Analysis
-
max time kernel
91s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 19:20
Static task
static1
Behavioral task
behavioral1
Sample
f67ddc68306f26e3741ae404b8c71e3f_JaffaCakes118.js
Resource
win7-20240319-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
f67ddc68306f26e3741ae404b8c71e3f_JaffaCakes118.js
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
f67ddc68306f26e3741ae404b8c71e3f_JaffaCakes118.js
-
Size
194KB
-
MD5
f67ddc68306f26e3741ae404b8c71e3f
-
SHA1
ed2561daa25e4e0ad6ab951f01f57d0687043e61
-
SHA256
2830cab6897efef3b59085d97fd3fa72e9386914e14dc7b863c27d28987269db
-
SHA512
1f4e0e29ae949487b4ff87584980e8fa1359dc1e32ff386bf8633d3b1a923a53f8bdd921a089b9b534d80a5fd522e0035b97328028f411cd3191468ab94a0f33
-
SSDEEP
3072:m6JO0C5zUxXAUVRLM2Zoyvd5Xfy87+7ynKev4:m6Jw5zUxXAUVRtZoyvPzi7ynl4
Score
1/10
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3D69855BFF296B213A31913FFE926AEF; domain=.bing.com; expires=Mon, 12-May-2025 19:21:13 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 333EE108DACC44BF8BE561EC111E2079 Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
date: Wed, 17 Apr 2024 19:21:13 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D69855BFF296B213A31913FFE926AEF
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc; domain=.bing.com; expires=Mon, 12-May-2025 19:21:13 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E453D49FB6D74D2BB043744BD1A292EB Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
date: Wed, 17 Apr 2024 19:21:13 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D69855BFF296B213A31913FFE926AEF; MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D0C390B9CE214AF5A3DD2951B79267C0 Ref B: LON04EDGE0809 Ref C: 2024-04-17T19:21:13Z
date: Wed, 17 Apr 2024 19:21:13 GMT
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.32.209.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request60.166.213.23.in-addr.arpaIN PTRResponse60.166.213.23.in-addr.arpaIN PTRa23-213-166-60deploystaticakamaitechnologiescom
-
GEThttps://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.186:443RequestGET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=3D69855BFF296B213A31913FFE926AEF; MSPTC=Q3NQmi5wf9wgCpRy3F-FkgCYqJ6WcvWeHecAUJ8Mjzc
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1678
date: Wed, 17 Apr 2024 19:21:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b63d3e17.1713381682.1b646be
-
Remote address:8.8.8.8:53Request186.61.62.23.in-addr.arpaIN PTRResponse186.61.62.23.in-addr.arpaIN PTRa23-62-61-186deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request106.27.33.23.in-addr.arpaIN PTRResponse106.27.33.23.in-addr.arpaIN PTRa23-33-27-106deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=tls, http22.0kB 9.2kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=eb01d4b9319e42599a16b0e2d6a3a06f&localId=w:8278E319-FE4C-D664-BDAB-F28E31699514&deviceId=6896199938771339&anid=HTTP Response
204 -
23.62.61.186:443https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.9kB 17 12
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
67.32.209.4.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
60.166.213.23.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
186.61.62.23.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
106.27.33.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa