Overview

overview

3

Static

static

3

302eb1b883...18.exe

windows7-x64

3

302eb1b883...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 11:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    302eb1b88383515c180a15ee01b42288_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    302eb1b88383515c180a15ee01b42288

  • SHA1

    ee1e885a8da557e55a55bf3c06d9e10c8f8f0a97

  • SHA256

    926e81ed5dab2238931f8a0ab8a2ad2c06ce56c5fb6d92eee78e0068e9942780

  • SHA512

    edafab68103704ca27ee99185bda9a770c5f84b1884b6472d17959b06166ddf79086d5141a5273f4a9156ff11edc18fbf87f5e3972c7718b879557d090961efd

  • SSDEEP

    1536:rH9BLIl2CfCgF9G0KKe4yyMht1yEuzOYt8rPHs:RBLIlZFlKKekMP1ylF+rvs

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\302eb1b88383515c180a15ee01b42288_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\302eb1b88383515c180a15ee01b42288_JaffaCakes118.exe"
    1⤵
      PID:1900
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 224
        2⤵
        • Program crash
        PID:5068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1900 -ip 1900
      1⤵
        PID:1176

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=00393ECB04AF6C4C29462A7C05056D80; domain=.bing.com; expires=Sun, 03-Aug-2025 13:26:49 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E8AE27165B674C769E59F3F519DF4ACB Ref B: DUS30EDGE0807 Ref C: 2024-07-09T13:26:49Z
        date: Tue, 09 Jul 2024 13:26:49 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=00393ECB04AF6C4C29462A7C05056D80
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=s0Q9SMLmAo6zdPVXHkAiaBJynMgkEuvBS6xtVczJaMs; domain=.bing.com; expires=Sun, 03-Aug-2025 13:26:49 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: CCE3DA0FF2A2474C8829A0EE6761AE39 Ref B: DUS30EDGE0807 Ref C: 2024-07-09T13:26:49Z
        date: Tue, 09 Jul 2024 13:26:49 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=00393ECB04AF6C4C29462A7C05056D80; MSPTC=s0Q9SMLmAo6zdPVXHkAiaBJynMgkEuvBS6xtVczJaMs
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 824353688D4441C9B81295B44E0A36F0 Ref B: DUS30EDGE0807 Ref C: 2024-07-09T13:26:49Z
        date: Tue, 09 Jul 2024 13:26:49 GMT
      • flag-us
        DNS
        138.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.210.23.2.in-addr.arpa
        IN PTR
        Response
        88.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-88deploystaticakamaitechnologiescom
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        147.142.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        147.142.123.92.in-addr.arpa
        IN PTR
        Response
        147.142.123.92.in-addr.arpa
        IN PTR
        a92-123-142-147deploystaticakamaitechnologiescom
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=
        tls, http2
        2.0kB
         9.3kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b0a5deb7e9f400f9ade0a857d9b738e&localId=w:47FD159F-0ED5-C0FD-B22C-182F37EEDDEB&deviceId=6896204026049569&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        138.32.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        138.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        88.210.23.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        88.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        147.142.123.92.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        147.142.123.92.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1900-0-0x0000000000400000-0x0000000000431200-memory.dmp

        Filesize

        196KB

        Download

      • memory/1900-1-0x0000000000400000-0x0000000000431200-memory.dmp

        Filesize

        196KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.