0461cb89c3b38350d2b710c6f2ad36ddbf66cb20ce6338a30452016aa655fa7f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 17:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c5e69cb6b6b1490393afd5d4694caf7_JaffaCakes118.exe
Size

345KB
MD5

0c5e69cb6b6b1490393afd5d4694caf7
SHA1

a3f7cf9b17acfcf0d974fd3b306d921c5ad3fb21
SHA256

0461cb89c3b38350d2b710c6f2ad36ddbf66cb20ce6338a30452016aa655fa7f
SHA512

78c4adb65f35dca8ac083ac6550ca856e8fce92ea0fbad85c7ec0236d7674fd5fb1dee11ed34d50183b72ccdd9f925d2e706c8845612fd95e52f8ff1ecc1e2b2
SSDEEP

6144:ZujgdRI/91IkY5G68DYo1HI4Sdj696ToC9tVDVWQ7YeTBZO0RQ1dF:ZBdRIFAGlDY2SkKr7YeTzBK

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3388	0c5e69cb6b6b1490393afd5d4694caf7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0c5e69cb6b6b1490393afd5d4694caf7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c5e69cb6b6b1490393afd5d4694caf7_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3388

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=18390BBB17E1632C02031FC9165A6219; domain=.bing.com; expires=Mon, 26-May-2025 17:13:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 98655708A401419BBAE3031136035033 Ref B: LON04EDGE0813 Ref C: 2024-05-01T17:13:31Z
date: Wed, 01 May 2024 17:13:30 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18390BBB17E1632C02031FC9165A6219; _EDGE_S=SID=0126FFF25E7863972475EB805FD26205

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=uhnqgfZgC1fLc4X6QtGsi7dyr2jAmVQjoeYuC-NDQTc; domain=.bing.com; expires=Mon, 26-May-2025 17:13:31 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59E38BC2598C44BEB7216B79CF09903B Ref B: LON04EDGE0813 Ref C: 2024-05-01T17:13:31Z
date: Wed, 01 May 2024 17:13:30 GMT
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
GET

https://www.bing.com/aes/c.gif?RG=ad8aaaebac114385b86d22b39a75394d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133052Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

Remote address:

23.62.61.155:443

Request

GET /aes/c.gif?RG=ad8aaaebac114385b86d22b39a75394d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133052Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18390BBB17E1632C02031FC9165A6219

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F7D07F0D62B34D83A22B50DAA6EB2BD2 Ref B: DUS30EDGE0707 Ref C: 2024-05-01T17:13:31Z
content-length: 0
date: Wed, 01 May 2024 17:13:31 GMT
set-cookie: _EDGE_S=SID=0126FFF25E7863972475EB805FD26205; path=/; httponly; domain=bing.com
set-cookie: MUIDB=18390BBB17E1632C02031FC9165A6219; path=/; httponly; expires=Mon, 26-May-2025 17:13:31 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.973d3e17.1714583611.e4b2580
DNS

134.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.190.18.2.in-addr.arpa

IN PTR

Response

134.190.18.2.in-addr.arpa

IN PTR

a2-18-190-134deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

155.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.61.62.23.in-addr.arpa

IN PTR

Response

155.61.62.23.in-addr.arpa

IN PTR

a23-62-61-155deploystaticakamaitechnologiescom
GET

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.155:443

Request

GET /th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=18390BBB17E1632C02031FC9165A6219; _EDGE_S=SID=0126FFF25E7863972475EB805FD26205; MSPTC=uhnqgfZgC1fLc4X6QtGsi7dyr2jAmVQjoeYuC-NDQTc; MUIDB=18390BBB17E1632C02031FC9165A6219
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1463
date: Wed, 01 May 2024 17:13:32 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.973d3e17.1714583612.e4b2b35
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

94.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.143.109.104.in-addr.arpa

IN PTR

Response

94.143.109.104.in-addr.arpa

IN PTR

a104-109-143-94deploystaticakamaitechnologiescom
DNS

249.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.197.17.2.in-addr.arpa

IN PTR

Response

249.197.17.2.in-addr.arpa

IN PTR

a2-17-197-249deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response

204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

tls, http2

2.5kB
9.0kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8mAD6iB2uHJGI4AafxGCNIjVUCUxt1QTXSymZlogi_3bNF42WpOQovLxw7llqxeN71VKo4kmJtkJlaB-YgCuTE3oYj9HXvf0vqv845ggO0DbYVhAdtVs6k3rFmwiU5zCyQWaWJYx50Ilq9Vowl_ViAA_4g75mV5S2KtETS-Gd9s6Ueb0a%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5ff25801619f1a0fc41b3e2acdd0ae98&TIME=20240426T133052Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

HTTP Response

204
23.62.61.155:443

https://www.bing.com/aes/c.gif?RG=ad8aaaebac114385b86d22b39a75394d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133052Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

tls, http2

1.5kB
5.4kB
17
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=ad8aaaebac114385b86d22b39a75394d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133052Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

HTTP Response

200
23.62.61.155:443

https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.7kB
6.8kB
18
14

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239355179391_1LFCMSFC5TYGHD1FP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

134.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

134.190.18.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

155.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

155.61.62.23.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

94.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

94.143.109.104.in-addr.arpa
8.8.8.8:53

249.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

249.197.17.2.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.