Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1b3f5131cc...18.exe

windows7-x64

7

1b3f5131cc...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 12:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b3f5131cceced2ce70153d6018c2b48_JaffaCakes118.exe

  • Size

    107KB

  • MD5

    1b3f5131cceced2ce70153d6018c2b48

  • SHA1

    d813a0b13acbbc9d028f3327457d028ecbb3e44d

  • SHA256

    83d811aadbc1b6165114c5c8bf80cabee34a65153e96808aeccbd99052e57228

  • SHA512

    1d1de2c7bd6f5d01ee0adc0e4178ca406b93ffa58129f7438c828695a8fbe9b27107360eeb0ce0d22aed8f26fca3a0b5a8dff519dbe999f2ee7b24b4ccd1016b

  • SSDEEP

    3072:cRa9+ierPKXOQA4Ah5OVA7CUFyTa5y4Vt:cRgNeuXEVh5OG7CAyG5F

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b3f5131cceced2ce70153d6018c2b48_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b3f5131cceced2ce70153d6018c2b48_JaffaCakes118.exe"
    1⤵
      PID:3912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 224
        2⤵
        • Program crash
        PID:4912
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3912 -ip 3912
      1⤵
        PID:2260
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2312,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8
        1⤵
          PID:4756

        Network

        • flag-us
          DNS
          209.205.72.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          209.205.72.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          82.90.14.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          82.90.14.23.in-addr.arpa
          IN PTR
          Response
          82.90.14.23.in-addr.arpa
          IN PTR
          a23-14-90-82deploystaticakamaitechnologiescom
        • flag-us
          DNS
          69.31.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          69.31.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          104.219.191.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          104.219.191.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          56.126.166.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          56.126.166.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          107.12.20.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          107.12.20.2.in-addr.arpa
          IN PTR
          Response
          107.12.20.2.in-addr.arpa
          IN PTR
          a2-20-12-107deploystaticakamaitechnologiescom
        • flag-us
          DNS
          13.227.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          13.227.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          0.204.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.204.248.87.in-addr.arpa
          IN PTR
          Response
          0.204.248.87.in-addr.arpa
          IN PTR
          https-87-248-204-0lhrllnwnet
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          ax-0001.ax-msedge.net
          ax-0001.ax-msedge.net
          IN A
          150.171.28.10
          ax-0001.ax-msedge.net
          IN A
          150.171.27.10
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 664170
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 1C0441CB241C4785A445E85CC111C01A Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:29Z
          date: Mon, 01 Jul 2024 12:12:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692308_1QYA5IZ7RRGGSDH4Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239351692308_1QYA5IZ7RRGGSDH4Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 612524
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: E05341E218954AA3B1CA48D14499980D Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:29Z
          date: Mon, 01 Jul 2024 12:12:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 276211
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 89CC7E93DE5A4C9FB052F84774B76638 Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:29Z
          date: Mon, 01 Jul 2024 12:12:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 770657
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 3C6A28AE8AF0493F8FB7F4E1D41FA7B3 Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:29Z
          date: Mon, 01 Jul 2024 12:12:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 835660
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 11C7B896CF6F40628625C6C8CE14CEC9 Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:29Z
          date: Mon, 01 Jul 2024 12:12:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692309_12E985FV6AZCRM3HV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239351692309_12E985FV6AZCRM3HV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 383394
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: BEFD3EC084D34F5589835EECC0E3BD87 Ref B: LON04EDGE1205 Ref C: 2024-07-01T12:12:30Z
          date: Mon, 01 Jul 2024 12:12:29 GMT
        • flag-us
          DNS
          10.28.171.150.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          10.28.171.150.in-addr.arpa
          IN PTR
          Response
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.9kB
           15
          13
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.9kB
           15
          13
        • 150.171.28.10:443
          https://tse1.mm.bing.net/th?id=OADD2.10239351692309_12E985FV6AZCRM3HV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          tls, http2
          129.1kB
           3.7MB
           2654
          2649

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692308_1QYA5IZ7RRGGSDH4Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692309_12E985FV6AZCRM3HV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.9kB
           15
          13
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           6.9kB
           15
          13
        • 8.8.8.8:53
          209.205.72.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          209.205.72.20.in-addr.arpa

        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
           90 B
           1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          82.90.14.23.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          82.90.14.23.in-addr.arpa

        • 8.8.8.8:53
          69.31.126.40.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          69.31.126.40.in-addr.arpa

        • 8.8.8.8:53
          55.36.223.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          55.36.223.20.in-addr.arpa

        • 8.8.8.8:53
          104.219.191.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          104.219.191.52.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          183.59.114.20.in-addr.arpa

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          56.126.166.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          56.126.166.20.in-addr.arpa

        • 8.8.8.8:53
          107.12.20.2.in-addr.arpa
          dns
          70 B
           133 B
           1
          1

          DNS Request

          107.12.20.2.in-addr.arpa

        • 8.8.8.8:53
          13.227.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          13.227.111.52.in-addr.arpa

        • 8.8.8.8:53
          0.204.248.87.in-addr.arpa
          dns
          71 B
           116 B
           1
          1

          DNS Request

          0.204.248.87.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           170 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          150.171.28.10
          150.171.27.10

        • 8.8.8.8:53
          10.28.171.150.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          10.28.171.150.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3912-0-0x0000000000400000-0x000000000044D000-memory.dmp

          Filesize

          308KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.