET /apothecary/includes/languages/russian/images/buttons/button_continue.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdd.net.ua
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 27 Sep 2024 02:54:58 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_login.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
8
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/store_logo.png

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/arrow_right.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_login.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

http

IEXPLORE.EXE

1.2kB
1.8kB
8
8

HTTP Request

GET http://cdd.net.ua/apothecary/stylesheet.css

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/table_background_login.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/header_account.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/back.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/pixel_trans.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_account.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_cart.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/carta%20cdd.JPG

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/header_checkout.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_quick_find.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/english/images/icon.gif

HTTP Response

404
89.184.88.6:80

http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

http

IEXPLORE.EXE

1.3kB
1.8kB
9
8

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/images/infobox/corner_right_left.gif

HTTP Response

404

HTTP Request

GET http://cdd.net.ua/apothecary/includes/languages/russian/images/buttons/button_continue.gif

HTTP Response

404
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2aa3b98922280a5ca5fc7cadf07adf0d

SHA1
5594cad1350ba2e837d054fe5f760af40bbd2b9b

SHA256
dac2ef07deb2b238da5c5bcce556650a0a0176a4e14fe471db529474f69b2b9d

SHA512
37b4b56b1acfa421097981450133e149082e44df2c8821a0486e8171a3d12cd99d250e5a790d0e279c243ad380ff979993f12c16065c6249abfe87fb2c34e659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71f26c78204f388068f53d3950b2cebb

SHA1
64198be3b84de5339052bca6dc53167f789a1b51

SHA256
8e64b0616f6aff87c7490b6e9e445ede4f7aae71784686f4fc73248e559568b9

SHA512
19b8082eb9d652917a3c4ac10a963c0667e9dd1cd5be714051cc119066d0ecb96aae35f73b2d2301eee14c6caa20983ac385344a30fe01f6585e66394c609c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ce8eda9c1ddea241cd7d3d1378c957b

SHA1
2d2f4f323e0bcd6c000284fdbd4c093e384679a8

SHA256
f4af43f4bc545bb548fe8b3a26c1de0ade56ad5a5b008c8b559eaa08d874d924

SHA512
3eac296f0e4ce39c73b138cb42d137b518942b03ce3330fdee0ff6e8a29bd83a804320875630ef08e4e6827e1d4123a54a69791847887e44ee9aa59f5c66824c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e67fdb7cdb687b39d5344a2dc0598e9

SHA1
c21c9a225ef561b24eaaae95ba38f64af32dda25

SHA256
5793869f2492d0f7e19b20255b1e34680de39f7012863f6f8415b47189eba39f

SHA512
280d200d61278b982aa9c3c979a21ec604ac9f1dec35c3f6b74a7b30f5cdbc7b25ddf59bdf5d7f92d1ad37a9e2249ced827ffe5a7df571196bb97accbe15dd2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
798ebfcab9956dcbcef10b1c40accad2

SHA1
11f80c37a68b042b52c521bcc3954ab4e941e3b0

SHA256
3468e8321fb2abaa35da1c4d23f5b9036a377cf213596cc50cf1da1771a884bd

SHA512
27c3e0bbc144431d4c7de4c33f952a4e950b90afa872769daed4f030c58380f0f08d3d4440b5334c2e0a8c39f926d7d2b36a0d132f9a31877afe6cc9908235f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3fb1b27347ce9e1a916e997ccdc5f20

SHA1
330fe05c20a41daff79c5fae380fb421934c5bba

SHA256
e63dc99a745776effa1cedf8b38518ca6beb2af89594331daa6ec3e765786836

SHA512
3ae36c9f820567b684384ed68de2a60837228c3f83e7b29f4044da1749bb9cdbece0f8e0eaf1c87c751ee7c4e10e69ceead61a12973b44d4563454d130579ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc427ecbbb8bcba6cb85f25266ac5d52

SHA1
225761c27db961a5cc6d297f45a9046e1cc27998

SHA256
4a5092a9aa1262264a6171b5bd69463d6a7fe77286d1c32da13e461e224e15db

SHA512
7e072a2d605b861c4abc24a026008cf6a7c76b3ce0406800655e5c111f2e1fc56f887f8b6f73f7adc2533591b401c01cd039eb610e472af6b6a210068b7f6304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7360fdafbf7c3219c114fab6c6a2c71

SHA1
4ec0ac1d68fdd1eae95eb8fc6f549b24ad9d15b6

SHA256
a611868051c1dca788658892ad03eb5e5e1e24eb284b9590364fc53db4332765

SHA512
4c14914f25612678bf80c9f1c18dd013b72f9af2cd30c09d933a5188073a4ae3b2736fe80c5f3e6362b1d0dedfa83639cba5d8243fe8bd36acb89094123e248e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad627b104a45126644ddbdb9ff00a84d

SHA1
3aa36dedf0430c4f76f01c6d5ba78eb8eea59e30

SHA256
b88e981d9d1393d047b1c1202e359de86afda7abbabf2a129f10887100f09954

SHA512
f1899e3c625afda3df928f98562a91ace564651cfc19014401006d08d69ce2f1190ee5e0cea7315aa101f86c646b40c66a8945e7599420ec224ec66b78c58f4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38c67de1178f32fecb1dda867e4b3a54

SHA1
758f93d1757ce0ae74d816bc305a3c11d2f9a781

SHA256
a55fca560f75c14efd165375cb98043a1b1da4c60c6c86c38996f2ae674c3539

SHA512
63ca9973aa180dd10cafc45b9cbc44e1dca5cbcb4dde114871f428f6045287b91d9b18a702f3f7ebcac210165fbbabd71a04fc62fa8f46992209af6dcd346dc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
640da1bfaf13fb96c4b574c422b5e32f

SHA1
cca372052d2804efefceef31ad63661e322c6ec7

SHA256
d0fdbc29c40c0cee5d2826569d0f77c18f19d019a3d0c6f02ba6f023b3663efa

SHA512
f4f11d0908cd7a43ea8614bffd4e42c4de0351ccc2020a104964c2bb7e1d05b12933bd02ed7d5655b41530dcdbee99395a66fb13fadd42722ef9c805d5d45918

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
736a2b5a6b3065e863e31e524b5d32f2

SHA1
5a39ab2cb0d822a7a6a5f002560ca151d6fa797f

SHA256
926515cbd9c88fcd79bbb962578c1029fde4495a1a49ac5fbac17cbb4c9b2425

SHA512
dd6a0d6fbac441a90e222fdda5286daac97e5d4f9049f20cf3ffc1747d096579becbe579f10dcd2b5b7cbada5ca2b6f6b5ae2749129f347369b88e210c0aa480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eea7f38e1dc0493eb077ee4c0222bd99

SHA1
62b0d1a0c72a7ca7dde2ffc8c19d1f802534fbdc

SHA256
7a829a12a5ff2720190552891ca827a033c551da2cbcf01057d3acd965056251

SHA512
600c4e235b1b22aa4f9924f99487f609adeda1f0f8bcf357c70462da4069a354852f7f4887dde59dbde3d486d79cc2748c0f49718216334bbf00c6776467e462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16ad378698f3d7e90704372eacf1a15e

SHA1
f1cd0cbbc9a375434f566dfa694dbfa6b2d782aa

SHA256
3f9d18a8fe05c241817816291d3d61764c41ddc9a75f71d2b7fe4463f5be5870

SHA512
cf63d6b634ed1d81277b27614d6708e979647d12ea6f07abe7a2d8f02faafc83aca1da2b6fcaaa42f03f5e4f87b6cea0f454b857cb402f51063a95a67e78fba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a42304e96abc5899800cdb8ad75edf63

SHA1
411f000935f490372c5a3f886e37ff1e11467979

SHA256
2dc63edf7c8e0d0138be7966720d0ad32ca5ab569c81622451be5a94b851b478

SHA512
78c1fbf38eddf5cdb478da781d290472164845e77a655a2ab358f5342b04acb7ca5498f3e940c48987fc1d1b3de08042349aab5e2a09ea975981905783ab7c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
609f6860f4c8d0631ae00e7de3f37942

SHA1
2d80756aa57ad78dc6cf9659013568b60c7908e9

SHA256
e41ac84c44649d810fc488fc69d3c5bf0d1b8079ddcd6b7461323947e7d68805

SHA512
1df5336158a0e9cd0d80908e3e1bdf8ecacb565ab3c85c14931e419098a111a43f03d3d276aa4366eb42a199f9563037efa2521d917141bc9f12e7a411a845b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ed73b2b17827d123aea5ae8c92802d5

SHA1
317078c410bf1eb9f4aaa95c30e58fe251ca1d2f

SHA256
de97ed769ec88feaf22a4dd494aa09d5a71915f22108d0ff8efce508d3bccb9c

SHA512
aa67039e190bbc943f760fe44dc300071828eb3262f1a654e7880e2699a157a1faa23a296770ac7eb45e372bf563136b000d3a255912cfc80da7a789915a3084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae51d03f5b761b56b9b3912dcadfe3b2

SHA1
0c0e9f6994fb255a771208f3d3f3471f715d48aa

SHA256
961da30e99cffe16993151080e8ddacec8c373073750dea84dec34dfcd6cf1b4

SHA512
db4b4bd76d1d34e916e32d57f47d7806b83de53886a4fe05c0f504a0cbddbcc0b3a06a190a35a7e7c84789fb48505dd46d64111e5adc160f9c24ec17b706d163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52c7edb66865c0a7fe8cb8f32bba3dc0

SHA1
c257d6a626ade59fc1890639e68e65ca1d327754

SHA256
e982f593d0c9809b704d10b3a452eebce661e9d0590e8d463819f00bfebcea84

SHA512
d2ef6f4733ae713914d026ad18f8d22985f95b78fe7357ec03c4225b9748835fdcc63637d36eec656e0236af1d07d18547f4348e0aabec289a5c47fac26cf730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e3542bcf118e61e0017e258550143a3

SHA1
4b1c808f43c91504a3ea64cfe6698d2549ba5320

SHA256
89cafa1d80926df371ed2c4bbe9e83bf247d7af9e0c8748713b4d6003ca803c2

SHA512
339f28d119ed81f75f93030d2f637bfb76c9a3a45e4a7a1137946c517735f6aa4225a59a9838f80130a5df53b1f9402fc085040359b4224f41f958e1e3b22d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dc6317947cf68010d23306ad668b380

SHA1
a9ff0c6ad41449a3f2f00466c3b8405286a02382

SHA256
65fe440a17954495a73c5e980566b4bc94031eecabf4bc0dba03721be56aec2c

SHA512
78c2b8f8f46b1ee7e200cfba757fc42d59708b6d12f587f6feada98201c067ffc0594836665c331457257d65b0634f7e84fe107dd7247e3ed597352dc19168d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA4BB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA55A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.