Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    4s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    15/05/2024, 10:41 UTC

General

  • Target

    45c9b4191c35caa4133d80332f11a792_JaffaCakes118.apk

  • Size

    12.8MB

  • MD5

    45c9b4191c35caa4133d80332f11a792

  • SHA1

    e4d6de17c51a1da4077367775a003f42e950f26e

  • SHA256

    e728e32a967bf6305a2ae34338875aa7940c7ac9b54c6ad56805d4cdfc36229d

  • SHA512

    a20ac68ad60c2af151f5aa02772bf03e57dd078e161be116ae9fc1cda970baa6206e2bc376991f6c67273939e7f64f6c5fc96fda2f4c777c111968f040bbd1cb

  • SSDEEP

    196608:qNGdCMlSrdvcIr3dYPvnYszI2WpgZg3+eSFSNoraRsaRq:qNG/lSZkDQqI24geOBFSNwa0

Score
1/10

Malware Config

Signatures

Processes

  • com.jian.zhai.mi
    1⤵
      PID:4552

    Network

    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      142.250.178.14
    • flag-us
      DNS
      www.juzimi.com
      Remote address:
      1.1.1.1:53
      Request
      www.juzimi.com
      IN A
      Response
      www.juzimi.com
      IN A
      172.67.216.149
      www.juzimi.com
      IN A
      104.21.78.47
    • flag-us
      DNS
      www.wufazhuce.com
      Remote address:
      1.1.1.1:53
      Request
      www.wufazhuce.com
      IN A
      Response
      www.wufazhuce.com
      IN A
      47.104.230.204
    • flag-us
      GET
      http://www.juzimi.com/todayhot?page=0
      Remote address:
      172.67.216.149:80
      Request
      GET /todayhot?page=0 HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: www.juzimi.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 15 May 2024 10:42:19 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 15 May 2024 11:42:19 GMT
      Location: https://www.juzimi.com/todayhot?page=0
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly6tFM6%2BjgywD4o7%2F1XIqhNGKppLyeJCxY2yrilB2Ya%2Fjb6IL1afDISM5UW7EHBwoE8Wm1Mw9w37BrD8FSsZ2Cmys39%2BXbpCnasGsUfeJFzrtwUDSMtusoHHMAhKb8vTCg%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Server: cloudflare
      CF-RAY: 88428548e86100a7-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      http://www.juzimi.com/new?page=0
      Remote address:
      172.67.216.149:80
      Request
      GET /new?page=0 HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: www.juzimi.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 15 May 2024 10:42:19 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 15 May 2024 11:42:19 GMT
      Location: https://www.juzimi.com/new?page=0
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Qu71oArfidRhN0LQMwVlKsayXYis1PxxUDOigAggq%2BqXPSupmB9YVsXqYtPO33ug%2BgCgYiYgWxeS5aanrMAzxZGuQhp9RpUoNymZOeBIlM4jG%2BR7og2dfcfnHRWx9N38A%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Server: cloudflare
      CF-RAY: 88428548ed2edcff-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      http://www.juzimi.com/meitumeiju/jingdianduibai?page=0
      Remote address:
      172.67.216.149:80
      Request
      GET /meitumeiju/jingdianduibai?page=0 HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: www.juzimi.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 15 May 2024 10:42:19 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 15 May 2024 11:42:19 GMT
      Location: https://www.juzimi.com/meitumeiju/jingdianduibai?page=0
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tD97JLksjfdz9tcZbWccdfcDLrmcUNaOj2kxqAAV7HVBiQoY5hsvbs5XcwIzRnsLQrRW%2BWfGTilP9SnqjSJPBr5aXGPM0zzQPz5nLXYJ7pr2AeapCazyD7%2FkLnERjzQLDw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Server: cloudflare
      CF-RAY: 88428548ea417741-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
      Response
      ssl.google-analytics.com
      IN A
      172.217.16.232
    • flag-us
      GET
      https://www.juzimi.com/new?page=0
      Remote address:
      172.67.216.149:443
      Request
      GET /new?page=0 HTTP/2.0
      host: www.juzimi.com
      user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      accept-encoding: gzip
      Response
      HTTP/2.0 200
      date: Wed, 15 May 2024 10:42:19 GMT
      content-type: text/html
      report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi51YmMB1hwz8RzhCY%2BxJ9xwdjt76elW2FLRZMd%2BDamCQYuGWJnNbWAUqI8GcTllPRft7%2BlcVw3DQtcBtkM0puQaG3nwrxKX7aV%2F8IRkht%2BIKBPyb5g9%2FZ0UTE6QDLUuoA%3D%3D"}],"group":"cf-nel","max_age":604800}
      nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      vary: Accept-Encoding
      cf-cache-status: DYNAMIC
      server: cloudflare
      cf-ray: 8842854a3a233daf-LHR
      content-encoding: gzip
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://www.juzimi.com/meitumeiju/jingdianduibai?page=0
      Remote address:
      172.67.216.149:443
      Request
      GET /meitumeiju/jingdianduibai?page=0 HTTP/2.0
      host: www.juzimi.com
      user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      accept-encoding: gzip
      Response
      HTTP/2.0 200
      date: Wed, 15 May 2024 10:42:19 GMT
      content-type: text/html
      report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9f4nlP2ImIc6co4FWPUmiv5ClofeILFSvloyX30CF0B%2Bg9w9aYyMHq9lVun3XeThbWUVyVf%2BRYfm%2BM39PMVfHvzJ01par2CtIXikpJcy%2FgoE2VQZ4u5hEWIGzR%2B9uXenA%3D%3D"}],"group":"cf-nel","max_age":604800}
      nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      vary: Accept-Encoding
      cf-cache-status: DYNAMIC
      server: cloudflare
      cf-ray: 8842854a3a283daf-LHR
      content-encoding: gzip
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://www.juzimi.com/todayhot?page=0
      Remote address:
      172.67.216.149:443
      Request
      GET /todayhot?page=0 HTTP/2.0
      host: www.juzimi.com
      user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      accept-encoding: gzip
      Response
      HTTP/2.0 200
      date: Wed, 15 May 2024 10:42:19 GMT
      content-type: text/html
      report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbjfzhlrzHFdKFjCokZJQnw5NsLeJVSRJUe97M13vfaH298hIS6f5jBKKf%2F%2BPsm4d0GYl7RZkRAckHSo4c21cR7YCNqtseOvwf9Aix6PO%2B%2BGt0QFbZHMPKyHcRuIDHlhKw%3D%3D"}],"group":"cf-nel","max_age":604800}
      nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      vary: Accept-Encoding
      cf-cache-status: DYNAMIC
      server: cloudflare
      cf-ray: 8842854a3a253daf-LHR
      content-encoding: gzip
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      www.google.com
      Remote address:
      1.1.1.1:53
      Request
      www.google.com
      IN A
      Response
      www.google.com
      IN A
      142.250.180.4
    • 172.217.169.14:443
      tls, https
      695 B
      40 B
      1
      1
    • 172.217.169.14:443
      tls, https
      695 B
      40 B
      1
      1
    • 142.250.178.14:443
      android.apis.google.com
      tls
      5.1kB
      8.7kB
      24
      23
    • 172.67.216.149:80
      http://www.juzimi.com/todayhot?page=0
      http
      556 B
      1.2kB
      7
      5

      HTTP Request

      GET http://www.juzimi.com/todayhot?page=0

      HTTP Response

      301
    • 172.67.216.149:80
      http://www.juzimi.com/new?page=0
      http
      551 B
      1.2kB
      7
      5

      HTTP Request

      GET http://www.juzimi.com/new?page=0

      HTTP Response

      301
    • 172.67.216.149:80
      http://www.juzimi.com/meitumeiju/jingdianduibai?page=0
      http
      573 B
      1.2kB
      7
      5

      HTTP Request

      GET http://www.juzimi.com/meitumeiju/jingdianduibai?page=0

      HTTP Response

      301
    • 172.217.16.232:443
      ssl.google-analytics.com
      tls
      1.4kB
      6.1kB
      10
      9
    • 172.67.216.149:443
      www.juzimi.com
      tls, http2
      1.2kB
      5.7kB
      9
      8
    • 172.67.216.149:443
      www.juzimi.com
      tls, http2
      1.1kB
      5.7kB
      8
      8
    • 172.67.216.149:443
      https://www.juzimi.com/todayhot?page=0
      tls, http2
      1.7kB
      9.0kB
      14
      18

      HTTP Request

      GET https://www.juzimi.com/new?page=0

      HTTP Request

      GET https://www.juzimi.com/meitumeiju/jingdianduibai?page=0

      HTTP Request

      GET https://www.juzimi.com/todayhot?page=0

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 142.250.200.4:443
      tls, https
      915 B
      40 B
      2
      1
    • 142.250.200.4:443
      www.google.com
      tls
      11.4kB
      6.9kB
      30
      37
    • 142.250.178.3:443
      520 B
      10
    • 142.250.180.4:443
      www.google.com
      tls
      10.2kB
      6.5kB
      16
      14
    • 224.0.0.251:5353
      3.7kB
      11
    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
      109 B
      1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      142.250.178.14

    • 1.1.1.1:53
      www.juzimi.com
      dns
      60 B
      92 B
      1
      1

      DNS Request

      www.juzimi.com

      DNS Response

      172.67.216.149
      104.21.78.47

    • 1.1.1.1:53
      www.wufazhuce.com
      dns
      63 B
      79 B
      1
      1

      DNS Request

      www.wufazhuce.com

      DNS Response

      47.104.230.204

    • 1.1.1.1:53
      ssl.google-analytics.com
      dns
      70 B
      86 B
      1
      1

      DNS Request

      ssl.google-analytics.com

      DNS Response

      172.217.16.232

    • 1.1.1.1:53
      www.google.com
      dns
      60 B
      76 B
      1
      1

      DNS Request

      www.google.com

      DNS Response

      142.250.180.4

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/1cc2fee3b5df66c61f5a726cea476ff3.0.tmp

      Filesize

      6KB

      MD5

      e7be604dffb2a533e99e08486f18c7d1

      SHA1

      eeace6e801bdd874f4fe6c1a06e0f8606dd561d8

      SHA256

      7be108f81be2addd911d757b68d78e4f466686a9c33b354ba9347e86a792c7c9

      SHA512

      edd9f9a3f73d09f5c57c94d3f55246f9cf27876db56a909aec171d1ced216c213f54db006741c85863f5b9b672e016870400303b6525c9510c661fe0ccbfe600

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/1cc2fee3b5df66c61f5a726cea476ff3.1.tmp

      Filesize

      529B

      MD5

      52dff8fe36bcee8a27e464fb2e1dc9e2

      SHA1

      2e31abbc8d1e11a69a146d9695cab6f8417a39e7

      SHA256

      ffcf6bf3cc9b863b06a632862bf6d5a743115f5cec723cee93ce26771ee37596

      SHA512

      57b0834ee81117a3fc399e8f603837c2c0f89bc31575933d23f20f2848b4288f986bd6a8fdc10bc43a86df160da02683f8efa50b68748397c18205242c785471

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/4a1b729d3d31baa1add1404baebda24b.0.tmp

      Filesize

      879B

      MD5

      3469f845d187449b50b72db57ddcac48

      SHA1

      7d20dfc518699e653e0de0921b06c7cf21deb363

      SHA256

      aa199ab1aeee280635a412a59cf6839641bbf03c8fa8419209859ca8942807ab

      SHA512

      954b11aa740e558d2188527cac342a5e87a9f82e759ecc46ca559589c12faa2d211b8a05e210b36fbd740ee5d49be7063668b1d69cbcee529ecd881755193a53

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/4a1b729d3d31baa1add1404baebda24b.1.tmp

      Filesize

      167B

      MD5

      0104c301c5e02bd6148b8703d19b3a73

      SHA1

      7436e0b4b1f8c222c38069890b75fa2baf9ca620

      SHA256

      446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

      SHA512

      84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/75703ce46c5e03a93a8b033db567b4e3.0.tmp

      Filesize

      849B

      MD5

      b370f7e9b4a4ba139ac0241e7f8e1dea

      SHA1

      954a62054a61701c6186456d2b04590fe1befc65

      SHA256

      79ae614cc9370ca531d7b9add4b8f43a9b3d4a84f2de0bb3442fa22fc42f257a

      SHA512

      287dd6a32ef8a2105e517712a08c941b091bcca60dbc09bdfd134682673cd33253c9f90dd711f9149b7a17c4a974ded8c11e07f901eff31f02fccb806dadf70c

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/86062909634e4d399834f70ad1743965.0.tmp

      Filesize

      6KB

      MD5

      641b31bdce7c2aa6ee31839e46d3f61c

      SHA1

      e73cdd48cb24c8e507f657dc2742e5b3ef33db63

      SHA256

      185fbcb8d91a8ccad796921d1f61c2fa52fa94555834c86af4a6a06923b3de8f

      SHA512

      d95d158882e163c0be20bc968b76123ed69d2b4506da78dd6d040a65ecb32da77a8423cde8776339b86155e0ed8ae1a92c9735b47155309bb4b0373dde10113b

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/bac552de5401a5ec0f06f6e199eea71c.0.tmp

      Filesize

      6KB

      MD5

      ce53572200daa09769cab07ee606d4bf

      SHA1

      eaa74cf1e1a5cfd11a71db35d24cc7a2bab6eeb6

      SHA256

      5adbdcc8839da641b6d267f967cf87c83caf402fd72dc53a9a2353c6c94d53d5

      SHA512

      dac426f05137ea44377df62b72d68074414bed7e09b81fe06036ce579521c93369a02b6c92dc2ffa7a686ed7bd6ec10d56c27f480f1f242fc3912bbf71b96311

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/cf56ef5c2bc999c7fc609684c09d5375.0.tmp

      Filesize

      837B

      MD5

      d350abe1839f561f2790ffe68991bc61

      SHA1

      54454687242e040242ae73eedbdef469d1092a64

      SHA256

      5fd4432f9e780c3ed7c2992e09757828ceff9a1ba998c413a8e5973a33ea2fd5

      SHA512

      ecc2ef908a9b879a6d35ecc357218d8bb5d24cc0c048acb6d6b389e001603a5aa4fe1b7f6ab8f7f3a2cdab977bbcda69e4ea31eb0fa6d020cf7458aab291877a

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/journal

      Filesize

      39B

      MD5

      075e11a7715c329ac7443ceb53d61c04

      SHA1

      c9afa16e07b858cc117c86a4e3eb0eba8e7ce7df

      SHA256

      4937a768a12fab4d52dfa4000311850aa5ec37b1c3b2e558496ae8f010cffce0

      SHA512

      485434f727e1da66d7c80b5611d7c679900d14559f74be77c71b0363d09c47b2e3089260a523e8ca9d8cf7698277b59532b06497cbdb7d7817d7daab8a610260

    • /data/user/0/com.jian.zhai.mi/cache/okhttp_cache/journal.tmp

      Filesize

      36B

      MD5

      37e8e716e0e2f4a0b05cd9571d95b84d

      SHA1

      f8d068f6931707bddb8cd69f706f2224ad1fea3c

      SHA256

      7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

      SHA512

      e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

    • /data/user/0/com.jian.zhai.mi/files/objectbox/objectbox/data.mdb

      Filesize

      12KB

      MD5

      71c25f5e2760de2e23fdc368fa8f39af

      SHA1

      75f94d53adab3cc5469ff3d6431857e87e034499

      SHA256

      f6cd4b6e2f88544fceb0ed1c7afc0bed701b34746730d9b5e49fefaf4cb0d70b

      SHA512

      0791748154d0d647b8ace59c73bc25d4c831e5a2814a0c6497f4ba22a392efa836915dc7488d1476265b4e7bfe71786aacda7a179628801d1102b83347f62764

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.