Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 21:13

General

  • Target

    2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe

  • Size

    17.9MB

  • MD5

    2bbb36d2fc9cea2c2cd9e1d79b747032

  • SHA1

    1afcf4c95067493a0329a59d851989a0a1a4280b

  • SHA256

    bdf243c28bd6546d82912f0c9b8d9a4066aa480e3e6ffe3743133bd99b1b6e09

  • SHA512

    cf5799e738aa54bf491ec31c92abb729876f32dd56018737612acad6225020599d66d4176cdd34f48ec8b8248345e2cb2c23332a08fd44fc5738ccd4b8044b6a

  • SSDEEP

    393216:1QIeEr3FJEJzphbtprN3rdEgaUYdqYw1W+/:1QItr3F+Jz3TEgUdqtW+

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3212
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\sv.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4148
      • C:\Windows\system32\reg.exe
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
        3⤵
          PID:4712

    Network

    • flag-us
      DNS
      www.eternityinfo.us
      2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      www.eternityinfo.us
      IN A
      Response
      www.eternityinfo.us
      IN A
      172.67.184.95
      www.eternityinfo.us
      IN A
      104.21.19.7
    • flag-us
      GET
      https://www.eternityinfo.us/loaderversion.txt
      2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
      Remote address:
      172.67.184.95:443
      Request
      GET /loaderversion.txt HTTP/1.1
      Accept: */*
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: www.eternityinfo.us
      Connection: Keep-Alive
      Response
      HTTP/1.1 403 Forbidden
      Date: Thu, 09 May 2024 21:13:56 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
      Cross-Origin-Embedder-Policy: require-corp
      Cross-Origin-Opener-Policy: same-origin
      Cross-Origin-Resource-Policy: same-origin
      Origin-Agent-Cluster: ?1
      Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
      Referrer-Policy: same-origin
      X-Frame-Options: SAMEORIGIN
      cf-mitigated: challenge
      cf-chl-out: 8sFwb2vgAPq+ZQ+L9LsEa9Qj8zeRH4d0lNNVeVlWa4w1RxQ3fInwIcfnyFqSH0p6ARhBg8sdLRnW9yLrchMPeprbRUCh+7Nu5hdJ5sDR/WRulk0pCoeyJTsIz0d3RyTF3dIEu401Q28xjcq3w3AVcw==$tmQDkI2QCFVbnGUMge6Kow==
      Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
      Expires: Thu, 01 Jan 1970 00:00:01 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUrEPCCp3vtEqNBMBEf%2B6TRhDnkTnA%2BIU20lHfcD%2FTlv1jJSv4gCVxIe3F1DVeYbOxytmOX8lb%2B0fdpuH0t1NFu%2F5D%2B1tLdu43cxhOZsutlVs3%2B0gIalbzlp%2BEJBNFTgF3FO3sYD"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Server: cloudflare
      CF-RAY: 8814b2428c22dcbf-LHR
      Content-Encoding: gzip
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      101.58.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      101.58.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.184.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.184.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; domain=.bing.com; expires=Tue, 03-Jun-2025 21:13:58 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 96CA3153C74B402F990546280710E264 Ref B: LON04EDGE0612 Ref C: 2024-05-09T21:13:58Z
      date: Thu, 09 May 2024 21:13:57 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=tPXKnJaR13HzUIJWVe-EsnER_A9NT7T4wEKQxV_-1Ho; domain=.bing.com; expires=Tue, 03-Jun-2025 21:13:58 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E13CB28CC96E45438E2633248ACC03CB Ref B: LON04EDGE0612 Ref C: 2024-05-09T21:13:58Z
      date: Thu, 09 May 2024 21:13:57 GMT
    • flag-be
      GET
      https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
      Remote address:
      2.17.196.105:443
      Request
      GET /aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4E774478FC654AFC9A07BCE718809D7A Ref B: DUS30EDGE0313 Ref C: 2024-05-09T21:13:58Z
      content-length: 0
      date: Thu, 09 May 2024 21:13:58 GMT
      set-cookie: _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=0ED7403E9DFC679A29AC54449CDB66CC; path=/; httponly; expires=Tue, 03-Jun-2025 21:13:58 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.65c41102.1715289238.2064ac8
    • flag-us
      DNS
      74.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-be
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      2.17.196.105:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=0ED7403E9DFC679A29AC54449CDB66CC; _EDGE_S=SID=25865AABAD7868180A864ED1ACB869CC; MSPTC=tPXKnJaR13HzUIJWVe-EsnER_A9NT7T4wEKQxV_-1Ho; MUIDB=0ED7403E9DFC679A29AC54449CDB66CC
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Thu, 09 May 2024 21:13:59 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.65c41102.1715289239.20655d3
    • flag-us
      DNS
      105.196.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.196.17.2.in-addr.arpa
      IN PTR
      Response
      105.196.17.2.in-addr.arpa
      IN PTR
      a2-17-196-105deploystaticakamaitechnologiescom
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.121.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.121.18.2.in-addr.arpa
      IN PTR
      Response
      24.121.18.2.in-addr.arpa
      IN PTR
      a2-18-121-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 792794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CD88CA7C66BD4FF1ADDCC4EB17E5E473 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
      date: Thu, 09 May 2024 21:15:37 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 14C2D27B719A4DDF8B109E3CAC772E3A Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
      date: Thu, 09 May 2024 21:15:37 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7E8B7CAD895F4EB9B9052B35AD3AE461 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
      date: Thu, 09 May 2024 21:15:37 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 627437
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6ED1E91CC87943B4A0AD0CC752742460 Ref B: LON04EDGE0816 Ref C: 2024-05-09T21:15:37Z
      date: Thu, 09 May 2024 21:15:37 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
    • 172.67.184.95:443
      https://www.eternityinfo.us/loaderversion.txt
      tls, http
      2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
      1.7kB
      13.0kB
      23
      20

      HTTP Request

      GET https://www.eternityinfo.us/loaderversion.txt

      HTTP Response

      403
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      tls, http2
      2.5kB
      9.0kB
      19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86oYOQYMSs3urfJ8MtdLrbDVUCUwXDgZN5qWc77JjqDalPq_zuTt1NLYOBcYCabGbvdESRW_j73yfR0q8oo4TAdn8FQqc2t3L-9VBw1HFkh_Iq6r5Icqz-kWXN86w4SY6mXrWsKv4UOHJJaqlgwpxKTofjcqq8hlXEJuhyaNVAJUPAC-o%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D47a3d175cec612e6d0b2b75e7d0a076f&TIME=20240426T140249Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

      HTTP Response

      204
    • 2.17.196.105:443
      https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
      tls, http2
      1.5kB
      5.4kB
      17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=80cd5be833eb42b88fd0e1866beeef96&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140249Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

      HTTP Response

      200
    • 2.17.196.105:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.6kB
      6.4kB
      17
      13

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      100.2kB
      2.8MB
      2039
      2035

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 8.8.8.8:53
      www.eternityinfo.us
      dns
      2bbb36d2fc9cea2c2cd9e1d79b747032_JaffaCakes118.exe
      65 B
      97 B
      1
      1

      DNS Request

      www.eternityinfo.us

      DNS Response

      172.67.184.95
      104.21.19.7

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      101.58.20.217.in-addr.arpa
      dns
      72 B
      132 B
      1
      1

      DNS Request

      101.58.20.217.in-addr.arpa

    • 8.8.8.8:53
      95.184.67.172.in-addr.arpa
      dns
      72 B
      134 B
      1
      1

      DNS Request

      95.184.67.172.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      74.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      74.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      105.196.17.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      105.196.17.2.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      24.121.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      24.121.18.2.in-addr.arpa

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      173 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
      106 B
      1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      9.173.189.20.in-addr.arpa
      dns
      142 B
      157 B
      2
      1

      DNS Request

      9.173.189.20.in-addr.arpa

      DNS Request

      9.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\sv.bat

      Filesize

      116B

      MD5

      25d71d5cf6b64e80d1fa1b821d11248b

      SHA1

      238ecb551bba5267e8ae98d4d8f33297a85b0458

      SHA256

      4a3b8ebb44d9f024ac262aef474480295d2fa1bb9bd810e2404d4d4165aa6e10

      SHA512

      b2c5cc972cfe10b599c5e905828eb67f74c424f4ca8fc0f05937ab777a847bc9cdc4f03b7373f0abec74f4c31a37ac01bb56d2c602a6e4560f35bb4f6f81dc49

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.