Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

059c1363ba...18.exe

windows7-x64

7

059c1363ba...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 11:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe

  • Size

    208KB

  • MD5

    059c1363bac26e65520c47da47d21b16

  • SHA1

    34ceaad5ee9178fa58c10f2031638b4ab70d2650

  • SHA256

    a8430771ca865a3aef81e0b6547f56f7970dac4169aaa0fbc34c4ae7c74f1931

  • SHA512

    66e34219203417db428a44d43a547172ac28a0649cb736b5fb95a837fe6299a799dcea2bb12701631dab24b81cbd891f57cd6d204d76df19ce7149f17fac2eb0

  • SSDEEP

    6144:w85qIz6+naOZcx6w+TDsRAV0PHK547HRSV:VqIz6XOklNRAV0Pqa9S

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:832

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2E0203E3F6CD6E9E2D411747F7EA6F92; domain=.bing.com; expires=Tue, 15-Jul-2025 11:33:18 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7B6AE6DDBF904F21871E1AD75A6C06EB Ref B: LON04EDGE0607 Ref C: 2024-06-20T11:33:18Z
    date: Thu, 20 Jun 2024 11:33:17 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2E0203E3F6CD6E9E2D411747F7EA6F92; _EDGE_S=SID=19B319FB9A0264A90C830D5F9B046527
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=dzDswHpoicxrDg11AorI29cYY87QljnGyPWfKBYLh-I; domain=.bing.com; expires=Tue, 15-Jul-2025 11:33:18 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 73D8488C87A442E4A625DDE0C5C02D33 Ref B: LON04EDGE0607 Ref C: 2024-06-20T11:33:18Z
    date: Thu, 20 Jun 2024 11:33:17 GMT
  • flag-us
    DNS
    promos.fling.com
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    promos.fling.com
    IN A
    Response
    promos.fling.com
    IN A
    64.210.151.32
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    Remote address:
    23.62.61.72:443
    Request
    GET /aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2E0203E3F6CD6E9E2D411747F7EA6F92
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FB1892037C7749979AC67BA871A75F72 Ref B: LON212050703017 Ref C: 2024-06-20T11:33:18Z
    content-length: 0
    date: Thu, 20 Jun 2024 11:33:18 GMT
    set-cookie: _EDGE_S=SID=19B319FB9A0264A90C830D5F9B046527; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=2E0203E3F6CD6E9E2D411747F7EA6F92; path=/; httponly; expires=Tue, 15-Jul-2025 11:33:18 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.443d3e17.1718883198.a2c1401
  • flag-us
    GET
    http://promos.fling.com/geo/txt/city.php
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    Remote address:
    64.210.151.32:80
    Request
    GET /geo/txt/city.php HTTP/1.0
    Host: promos.fling.com
    Connection: close
    Response
    HTTP/1.1 302 Found
    content-length: 0
    location: https://promos.fling.com/geo/txt/city.php
    cache-control: no-cache
    connection: close
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    4.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    32.151.210.64.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.151.210.64.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.61.62.23.in-addr.arpa
    IN PTR
    Response
    72.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-72deploystaticakamaitechnologiescom
  • flag-us
    DNS
    64.250.242.94.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.250.242.94.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    92.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    92.12.20.2.in-addr.arpa
    IN PTR
    Response
    92.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-92deploystaticakamaitechnologiescom
  • flag-us
    DNS
    74.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.90.14.23.in-addr.arpa
    IN PTR
    Response
    74.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-74deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 770657
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6D5054E3A4654C23BFACE5B169F60205 Ref B: LON04EDGE0709 Ref C: 2024-06-20T11:34:55Z
    date: Thu, 20 Jun 2024 11:34:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 835660
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AE5CB6E17649467B9C625C31148C96D7 Ref B: LON04EDGE0709 Ref C: 2024-06-20T11:34:55Z
    date: Thu, 20 Jun 2024 11:34:54 GMT
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    tls, http2
    2.5kB
     9.0kB
     19
    16

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204
  • 23.62.61.72:443
    https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    tls, http2
    1.5kB
     5.5kB
     17
    15

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

    HTTP Response

    200
  • 64.210.151.32:80
    http://promos.fling.com/geo/txt/city.php
    http
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    307 B
     310 B
     5
    4

    HTTP Request

    GET http://promos.fling.com/geo/txt/city.php

    HTTP Response

    302
  • 178.32.190.142:80
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    104 B
     2
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.8kB
     15
    12
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    57.2kB
     1.7MB
     1216
    1214

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    promos.fling.com
    dns
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    62 B
     78 B
     1
    1

    DNS Request

    promos.fling.com

    DNS Response

    64.210.151.32

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    4.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 94.242.250.64:53
    dns
    059c1363bac26e65520c47da47d21b16_JaffaCakes118.exe
    48 B
     1
  • 8.8.8.8:53
    32.151.210.64.in-addr.arpa
    dns
    72 B
     141 B
     1
    1

    DNS Request

    32.151.210.64.in-addr.arpa

  • 8.8.8.8:53
    72.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    72.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    64.250.242.94.in-addr.arpa
    dns
    72 B
     132 B
     1
    1

    DNS Request

    64.250.242.94.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    92.12.20.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    92.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    74.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    74.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/832-1-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/832-0-0x0000000000426000-0x000000000042A000-memory.dmp

    Filesize

    16KB

    Download

  • memory/832-2-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/832-3-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/832-4-0x0000000000426000-0x000000000042A000-memory.dmp

    Filesize

    16KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.