Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

463fd912e1...18.exe

windows7-x64

1

463fd912e1...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 14:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    463fd912e18e0dc6d799e41597a08eb0_JaffaCakes118.exe

  • Size

    995KB

  • MD5

    463fd912e18e0dc6d799e41597a08eb0

  • SHA1

    fe493689087cba67d19a488a3620e4024745ec3a

  • SHA256

    dae539c5adf11947d8f1cdcfd7f46c2d442956a5d7e7a0af241d7d8e5d60d26a

  • SHA512

    ae48304e91700baf37a7a2fa4dd84122114d7c77aae79ab19c0598d5060cac996ba9e0e17884a2f3b2d4c2dcdd65e6bf2836ae5c8f8a6fe9745f12936df5fd79

  • SSDEEP

    24576:6JtLxUUtwRy3vGVJ/weinAmc7aFgPcg5nyIrxw3uk3x:6h3uVJNiI5xXi3TB

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\463fd912e18e0dc6d799e41597a08eb0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\463fd912e18e0dc6d799e41597a08eb0_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3804

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=265B3D6926E461871B3529D5275F60D6; domain=.bing.com; expires=Fri, 08-Aug-2025 14:39:42 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DAF3D76574FC46B58C09A99B8B782D25 Ref B: LON04EDGE0816 Ref C: 2024-07-14T14:39:42Z
    date: Sun, 14 Jul 2024 14:39:42 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=265B3D6926E461871B3529D5275F60D6
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=zPk_OzTF-vFIz5xeGxuRG-PmW3jWEButMVUVrxNKpU0; domain=.bing.com; expires=Fri, 08-Aug-2025 14:39:42 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1342985773D64D9BA8E7A99BE8D9CF0D Ref B: LON04EDGE0816 Ref C: 2024-07-14T14:39:42Z
    date: Sun, 14 Jul 2024 14:39:42 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=265B3D6926E461871B3529D5275F60D6; MSPTC=zPk_OzTF-vFIz5xeGxuRG-PmW3jWEButMVUVrxNKpU0
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 305FA6C95BD74025B6D68239892E971C Ref B: LON04EDGE0816 Ref C: 2024-07-14T14:39:42Z
    date: Sun, 14 Jul 2024 14:39:42 GMT
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    37.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    37.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70dfeff3a90d4885902af784b80b3a2e&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    37.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    37.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3804-0-0x00000000023B0000-0x00000000023B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3804-1-0x0000000000400000-0x0000000000501000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.