Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

3fad733f79...18.exe

windows7-x64

5

3fad733f79...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 01:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fad733f792ebb5cf90cb4a7cbe301ac_JaffaCakes118.exe

  • Size

    79KB

  • MD5

    3fad733f792ebb5cf90cb4a7cbe301ac

  • SHA1

    4c1a314b6b425928792c9039baa8afaba3f8c5ac

  • SHA256

    3b6dff1e6739c64ab7407ecb050708671b09e0d2f7ea3efe091f48a818effa50

  • SHA512

    d8e0d78a7f0e645f9d1e5bf1543e36840cda02bba32d379a5755dfdce7aa5e8d8bdc4d9f767780332e29a8039f77090536fd602545bfb4db95c6356c2aadedb3

  • SSDEEP

    1536:Y85tC2bdXJ0qO/cRApm1kTYXEb8uyPG29zHW7u+y1s:va2bZJ05/+ApLs0bOPG2VHW7u1y

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fad733f792ebb5cf90cb4a7cbe301ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3fad733f792ebb5cf90cb4a7cbe301ac_JaffaCakes118.exe"
    1⤵
      PID:2368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 232
        2⤵
        • Program crash
        PID:2800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2368 -ip 2368
      1⤵
        PID:4824

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=1779E8CC4F9E6A931FB3FC774EB96B6B; domain=.bing.com; expires=Thu, 07-Aug-2025 01:34:59 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 1212C69128FE4E0CB0FF7A17EF5A12FF Ref B: LON04EDGE0622 Ref C: 2024-07-13T01:34:59Z
        date: Sat, 13 Jul 2024 01:34:58 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1779E8CC4F9E6A931FB3FC774EB96B6B
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=2zgi0wqMU8xIe2ledt7ARBy1ebD5kPBibN2aXDKcNdU; domain=.bing.com; expires=Thu, 07-Aug-2025 01:34:59 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2CF3D02C08A14B348DC9C28E64E03A80 Ref B: LON04EDGE0622 Ref C: 2024-07-13T01:34:59Z
        date: Sat, 13 Jul 2024 01:34:58 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1779E8CC4F9E6A931FB3FC774EB96B6B; MSPTC=2zgi0wqMU8xIe2ledt7ARBy1ebD5kPBibN2aXDKcNdU
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2D1506A0937E4DD5B580287D0C0A9999 Ref B: LON04EDGE0622 Ref C: 2024-07-13T01:34:59Z
        date: Sat, 13 Jul 2024 01:34:58 GMT
      • flag-us
        DNS
        140.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.144.22.2.in-addr.arpa
        IN PTR
        Response
        81.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        tls, http2
        2.0kB
         9.3kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a9a15a7837e47939605e067144b285b&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204
      • 52.111.243.29:443
        322 B
         7
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        140.32.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        140.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        81.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        81.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        21.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        21.236.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.