Analysis

  • max time kernel
    96s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 00:39 UTC

General

  • Target

    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe

  • Size

    315KB

  • MD5

    0f453e832c109df6d26eec4434aafbca

  • SHA1

    dfb5f7822306b549bb2396f85b781894a816733d

  • SHA256

    83cd1187f073de8901e292717784d507c85e601347486cdcdf17c142fb6c1c1c

  • SHA512

    70fb757cc4bc408f739a82bfcf81d80a97f2f5ca13d7ad8eb0cc49310d7c8ca4332fbdb7fda9db6b73bdc8bee5702f7d8739a7c705e11c60c320af5fd119b36f

  • SSDEEP

    6144:orpbUzkuvcBYC47l2xyfalkLUsx4Y0k8ojcX/pJ2enmrIJzO1LBut0njxxuQ9U+:orakuveY3hfaaLUsx4JkxjYJ2emrCz25

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2728

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    108.59.12.98
  • flag-us
    DNS
    c1.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    108.59.12.98:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1991
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 11
    date: Fri, 03 May 2024 00:39:08 GMT
    location: http://survey-smiles.com
    server: nginx
    set-cookie: sid=8d733f90-08e5-11ef-9aeb-4d3c5c6c9dee; path=/; domain=.getapplicationmy.info; expires=Wed, 21 May 2092 03:53:15 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    survey-smiles.com
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    survey-smiles.com
    IN A
    Response
    survey-smiles.com
    IN A
    199.59.243.225
  • flag-us
    GET
    http://survey-smiles.com/
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    199.59.243.225:80
    Request
    GET / HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Cache-Control: no-cache
    Host: survey-smiles.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Fri, 03 May 2024 00:39:08 GMT
    content-type: text/html; charset=utf-8
    content-length: 1054
    x-request-id: a45a3a7c-35dd-41b0-a0e6-4613674b8ecf
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TNA+5zAcuC8zFDIUlgADyF1DJLNUMdO2R648/pkg9lhWgcvsI62wu/JHrI4Qs5t09aOJmgUcGqHz7s3DHsuGGg==
    set-cookie: parking_session=a45a3a7c-35dd-41b0-a0e6-4613674b8ecf; expires=Fri, 03 May 2024 00:54:08 GMT; path=/
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=02E126D1924263EF2A4732A593656290; domain=.bing.com; expires=Wed, 28-May-2025 00:39:09 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 57B538434F8542319C5B84154F02FEA4 Ref B: LON04EDGE0712 Ref C: 2024-05-03T00:39:09Z
    date: Fri, 03 May 2024 00:39:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=02E126D1924263EF2A4732A593656290; _EDGE_S=SID=21911F34696C606439FD0B4068AC6108
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=0RwAU3cNkrVLGxUUfcR_jzGlMb9QlCF8UxXr_mdcD_0; domain=.bing.com; expires=Wed, 28-May-2025 00:39:09 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 77C880B17AE64614B7A23FFC26010B98 Ref B: LON04EDGE0712 Ref C: 2024-05-03T00:39:09Z
    date: Fri, 03 May 2024 00:39:08 GMT
  • flag-us
    DNS
    98.12.59.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.12.59.108.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    225.243.59.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    225.243.59.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=4fd29284991840ffac98167860493b54&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131149Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893
    Remote address:
    23.62.61.97:443
    Request
    GET /aes/c.gif?RG=4fd29284991840ffac98167860493b54&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131149Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=02E126D1924263EF2A4732A593656290
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5ED6A1B1B1404DEF8BE1C15EA0A58FA2 Ref B: DUS30EDGE0314 Ref C: 2024-05-03T00:39:09Z
    content-length: 0
    date: Fri, 03 May 2024 00:39:09 GMT
    set-cookie: _EDGE_S=SID=21911F34696C606439FD0B4068AC6108; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=02E126D1924263EF2A4732A593656290; path=/; httponly; expires=Wed, 28-May-2025 00:39:09 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5d3d3e17.1714696749.2b808e6
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.61.62.23.in-addr.arpa
    IN PTR
    Response
    97.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    c1.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.97:443
    Request
    GET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=02E126D1924263EF2A4732A593656290; _EDGE_S=SID=21911F34696C606439FD0B4068AC6108; MSPTC=0RwAU3cNkrVLGxUUfcR_jzGlMb9QlCF8UxXr_mdcD_0; MUIDB=02E126D1924263EF2A4732A593656290
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1678
    date: Fri, 03 May 2024 00:39:14 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5d3d3e17.1714696754.2b815ba
  • flag-us
    DNS
    c1.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.28.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.28.101.95.in-addr.arpa
    IN PTR
    Response
    48.28.101.95.in-addr.arpa
    IN PTR
    a95-101-28-48deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 108.59.12.98:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    2.5kB
    658 B
    8
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    302
  • 199.59.243.225:80
    http://survey-smiles.com/
    http
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    539 B
    2.5kB
    9
    6

    HTTP Request

    GET http://survey-smiles.com/

    HTTP Response

    200
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
    tls, http2
    2.5kB
    9.0kB
    20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fxb-CZYm_AEjwOb6szeb_zVUCUyO2Iw7FBJyWU1R8pnXK1yvcFhffEllyvAEEuXW7rpa-7sxXBzRBUHIn_poem2iIs4jqLYogsOzorovUvDiCh-5p-q094iXq5UcI2SjrDCPeuFe1pfpxuzQrsaUPNHFpXDN3hWWoaaBvr_nl_oeOxkR%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59d35bb60fdb1914f0093d9da82d3931&TIME=20240426T131149Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E

    HTTP Response

    204
  • 23.62.61.97:443
    https://www.bing.com/aes/c.gif?RG=4fd29284991840ffac98167860493b54&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131149Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893
    tls, http2
    1.4kB
    5.4kB
    16
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=4fd29284991840ffac98167860493b54&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131149Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893

    HTTP Response

    200
  • 23.62.61.97:443
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
    7.0kB
    18
    13

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 52.111.227.11:443
    322 B
    7
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    70 B
    86 B
    1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    108.59.12.98

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    69 B
    148 B
    1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    69 B
    148 B
    1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    survey-smiles.com
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    63 B
    79 B
    1
    1

    DNS Request

    survey-smiles.com

    DNS Response

    199.59.243.225

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    98.12.59.108.in-addr.arpa
    dns
    71 B
    134 B
    1
    1

    DNS Request

    98.12.59.108.in-addr.arpa

  • 8.8.8.8:53
    225.243.59.199.in-addr.arpa
    dns
    73 B
    131 B
    1
    1

    DNS Request

    225.243.59.199.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    97.61.62.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    97.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    69 B
    148 B
    1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    69 B
    148 B
    1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    69 B
    148 B
    1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
    138 B
    148 B
    2
    1

    DNS Request

    c2.downlloaddatamy.info

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    48.28.101.95.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    48.28.101.95.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuBE18FD43.dll

    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

  • C:\Users\Admin\AppData\Local\Temp\{C82B7CD4-F4DA-4689-A462-BCF813C85E22}\Custom.dll

    Filesize

    91KB

    MD5

    a6312af27b3d15b556341f63bce617ed

    SHA1

    27d5724ba3c3d14065184558a434a0e78e742edb

    SHA256

    432adc14aeb197e7bc24a77d29a18e82b7c02047efb3a354e0c2ce95719a8cae

    SHA512

    c08ec354dcd7e3455ad419d13d4cd3e748f8579b089baa9e0c0347ccd58bc80333d066fe291e5a120b58fe3603a8a084771f6d80c73c433c9b0f00931e4f3f8a

  • C:\Users\Admin\AppData\Local\Temp\{C82B7CD4-F4DA-4689-A462-BCF813C85E22}\_Setup.dll

    Filesize

    173KB

    MD5

    081c1ac0aaaaec8b4eb06c541a40592e

    SHA1

    bedb928c8c3a44942405de146c7b6bd63a438c65

    SHA256

    7db7c245ad224e7018f5478b3f7c4695144fe65319973c8c536840bba53e9ab8

    SHA512

    df96ea85e670ef0c58108d92683115480ef57174e341672edc26d111738560bbe17781a26fe62da2d9091fdfc6e1a70f1822b09f22be7893ebecd7d08dcc57b2

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.