Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2c41dc0ebf...18.exe

windows7-x64

1

2c41dc0ebf...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 11:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    2c41dc0ebf68625cde06bb35ad89f07e

  • SHA1

    f0ed13b019600f1821cb71d54239e7e51beee409

  • SHA256

    74ac509164a06eee1af4ec4af08c8b8db0b0f99de79a782d46e842347b4ea196

  • SHA512

    c559d1801bc77ddd07af85c0f8aae7f133045090dcc46dfaaeafca4e1dd35ff02880dee75a8f416accfecb5be18de3b9a43e07256961caf0bbec757f8b1af1a2

  • SSDEEP

    768:hoNI1mYXVDlV05pTSkelXIqWoBP1t2a6aEAE9puSjgHZh:hoNIP0PyIqfBP10sZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1404

Network

  • flag-us
    DNS
    winupdateserver1.s3h.net
    2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    winupdateserver1.s3h.net
    IN A
    Response
    winupdateserver1.s3h.net
    IN A
    3.64.163.50
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1; domain=.bing.com; expires=Sat, 02-Aug-2025 19:16:41 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 12D59A1DBA0F4A219D5FEA2FC37B7099 Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
    date: Mon, 08 Jul 2024 19:16:40 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=_Haw2YjlYXsPhgN269cLNPfnxO1Xm76eNRH5N_gMkUE; domain=.bing.com; expires=Sat, 02-Aug-2025 19:16:41 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 98AFAF748D21475A97631B279098EEDF Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
    date: Mon, 08 Jul 2024 19:16:40 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2A47B6D2B97C652428AEA264B85B64B1; MSPTC=_Haw2YjlYXsPhgN269cLNPfnxO1Xm76eNRH5N_gMkUE
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5983200498AB4405A18CE360B6FD6447 Ref B: LON04EDGE0719 Ref C: 2024-07-08T19:16:41Z
    date: Mon, 08 Jul 2024 19:16:40 GMT
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 3.64.163.50:30980
    winupdateserver1.s3h.net
    2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
    260 B
     5
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd854ec77a454695bd05155c00c061ef&localId=w:C528ED12-69FD-151F-84F2-86263CD9B732&deviceId=6755471616824249&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    winupdateserver1.s3h.net
    dns
    2c41dc0ebf68625cde06bb35ad89f07e_JaffaCakes118.exe
    70 B
     86 B
     1
    1

    DNS Request

    winupdateserver1.s3h.net

    DNS Response

    3.64.163.50

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.