Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

f86d5d1dc8...18.exe

windows7-x64

1

f86d5d1dc8...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 17:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f86d5d1dc8bbc8dcfcde47a433de08ef_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    f86d5d1dc8bbc8dcfcde47a433de08ef

  • SHA1

    58bf4139b8c829df7e96c330abb396580576e1ef

  • SHA256

    23f54267f3649aa027d388c42774904a4fd91732ed25c10edc9599eb93367b04

  • SHA512

    7d75581eeba1395bfeed12c93a76f273d07e2c2233531f458ec650dc9d5d8b2d80b4ac56b07b700a5e7d662bdd3f3e0667ea279784db6d231bb3b88f49934bfe

  • SSDEEP

    768:ooixwqZOoQs1oRAqvQi+AFN2T63H8E9+3KYR8BrvqBWsW3WPVm:ovKqZZQs1ShQi7+20birvqB7WT

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\f86d5d1dc8bbc8dcfcde47a433de08ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f86d5d1dc8bbc8dcfcde47a433de08ef_JaffaCakes118.exe"
    1⤵
      PID:4444

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0BDD8C0C73B9665510EB986972596746; domain=.bing.com; expires=Tue, 13-May-2025 17:19:12 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 63E50D14AAC44391A423D13E7EAC9C12 Ref B: LON04EDGE1111 Ref C: 2024-04-18T17:19:12Z
      date: Thu, 18 Apr 2024 17:19:11 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0BDD8C0C73B9665510EB986972596746
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=xxNTUjCDnJEjTAdiDjaTwRmS_omvvauGw7w-KBaeH7o; domain=.bing.com; expires=Tue, 13-May-2025 17:19:12 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C0B3B1E085284D94ACE6E603112526C2 Ref B: LON04EDGE1111 Ref C: 2024-04-18T17:19:12Z
      date: Thu, 18 Apr 2024 17:19:11 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0BDD8C0C73B9665510EB986972596746; MSPTC=xxNTUjCDnJEjTAdiDjaTwRmS_omvvauGw7w-KBaeH7o
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5D43E6C3157644FAA0539655379DA7ED Ref B: LON04EDGE1111 Ref C: 2024-04-18T17:19:12Z
      date: Thu, 18 Apr 2024 17:19:11 GMT
    • flag-us
      DNS
      67.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.114.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.114.53.23.in-addr.arpa
      IN PTR
      Response
      21.114.53.23.in-addr.arpa
      IN PTR
      a23-53-114-21deploystaticakamaitechnologiescom
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
      Response
      65.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-65deploystaticakamaitechnologiescom
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      233.17.178.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      233.17.178.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=
      tls, http2
      2.0kB
       9.2kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e0f87d8a50dd42d5a318b32b28af98cb&localId=w:1720ED0A-1154-D0C6-8544-30A988F9A221&deviceId=6896199938575611&anid=

      HTTP Response

      204
    • 52.111.227.13:443
      322 B
       7
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      67.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      67.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      21.114.53.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      21.114.53.23.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      140 B
       156 B
       2
      1

      DNS Request

      50.23.12.20.in-addr.arpa

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      65.139.73.23.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      65.139.73.23.in-addr.arpa

      DNS Request

      65.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      233.17.178.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      233.17.178.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\My Downloads\Winrar 3.2 ISO - Full Downloader.exe
      Filesize

      37KB

      MD5

      f86d5d1dc8bbc8dcfcde47a433de08ef

      SHA1

      58bf4139b8c829df7e96c330abb396580576e1ef

      SHA256

      23f54267f3649aa027d388c42774904a4fd91732ed25c10edc9599eb93367b04

      SHA512

      7d75581eeba1395bfeed12c93a76f273d07e2c2233531f458ec650dc9d5d8b2d80b4ac56b07b700a5e7d662bdd3f3e0667ea279784db6d231bb3b88f49934bfe

      Download Submit

    • memory/4444-100-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.