Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

256d778da0...18.exe

windows7-x64

7

256d778da0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 09:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe

  • Size

    2.7MB

  • MD5

    256d778da00849eeaea46beeeec5f3e1

  • SHA1

    49facd664bde8bdf8a4dbbb1a8dc54254b00d188

  • SHA256

    a9be1032ab5ed90ccde91f2ee7da646a94b45b8f1e70d18db9ac1b3e285bcb55

  • SHA512

    db3eb44340d9ab4fb9f46197922b8803781ad5339095f5b29138ab8a690de22103ed1070eef8405546c5cee7b57e3c1e700d8e404e080a4399172800e8da831c

  • SSDEEP

    49152:Mp5ekf6GPvm6j7a2G51i7kLU8YffUHlliBPpbrnANxcLR9+33HtrCFaIwrym2gMr:uimv9j7a2KGPqiPdnA7KH+BCFaIwD2gi

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4652

Network

  • flag-us
    DNS
    zipansion.com
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    zipansion.com
    IN A
    Response
    zipansion.com
    IN A
    172.67.144.180
    zipansion.com
    IN A
    104.21.73.114
  • flag-us
    GET
    http://zipansion.com/2pRLi
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    172.67.144.180:80
    Request
    GET /2pRLi HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Host: zipansion.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Thu, 04 Jul 2024 09:21:09 GMT
    Content-Type: text/html
    Content-Length: 143
    Connection: keep-alive
    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Location: https://publisher.linkvertise.com/adfly-hard-migrator/url?url=http://zipansion.com/2pRLi
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDWVWDUKOAAPkdtnQIzylCGsTm%2BjkRcCH0SV1%2FWNkMLfd1jF34NgICo41BwXEp8NVx3mAq1q0kVW%2FdY52cNnBgVOJZnANYqRY%2Bs0sPN0bXfTjMG6jiQvMLI%2BAgvBgv2t"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 89de0b2208bd9493-LHR
    alt-svc: h2=":443"; ma=60
  • flag-us
    DNS
    publisher.linkvertise.com
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    publisher.linkvertise.com
    IN A
    Response
    publisher.linkvertise.com
    IN A
    104.22.23.72
    publisher.linkvertise.com
    IN A
    172.67.31.186
    publisher.linkvertise.com
    IN A
    104.22.22.72
  • flag-us
    GET
    https://publisher.linkvertise.com/adfly-hard-migrator/url?url=http://zipansion.com/2pRLi
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    104.22.23.72:443
    Request
    GET /adfly-hard-migrator/url?url=http://zipansion.com/2pRLi HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Cache-Control: no-cache
    Host: publisher.linkvertise.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Date: Thu, 04 Jul 2024 09:21:10 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    location: https://linkvertise.com/adfly-notice
    Cache-Control: no-cache, private
    vary: Origin
    set-cookie: laravel_session=NcAdg4nfdTg3va1apFNlaM8tQOFYZlczC99seWSI; expires=Fri, 04 Jul 2025 09:21:10 GMT; Max-Age=31536000; path=/; domain=.linkvertise.com; httponly
    CF-Cache-Status: DYNAMIC
    X-Frame-Options: sameorigin
    Server: cloudflare
    CF-RAY: 89de0b279c4b53a0-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.144.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.144.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.23.22.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.23.22.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    linkvertise.com
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    linkvertise.com
    IN A
    Response
    linkvertise.com
    IN A
    104.22.22.72
    linkvertise.com
    IN A
    172.67.31.186
    linkvertise.com
    IN A
    104.22.23.72
  • flag-us
    GET
    https://linkvertise.com/adfly-notice
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Remote address:
    104.22.22.72:443
    Request
    GET /adfly-notice HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    Cache-Control: no-cache
    Connection: Keep-Alive
    Host: linkvertise.com
    Cookie: laravel_session=NcAdg4nfdTg3va1apFNlaM8tQOFYZlczC99seWSI
    Response
    HTTP/1.1 200 OK
    Date: Thu, 04 Jul 2024 09:21:10 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=0, must-revalidate
    Link: <//cdn.exmarketplace.com>; rel="preconnect", <//securepubads.g.doubleclick.net>; rel="preconnect"
    referrer-policy: strict-origin-when-cross-origin
    x-content-type-options: nosniff
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXTt0Z%2FnPzQytSXgyfhHcnSUKYr7YFJHz7LEgnGKkuQocujl15%2BgL8B30OkUmeIVyS1VT6Vmb1SsQG9QAG%2F17OcqS1SiaKK9x%2B8dgqfVqqdMQJhqUp3SuX%2F8nVvOL00iaNg%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    CF-Cache-Status: DYNAMIC
    X-Frame-Options: sameorigin
    Server: cloudflare
    CF-RAY: 89de0b2aefd09431-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    99.201.58.216.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.201.58.216.in-addr.arpa
    IN PTR
    Response
    99.201.58.216.in-addr.arpa
    IN PTR
    prg03s02-in-f991e100net
    99.201.58.216.in-addr.arpa
    IN PTR
    prg03s02-in-f3�H
    99.201.58.216.in-addr.arpa
    IN PTR
    lhr48s48-in-f3�H
  • flag-us
    DNS
    72.22.22.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.22.22.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.245.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.245.100.95.in-addr.arpa
    IN PTR
    Response
    168.245.100.95.in-addr.arpa
    IN PTR
    a95-100-245-168deploystaticakamaitechnologiescom
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    36.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    36.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 491307
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6FB75C72D9C145B59FA24417F7B155BE Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 467026
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8F33893D242244DD92ADB9CD466A502F Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 417813
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 97F6820793F84BC2A077C81AF0839139 Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 767131
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 890B224A9BC84460A1A933F1CE9A46EB Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 539839
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CCF309FEC9E64E79B8F908174C974AC4 Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 729137
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3F87CFF86B3743948C7B8E15F303FA13 Ref B: LON04EDGE1115 Ref C: 2024-07-04T09:22:48Z
    date: Thu, 04 Jul 2024 09:22:48 GMT
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • 172.67.144.180:80
    http://zipansion.com/2pRLi
    http
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    437 B
     1.1kB
     6
    4

    HTTP Request

    GET http://zipansion.com/2pRLi

    HTTP Response

    302
  • 104.22.23.72:443
    https://publisher.linkvertise.com/adfly-hard-migrator/url?url=http://zipansion.com/2pRLi
    tls, http
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    1.2kB
     6.8kB
     14
    11

    HTTP Request

    GET https://publisher.linkvertise.com/adfly-hard-migrator/url?url=http://zipansion.com/2pRLi

    HTTP Response

    302
  • 104.22.22.72:443
    https://linkvertise.com/adfly-notice
    tls, http
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    2.9kB
     54.1kB
     50
    47

    HTTP Request

    GET https://linkvertise.com/adfly-notice

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    120.4kB
     3.5MB
     2560
    2554

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    zipansion.com
    dns
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    59 B
     91 B
     1
    1

    DNS Request

    zipansion.com

    DNS Response

    172.67.144.180
    104.21.73.114

  • 8.8.8.8:53
    publisher.linkvertise.com
    dns
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    71 B
     119 B
     1
    1

    DNS Request

    publisher.linkvertise.com

    DNS Response

    104.22.23.72
    172.67.31.186
    104.22.22.72

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    180.144.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    180.144.67.172.in-addr.arpa

  • 8.8.8.8:53
    72.23.22.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    72.23.22.104.in-addr.arpa

  • 8.8.8.8:53
    linkvertise.com
    dns
    256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    61 B
     109 B
     1
    1

    DNS Request

    linkvertise.com

    DNS Response

    104.22.22.72
    172.67.31.186
    104.22.23.72

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    99.201.58.216.in-addr.arpa
    dns
    72 B
     169 B
     1
    1

    DNS Request

    99.201.58.216.in-addr.arpa

  • 8.8.8.8:53
    72.22.22.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    72.22.22.104.in-addr.arpa

  • 8.8.8.8:53
    168.245.100.95.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    168.245.100.95.in-addr.arpa

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    36.56.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    36.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\256d778da00849eeaea46beeeec5f3e1_JaffaCakes118.exe
    Filesize

    2.7MB

    MD5

    705637b96d202fa9e5d4b361416a15ca

    SHA1

    2f324f0b16525ff80bdf46177ceef81dfc633cd2

    SHA256

    f57d6811816d4373def41b8346a5645bb0b456afddba6625b63e5a7e91e99fb5

    SHA512

    ef66d9bc64c7081d67257d00b4f7b90c6b5ca9aa3071bdf36e1aed13402a6072437c5349aa04f360f7932d982c13b4b2c1b085430648389a253162b17944d0b6

    Download Submit

  • memory/560-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/560-6-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/560-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/560-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4652-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4652-15-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4652-20-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4652-26-0x00000000046D0000-0x00000000048F2000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4652-12-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4652-39-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.