Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09-05-2024 21:13
Behavioral task
behavioral1
Sample
2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
-
Size
17.9MB
-
MD5
2bbb36d2fc9cea2c2cd9e1d79b747032
-
SHA1
1afcf4c95067493a0329a59d851989a0a1a4280b
-
SHA256
bdf243c28bd6546d82912f0c9b8d9a4066aa480e3e6ffe3743133bd99b1b6e09
-
SHA512
cf5799e738aa54bf491ec31c92abb729876f32dd56018737612acad6225020599d66d4176cdd34f48ec8b8248345e2cb2c23332a08fd44fc5738ccd4b8044b6a
-
SSDEEP
393216:1QIeEr3FJEJzphbtprN3rdEgaUYdqYw1W+/:1QItr3F+Jz3TEgUdqtW+
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\sv.bat 2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3212 wrote to memory of 4148 3212 2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe 84 PID 3212 wrote to memory of 4148 3212 2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe 84 PID 4148 wrote to memory of 4712 4148 cmd.exe 85 PID 4148 wrote to memory of 4712 4148 cmd.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3212 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\sv.bat2⤵
- Suspicious use of WriteProcessMemory
PID:4148 -
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f3⤵PID:4712
-
-
Network
-
Remote address:8.8.8.8:53Requestwww.eternityinfo.usIN AResponsewww.eternityinfo.usIN A172.67.184.95www.eternityinfo.usIN A104.21.19.7
-
GEThttps://www.eternityinfo.us/loaderversion.txt2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exeRemote address:172.67.184.95:443RequestGET /loaderversion.txt HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.eternityinfo.us
Connection: Keep-Alive
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 8sFwb2vgAPq+ZQ+L9LsEa9Qj8zeRH4d0lNNVeVlWa4w1RxQ3fInwIcfnyFqSH0p6ARhBg8sdLRnW9yLrchMPeprbRUCh+7Nu5hdJ5sDR/WRulk0pCoeyJTsIz0d3RyTF3dIEu401Q28xjcq3w3AVcw==$tmQDkI2QCFVbnGUMge6Kow==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUrEPCCp3vtEqNBMBEf%2B6TRhDnkTnA%2BIU20lHfcD%2FTlv1jJSv4gCVxIe3F1DVeYbOxytmOX8lb%2B0fdpuH0t1NFu%2F5D%2B1tLdu43cxhOZsutlVs3%2B0gIalbzlp%2BEJBNFTgF3FO3sYD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8814b2428c22dcbf-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request101.58.20.217.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.184.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; domain=.bing.com; expires=Tue, 03-Jun-2025 21:13:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96CA3153C74B402F990546280710E264 Ref B: LON04EDGE0612 Ref C: 2024-05-09T21:13:58Z
date: Thu, 09 May 2024 21:13:57 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=tPXKnJaR13HzUIJWVe-EsnER_A9NT7T4wEKQxV_-1Ho; domain=.bing.com; expires=Tue, 03-Jun-2025 21:13:58 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E13CB28CC96E45438E2633248ACC03CB Ref B: LON04EDGE0612 Ref C: 2024-05-09T21:13:58Z
date: Thu, 09 May 2024 21:13:57 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644Remote address:2.17.196.105:443RequestGET /aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4E774478FC654AFC9A07BCE718809D7A Ref B: DUS30EDGE0313 Ref C: 2024-05-09T21:13:58Z
content-length: 0
date: Thu, 09 May 2024 21:13:58 GMT
set-cookie: _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0ED7403E9DFC679A29AC54449CDB66CC; path=/; httponly; expires=Tue, 03-Jun-2025 21:13:58 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65c41102.1715289238.2064ac8
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:2.17.196.105:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC; MSPTC=tPXKnJaR13HzUIJWVe-EsnER_A9NT7T4wEKQxV_-1Ho; MUIDB=0ED7403E9DFC679A29AC54449CDB66CC
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Thu, 09 May 2024 21:13:59 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65c41102.1715289239.20655d3
-
Remote address:8.8.8.8:53Request105.196.17.2.in-addr.arpaIN PTRResponse105.196.17.2.in-addr.arpaIN PTRa2-17-196-105deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request24.121.18.2.in-addr.arpaIN PTRResponse24.121.18.2.in-addr.arpaIN PTRa2-18-121-24deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD88CA7C66BD4FF1ADDCC4EB17E5E473 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
date: Thu, 09 May 2024 21:15:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14C2D27B719A4DDF8B109E3CAC772E3A Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
date: Thu, 09 May 2024 21:15:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E8B7CAD895F4EB9B9052B35AD3AE461 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
date: Thu, 09 May 2024 21:15:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6ED1E91CC87943B4A0AD0CC752742460 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
date: Thu, 09 May 2024 21:15:37 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request9.173.189.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.173.189.20.in-addr.arpaIN PTR
-
172.67.184.95:443https://www.eternityinfo.us/loaderversion.txttls, http2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe1.7kB 13.0kB 23 20
HTTP Request
GET https://www.eternityinfo.us/loaderversion.txtHTTP Response
403 -
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4tls, http22.5kB 9.0kB 19 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4HTTP Response
204 -
2.17.196.105:443https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644tls, http21.5kB 5.4kB 17 12
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644HTTP Response
200 -
2.17.196.105:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.6kB 6.4kB 17 13
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2100.2kB 2.8MB 2039 2035
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 8.1kB 16 14
-
65 B 97 B 1 1
DNS Request
www.eternityinfo.us
DNS Response
172.67.184.95104.21.19.7
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
101.58.20.217.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
95.184.67.172.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 157 B 1 1
DNS Request
74.32.126.40.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
105.196.17.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
24.121.18.2.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
9.173.189.20.in-addr.arpa
DNS Request
9.173.189.20.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116B
MD525d71d5cf6b64e80d1fa1b821d11248b
SHA1238ecb551bba5267e8ae98d4d8f33297a85b0458
SHA2564a3b8ebb44d9f024ac262aef474480295d2fa1bb9bd810e2404d4d4165aa6e10
SHA512b2c5cc972cfe10b599c5e905828eb67f74c424f4ca8fc0f05937ab777a847bc9cdc4f03b7373f0abec74f4c31a37ac01bb56d2c602a6e4560f35bb4f6f81dc49