Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

65eb461c0e...18.exe

windows7-x64

7

65eb461c0e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 03:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe

  • Size

    304KB

  • MD5

    65eb461c0e25b8cd7ae91c926c7ae01a

  • SHA1

    324b520805a62dbfaac6a9ace496862ad37e3820

  • SHA256

    105633f1a9e627b5b64c0e0d09a5c551c8eae5fd37d178376088697337cbe0ef

  • SHA512

    0d774ebd7d71499abdd29763215a10371b23e5bca17a746d76e7b7a216bbf31a78dde670a4cdf412ecbc1b40b68184edd3cd02d98e9bf833eed1873ab0160473

  • SSDEEP

    6144:Trkw6Y0JQBkQRl7174NpNUM+UHs+tPvpqvpQAy+L9hMk+W60z4RRW9:Trkw63yRl1uqM+gs+tPvEpPy+rMzu9

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4552
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8
    1⤵
      PID:3372

    Network

    • flag-us
      DNS
      c1.stylezip.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c1.stylezip.info
      IN A
      Response
    • flag-us
      DNS
      r1.stylezip.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      r1.stylezip.info
      IN A
      Response
    • flag-us
      DNS
      r2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      r2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      c2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      c2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.194:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Wed, 22 May 2024 03:55:43 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1716350143.1009929e
    • flag-us
      DNS
      194.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.61.62.23.in-addr.arpa
      IN PTR
      Response
      194.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      c1.stylezip.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c1.stylezip.info
      IN A
      Response
    • flag-us
      DNS
      c2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      c1.stylezip.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c1.stylezip.info
      IN A
      Response
    • flag-us
      DNS
      c2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      c2.stylemy.info
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      c2.stylemy.info
      IN A
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 627437
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6699D4785C324050BE7C07AF23E32509 Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:21Z
      date: Wed, 22 May 2024 03:57:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 430689
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4D238848B939433B9851210CDD5451C9 Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:21Z
      date: Wed, 22 May 2024 03:57:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 415458
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6EDC55E6DBA24EC9A96F620E9BB2E02A Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:21Z
      date: Wed, 22 May 2024 03:57:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 792794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 89025FB8D11F4782936BA5F1745C78EA Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:21Z
      date: Wed, 22 May 2024 03:57:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2829B0F1C4714A31B91F6BABBCB2A0EA Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:21Z
      date: Wed, 22 May 2024 03:57:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D36D388918AF48A6AF86A266F3697691 Ref B: LON04EDGE1212 Ref C: 2024-05-22T03:57:22Z
      date: Wed, 22 May 2024 03:57:22 GMT
    • 23.62.61.194:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.4kB
       6.3kB
       16
      11

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 52.142.223.178:80
      46 B
       1
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      126.6kB
       3.7MB
       2658
      2653

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 8.8.8.8:53
      c1.stylezip.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      62 B
       141 B
       1
      1

      DNS Request

      c1.stylezip.info

    • 8.8.8.8:53
      r1.stylezip.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      62 B
       141 B
       1
      1

      DNS Request

      r1.stylezip.info

    • 8.8.8.8:53
      r2.stylemy.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      61 B
       140 B
       1
      1

      DNS Request

      r2.stylemy.info

    • 8.8.8.8:53
      c2.stylemy.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      122 B
       280 B
       2
      2

      DNS Request

      c2.stylemy.info

      DNS Request

      c2.stylemy.info

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      194.61.62.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      194.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      c1.stylezip.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      62 B
       141 B
       1
      1

      DNS Request

      c1.stylezip.info

    • 8.8.8.8:53
      c2.stylemy.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      61 B
       140 B
       1
      1

      DNS Request

      c2.stylemy.info

    • 8.8.8.8:53
      c1.stylezip.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      62 B
       141 B
       1
      1

      DNS Request

      c1.stylezip.info

    • 8.8.8.8:53
      c2.stylemy.info
      dns
      65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
      122 B
       280 B
       2
      2

      DNS Request

      c2.stylemy.info

      DNS Request

      c2.stylemy.info

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Tsu1A78B8E1.dll
      Filesize

      269KB

      MD5

      af7ce801c8471c5cd19b366333c153c4

      SHA1

      4267749d020a362edbd25434ad65f98b073581f1

      SHA256

      cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

      SHA512

      88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{FE365F63-24AD-4F98-AD73-6C8F25D57D95}\Custom.dll
      Filesize

      73KB

      MD5

      56a2a892987268718445147b7ddd0a98

      SHA1

      d56fe3883d4d286322981ea07d027554ad52a955

      SHA256

      5a5245919bb55d392a5e45563af2dc22a15a48a6e9e70b964b7ce339eb02a40f

      SHA512

      ef0d74fb6747006f9c997e6a43beb4de7cf72fc19000d7949da2c1a6251b9c07aa0c082a549a0b3d3e4a2f5a62682e0346ff8234457ba385488ef874fc600401

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{FE365F63-24AD-4F98-AD73-6C8F25D57D95}\_Setup.dll
      Filesize

      167KB

      MD5

      dc4d3ad609418f3941a2b5321944f80b

      SHA1

      b00e079e20a7d6bb3695407063b16a56b9de4eb0

      SHA256

      1681c8e8a8233e3f564afebe035cb912f367233a855046241433ddd06abf17bd

      SHA512

      291bc20ec28faccf8080150e9ff98ebcbc4a6e81290ba36367ab3c77d8dcf7be437a6eaf47586a527665332d185b41f78b6850d756a370db69a95da8425e349d

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.