xmrig | 99203d478405cdc1e5fea5a9983badd57450bd77fd6ab2c379224beb708cafbe

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 21:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe
Size

784KB
MD5

0f8f8fbb6f7d84a4b2cf8c0b73c5b088
SHA1

784d8ffc786250ee1009f15f240c2ca7469df36d
SHA256

99203d478405cdc1e5fea5a9983badd57450bd77fd6ab2c379224beb708cafbe
SHA512

509517dd68e2d2778f4ad553122754c1c6cd26b9f7a6a4476dbded8c4c55da3cba56f728e2f6b583bc0a30b44b1e09150e02c6c07c4fb855672bef2f3817b7a2
SSDEEP

12288:CnPHtnN4QR+FTJ440cj7JpEjlDhvTiR9Qktmm7ooMmuPMGXp4i3lwGEqNx/:OPtnN4QR86PovEjlDxT2GWZmjZoGLT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4440-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4440-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4100-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4100-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4100-29-0x00000000053A0000-0x0000000005533000-memory.dmp	xmrig
behavioral2/memory/4100-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4100	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4100	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4440-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000900000002345f-11.dat	upx
behavioral2/memory/4100-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4440	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4440	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe
4100	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4100	4440	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe	89
PID 4440 wrote to memory of 4100	4440	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe	89
PID 4440 wrote to memory of 4100	4440	0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe	89

C:\Users\Admin\AppData\Local\Temp\0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4100

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

80.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.90.14.23.in-addr.arpa

IN PTR

Response

80.90.14.23.in-addr.arpa

IN PTR

a23-14-90-80deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0D77D7BB0DA163162F93C3120C86623F; domain=.bing.com; expires=Sun, 20-Jul-2025 21:18:16 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FEAF7CA151A249BDAC9ABA47164D7D86 Ref B: LON04EDGE0709 Ref C: 2024-06-25T21:18:16Z
date: Tue, 25 Jun 2024 21:18:15 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D77D7BB0DA163162F93C3120C86623F; _EDGE_S=SID=25DB9861F9A66EED276A8CC8F8A06F86

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=tHzimgjCUlSE--3lW5RNjqyXA1st5YFN2jp8EPcbz60; domain=.bing.com; expires=Sun, 20-Jul-2025 21:18:16 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2C1DC51313D248ADA870ECB376DEE0F6 Ref B: LON04EDGE0709 Ref C: 2024-06-25T21:18:16Z
date: Tue, 25 Jun 2024 21:18:16 GMT
GET

https://www.bing.com/aes/c.gif?RG=cd363933291c40b3bae7887d599583da&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225258Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=cd363933291c40b3bae7887d599583da&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225258Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D77D7BB0DA163162F93C3120C86623F

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7BDB46F8F5CE47ED8C101905B07BFEAD Ref B: LON212050702011 Ref C: 2024-06-25T21:18:16Z
content-length: 0
date: Tue, 25 Jun 2024 21:18:16 GMT
set-cookie: _EDGE_S=SID=25DB9861F9A66EED276A8CC8F8A06F86; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0D77D7BB0DA163162F93C3120C86623F; path=/; httponly; expires=Sun, 20-Jul-2025 21:18:16 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1719350296.11490894
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

31.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.121.18.2.in-addr.arpa

IN PTR

Response

31.121.18.2.in-addr.arpa

IN PTR

a2-18-121-31deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 565422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34E45F909A954A1C94D7732BB8DA99C5 Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:54Z
date: Tue, 25 Jun 2024 21:19:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 835660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 156054FC7879416B83C64F3CE8909E50 Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:54Z
date: Tue, 25 Jun 2024 21:19:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664170
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 64AE5106151648E8B1857971347F4EBB Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:54Z
date: Tue, 25 Jun 2024 21:19:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 583094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B4AF53FA39894EC2A20D00D435D36532 Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:54Z
date: Tue, 25 Jun 2024 21:19:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 770657
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 44F5E2F2FF9140B7A51C148CBC3F0B95 Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:54Z
date: Tue, 25 Jun 2024 21:19:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 612524
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 504821B7300D45BFA17AAADD3D720DC3 Ref B: LON04EDGE1018 Ref C: 2024-06-25T21:19:55Z
date: Tue, 25 Jun 2024 21:19:54 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

8.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.173.189.20.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

tls, http2

2.4kB
9.1kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8EqXckuuBy9lKQx8Ap1E2jDVUCUwa8kSNSklST7usuIwKHhdqxQyVRcSnQv-jEgWxaNqIYtIv6MY8M9eu9Yx3D5jmyXHmwJFcmtgpD8Wk-BDAGMoNGmXcMmRCPWrLCqaqZZVtJKfITxJEJtYT5ZTJV0zMKVGcluPwpstx3gUz3lRG_Ah6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3De3565378033d1f7775053510d767359e&TIME=20240611T225258Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=cd363933291c40b3bae7887d599583da&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225258Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

tls, http2

1.4kB
5.4kB
16
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=cd363933291c40b3bae7887d599583da&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225258Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.8kB
15
11
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

172.3kB
4.2MB
3013
3008

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

80.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

80.90.14.23.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

31.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

31.121.18.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa
8.8.8.8:53

8.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

8.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0f8f8fbb6f7d84a4b2cf8c0b73c5b088_JaffaCakes118.exe

Filesize
784KB

MD5
5f9e92b22c7c89d76c013aca66683b41

SHA1
46961ad755811859fb7b3e258658e3846a1e4f75

SHA256
a0a01496e1d0f472a761ec3acf519f40a8e127abc3b58839dab22d46b4b56f0b

SHA512
f073846d987d79beb15aeb3cc2d5f435287acdd3981c83246e077145ddc3e77f0f92837c3cc97db2a9f18db1ea4270cf9e9fbbc9ab3d08e2aee77af942b9d170

Download Submit
memory/4100-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4100-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4100-19-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4100-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4100-29-0x00000000053A0000-0x0000000005533000-memory.dmp

Filesize
1.6MB

Download
memory/4100-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4440-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4440-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4440-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4440-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.