Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
08/07/2024, 11:58 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
-
Size
44KB
-
MD5
2c41dc0ebf68625cde06bb35ad89f07e
-
SHA1
f0ed13b019600f1821cb71d54239e7e51beee409
-
SHA256
74ac509164a06eee1af4ec4af08c8b8db0b0f99de79a782d46e842347b4ea196
-
SHA512
c559d1801bc77ddd07af85c0f8aae7f133045090dcc46dfaaeafca4e1dd35ff02880dee75a8f416accfecb5be18de3b9a43e07256961caf0bbec757f8b1af1a2
-
SSDEEP
768:hoNI1mYXVDlV05pTSkelXIqWoBP1t2a6aEAE9puSjgHZh:hoNIP0PyIqfBP10sZ
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1404 2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe 1404 2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwinupdateserver1.s3h.netIN AResponsewinupdateserver1.s3h.netIN A3.64.163.50
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1; domain=.bing.com; expires=Sat, 02-Aug-2025 19:16:41 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 12D59A1DBA0F4A219D5FEA2FC37B7099 Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
date: Mon, 08 Jul 2024 19:16:40 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=_Haw2YjlYXsPhgN269cLNPfnxO1Xm76eNRH5N_gMkUE; domain=.bing.com; expires=Sat, 02-Aug-2025 19:16:41 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 98AFAF748D21475A97631B279098EEDF Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
date: Mon, 08 Jul 2024 19:16:40 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1; MSPTC=_Haw2YjlYXsPhgN269cLNPfnxO1Xm76eNRH5N_gMkUE
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5983200498AB4405A18CE360B6FD6447 Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
date: Mon, 08 Jul 2024 19:16:40 GMT
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request29.243.111.52.in-addr.arpaIN PTRResponse
-
260 B 5
-
13.107.21.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=tls, http22.0kB 9.3kB 21 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=HTTP Response
204
-
70 B 86 B 1 1
DNS Request
winupdateserver1.s3h.net
DNS Response
3.64.163.50
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
237.21.107.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
75.159.190.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
29.243.111.52.in-addr.arpa