Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

3e47fa43d6...18.exe

windows7-x64

3

3e47fa43d6...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 17:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e47fa43d6a3bbe88976779b8ae522a2_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    3e47fa43d6a3bbe88976779b8ae522a2

  • SHA1

    7a7a015087546e3298499a7d945c0a5a3791e4bd

  • SHA256

    85abf69154d4b77e18b151b6b47f732066d58ab5c05226cfb395869f1fa30135

  • SHA512

    4498748c5bcb61ff683a96eac6446e5bfa3c36f273202f9a243ea5990849856bdd599373faa0407862ea1007c71f070c0fed10be969742d1d314525b5018372e

  • SSDEEP

    384:/MvLoRjjmIqLE9A7XYjCFbgabgkMEWWRoJV8ljBVw68jIO8N:UvLoj1qLE9SYjCFbrpW4oOD8k

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e47fa43d6a3bbe88976779b8ae522a2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e47fa43d6a3bbe88976779b8ae522a2_JaffaCakes118.exe"
    1⤵
      PID:1736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 264
        2⤵
        • Program crash
        PID:2020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1736 -ip 1736
      1⤵
        PID:4824

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0C7FB74CE0E3629E3664A3F6E15863AF; domain=.bing.com; expires=Wed, 06-Aug-2025 17:44:32 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 4DB18FC737974124B9733D21B0C53A34 Ref B: LON04EDGE0816 Ref C: 2024-07-12T17:44:32Z
        date: Fri, 12 Jul 2024 17:44:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0C7FB74CE0E3629E3664A3F6E15863AF
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=v_zysWNNzmy239zoCzxGclTNpEgQHdvQ5XRYobhUyQM; domain=.bing.com; expires=Wed, 06-Aug-2025 17:44:32 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: FA5FAD0FA9ED4A6692F9E37818E5A1FB Ref B: LON04EDGE0816 Ref C: 2024-07-12T17:44:32Z
        date: Fri, 12 Jul 2024 17:44:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0C7FB74CE0E3629E3664A3F6E15863AF; MSPTC=v_zysWNNzmy239zoCzxGclTNpEgQHdvQ5XRYobhUyQM
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 908F7BE3A9554BA28D35BCB0238D3AFC Ref B: LON04EDGE0816 Ref C: 2024-07-12T17:44:32Z
        date: Fri, 12 Jul 2024 17:44:31 GMT
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        233.143.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        233.143.123.92.in-addr.arpa
        IN PTR
        Response
        233.143.123.92.in-addr.arpa
        IN PTR
        a92-123-143-233deploystaticakamaitechnologiescom
      • flag-us
        DNS
        183.59.114.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.59.114.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        92.12.20.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        92.12.20.2.in-addr.arpa
        IN PTR
        Response
        92.12.20.2.in-addr.arpa
        IN PTR
        a2-20-12-92deploystaticakamaitechnologiescom
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        tls, http2
        2.0kB
         9.3kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        233.143.123.92.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        233.143.123.92.in-addr.arpa

      • 8.8.8.8:53
        183.59.114.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        183.59.114.20.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        92.12.20.2.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        92.12.20.2.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1736-0-0x00000000004E0000-0x00000000004E3000-memory.dmp

        Filesize

        12KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.