Overview

overview

7

Static

static

3

007ed768ce...18.exe

windows7-x64

7

007ed768ce...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 21:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe

  • Size

    536KB

  • MD5

    007ed768ceb285948ced9dbf3e3aeff3

  • SHA1

    44957ce087b4588a9c561ecad088eb692bb6db6f

  • SHA256

    95c986ebbfe26f86137e189ca4a9cd318d89038a6714788dfede7550d2cf19ba

  • SHA512

    9af05a8b7ecfbcb361541c895ee03c4d9c64b2aad6547a8c2ba9ad9c3f515260bf63005faeef1f6f98978e1df9b5d9bdd92b7e38f873b0749ec25f461e739aef

  • SSDEEP

    12288:N/Nczc06iRQPRXNkDMHQo30veSBiQPp4kv8Tq:zmc06++kDXRGELPpFU2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3132
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 324
      2⤵
      • Program crash
      PID:3476
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3132 -ip 3132
    1⤵
      PID:2072
    • C:\Windows\systme32\Mok.exe
      C:\Windows\systme32\Mok.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3588
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 320
        2⤵
        • Program crash
        PID:2584
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2224
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3588 -ip 3588
        1⤵
          PID:3112

        Network

        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.dual-a-0034.a-msedge.net
          g-bing-com.dual-a-0034.a-msedge.net
          IN CNAME
          dual-a-0034.a-msedge.net
          dual-a-0034.a-msedge.net
          IN A
          204.79.197.237
          dual-a-0034.a-msedge.net
          IN A
          13.107.21.237
        • flag-us
          GET
          https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
          Remote address:
          204.79.197.237:443
          Request
          GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=0D9E20A401D66FFB0CCC340700366E67; domain=.bing.com; expires=Mon, 14-Jul-2025 21:07:28 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 4CFDE800F9A7401CA0D4ABBCCB0DEA60 Ref B: LON04EDGE1007 Ref C: 2024-06-19T21:07:28Z
          date: Wed, 19 Jun 2024 21:07:27 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
          Remote address:
          204.79.197.237:443
          Request
          GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=0D9E20A401D66FFB0CCC340700366E67; _EDGE_S=SID=34078DB81A3569613C13991B1BF5684F
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=e2FmVsEPbfWAGqLhL1W6gi7iM4Q2saGwBffuGcX-SLs; domain=.bing.com; expires=Mon, 14-Jul-2025 21:07:28 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: A0AABF926CBC49DDB886F9D00105826C Ref B: LON04EDGE1007 Ref C: 2024-06-19T21:07:28Z
          date: Wed, 19 Jun 2024 21:07:27 GMT
        • flag-us
          DNS
          228.249.119.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          228.249.119.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          72.32.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          72.32.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.214.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.214.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-nl
          GET
          https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
          Remote address:
          23.62.61.97:443
          Request
          GET /aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
          host: www.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=0D9E20A401D66FFB0CCC340700366E67
          Response
          HTTP/2.0 200
          cache-control: private,no-store
          pragma: no-cache
          vary: Origin
          p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: B5C0A044004D4168B133FD5F1C02D90A Ref B: DUS30EDGE0418 Ref C: 2024-06-19T21:07:28Z
          content-length: 0
          date: Wed, 19 Jun 2024 21:07:28 GMT
          set-cookie: _EDGE_S=SID=34078DB81A3569613C13991B1BF5684F; path=/; httponly; domain=bing.com
          set-cookie: MUIDB=0D9E20A401D66FFB0CCC340700366E67; path=/; httponly; expires=Mon, 14-Jul-2025 21:07:28 GMT
          alt-svc: h3=":443"; ma=93600
          x-cdn-traceid: 0.5d3d3e17.1718831248.590dcb5
        • flag-us
          DNS
          97.61.62.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          97.61.62.23.in-addr.arpa
          IN PTR
          Response
          97.61.62.23.in-addr.arpa
          IN PTR
          a23-62-61-97deploystaticakamaitechnologiescom
        • flag-us
          DNS
          mojiashi.oicp.net
          Mok.exe
          Remote address:
          8.8.8.8:53
          Request
          mojiashi.oicp.net
          IN A
          Response
        • flag-us
          DNS
          13.86.106.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          13.86.106.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          157.123.68.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          157.123.68.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          15.164.165.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          15.164.165.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          92.12.20.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          92.12.20.2.in-addr.arpa
          IN PTR
          Response
          92.12.20.2.in-addr.arpa
          IN PTR
          a2-20-12-92deploystaticakamaitechnologiescom
        • flag-us
          DNS
          mojiashi.oicp.net
          Mok.exe
          Remote address:
          8.8.8.8:53
          Request
          mojiashi.oicp.net
          IN A
          Response
        • flag-us
          DNS
          0.205.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.205.248.87.in-addr.arpa
          IN PTR
          Response
          0.205.248.87.in-addr.arpa
          IN PTR
          https-87-248-205-0lgwllnwnet
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          mojiashi.oicp.net
          Mok.exe
          Remote address:
          8.8.8.8:53
          Request
          mojiashi.oicp.net
          IN A
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          ax-0001.ax-msedge.net
          ax-0001.ax-msedge.net
          IN A
          150.171.28.10
          ax-0001.ax-msedge.net
          IN A
          150.171.27.10
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 565422
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: D29C6BEF98014456A8C1A572967C5BD5 Ref B: LON04EDGE0610 Ref C: 2024-06-19T21:09:06Z
          date: Wed, 19 Jun 2024 21:09:06 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 634564
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: E95320BAF5CE4084919AF4BC8057127D Ref B: LON04EDGE0610 Ref C: 2024-06-19T21:09:06Z
          date: Wed, 19 Jun 2024 21:09:06 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 637660
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 97426F72831C4C1B8C7067266FFF2CB2 Ref B: LON04EDGE0610 Ref C: 2024-06-19T21:09:06Z
          date: Wed, 19 Jun 2024 21:09:06 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 583094
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: F5DF1400222E48C58782F52B33FEFF6F Ref B: LON04EDGE0610 Ref C: 2024-06-19T21:09:06Z
          date: Wed, 19 Jun 2024 21:09:06 GMT
        • flag-us
          DNS
          88.156.103.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          88.156.103.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          10.28.171.150.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          10.28.171.150.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          mojiashi.oicp.net
          Mok.exe
          Remote address:
          8.8.8.8:53
          Request
          mojiashi.oicp.net
          IN A
          Response
        • 204.79.197.237:443
          https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
          tls, http2
          2.5kB
           9.0kB
           19
          16

          HTTP Request

          GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

          HTTP Response

          204
        • 23.62.61.97:443
          https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
          tls, http2
          1.5kB
           5.4kB
           17
          12

          HTTP Request

          GET https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

          HTTP Response

          200
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.8kB
           15
          12
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.9kB
           15
          13
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.8kB
           15
          12
        • 150.171.28.10:443
          https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          tls, http2
          87.2kB
           2.5MB
           1822
          1819

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200
        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
           151 B
           1
          1

          DNS Request

          g.bing.com

          DNS Response

          204.79.197.237
          13.107.21.237

        • 8.8.8.8:53
          228.249.119.40.in-addr.arpa
          dns
          73 B
           159 B
           1
          1

          DNS Request

          228.249.119.40.in-addr.arpa

        • 8.8.8.8:53
          72.32.126.40.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          72.32.126.40.in-addr.arpa

        • 8.8.8.8:53
          172.214.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.214.232.199.in-addr.arpa

        • 8.8.8.8:53
          97.61.62.23.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          97.61.62.23.in-addr.arpa

        • 8.8.8.8:53
          mojiashi.oicp.net
          dns
          Mok.exe
          63 B
           63 B
           1
          1

          DNS Request

          mojiashi.oicp.net

        • 8.8.8.8:53
          13.86.106.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          13.86.106.20.in-addr.arpa

        • 8.8.8.8:53
          157.123.68.40.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          157.123.68.40.in-addr.arpa

        • 8.8.8.8:53
          15.164.165.52.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          15.164.165.52.in-addr.arpa

        • 8.8.8.8:53
          92.12.20.2.in-addr.arpa
          dns
          69 B
           131 B
           1
          1

          DNS Request

          92.12.20.2.in-addr.arpa

        • 8.8.8.8:53
          mojiashi.oicp.net
          dns
          Mok.exe
          63 B
           63 B
           1
          1

          DNS Request

          mojiashi.oicp.net

        • 8.8.8.8:53
          0.205.248.87.in-addr.arpa
          dns
          71 B
           116 B
           1
          1

          DNS Request

          0.205.248.87.in-addr.arpa

        • 8.8.8.8:53
          55.36.223.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          55.36.223.20.in-addr.arpa

        • 8.8.8.8:53
          mojiashi.oicp.net
          dns
          Mok.exe
          63 B
           63 B
           1
          1

          DNS Request

          mojiashi.oicp.net

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           170 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          150.171.28.10
          150.171.27.10

        • 8.8.8.8:53
          88.156.103.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          88.156.103.20.in-addr.arpa

        • 8.8.8.8:53
          10.28.171.150.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          10.28.171.150.in-addr.arpa

        • 8.8.8.8:53
          mojiashi.oicp.net
          dns
          Mok.exe
          63 B
           63 B
           1
          1

          DNS Request

          mojiashi.oicp.net

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\systme32\Mok.exe
          Filesize

          536KB

          MD5

          007ed768ceb285948ced9dbf3e3aeff3

          SHA1

          44957ce087b4588a9c561ecad088eb692bb6db6f

          SHA256

          95c986ebbfe26f86137e189ca4a9cd318d89038a6714788dfede7550d2cf19ba

          SHA512

          9af05a8b7ecfbcb361541c895ee03c4d9c64b2aad6547a8c2ba9ad9c3f515260bf63005faeef1f6f98978e1df9b5d9bdd92b7e38f873b0749ec25f461e739aef

          Download Submit

        • memory/3132-7-0x0000000002340000-0x0000000002341000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-4-0x00000000023C0000-0x00000000023C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-12-0x00000000028E0000-0x00000000028E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-11-0x00000000028E0000-0x0000000002982000-memory.dmp

          Filesize

          648KB

          Download

        • memory/3132-10-0x00000000028E0000-0x0000000002982000-memory.dmp

          Filesize

          648KB

          Download

        • memory/3132-9-0x0000000002380000-0x0000000002381000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-8-0x00000000028E0000-0x0000000002982000-memory.dmp

          Filesize

          648KB

          Download

        • memory/3132-28-0x0000000000400000-0x0000000000506011-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/3132-13-0x00000000028E0000-0x00000000028E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-3-0x0000000002390000-0x0000000002391000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-5-0x0000000002370000-0x0000000002371000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-2-0x00000000023D0000-0x00000000023D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-1-0x00000000023B0000-0x00000000023B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-16-0x0000000002790000-0x0000000002791000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3132-6-0x00000000028E0000-0x0000000002982000-memory.dmp

          Filesize

          648KB

          Download

        • memory/3132-0-0x00000000008D0000-0x000000000091B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3132-29-0x00000000008D0000-0x000000000091B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3588-19-0x00000000009D0000-0x0000000000A1B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3588-20-0x00000000015D0000-0x00000000015D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-23-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-27-0x00000000012F0000-0x00000000012F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-26-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-25-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-24-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-21-0x00000000015D0000-0x00000000015D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-22-0x00000000015D0000-0x00000000015D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-30-0x0000000000400000-0x0000000000506011-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/3588-31-0x00000000009D0000-0x0000000000A1B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3588-32-0x00000000015D0000-0x00000000015D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-33-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-35-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-36-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-37-0x00000000015D0000-0x00000000016D0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3588-38-0x00000000012F0000-0x00000000012F1000-memory.dmp

          Filesize

          4KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.