Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 00:05 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
Resource
win7-20240705-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
-
Size
42KB
-
MD5
475d2c1307067d14e51b441cc79ee1af
-
SHA1
4970a0f9a34667cb9f0d425709eadef1c66f7d05
-
SHA256
2e73fc86852e49119ec4d91261b6e471ae1255a51fb9a94efe6cb5f796a1ed86
-
SHA512
65fde1dc5997fdc81847d8b0736dbc78401b63fe830f87501157b460b90edfa8b870a07445c1c8544e4bd2ab8afc84c403f965dcda81fc9ef7dc1ad5ab6a286e
-
SSDEEP
384:0YXloE0Pf/SkChw60EV0KUm/pnLpmYOS:0YX4PqaMUu1m
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/712-2-0x0000000007000000-0x000000000700A000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\musqbvtkq8 = "C:\\Users\\Admin\\musqbvtkq8.exe" 475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE; domain=.bing.com; expires=Sat, 09-Aug-2025 00:05:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5CC794FAEFB4474A8098CB07E2D79953 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
date: Mon, 15 Jul 2024 00:05:49 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=oZX5q4pKBlmpcCmiLPyT4MPS_AZbgnqWrSshJxrg2oM; domain=.bing.com; expires=Sat, 09-Aug-2025 00:05:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C311A45C68D0411AA7420D23D2605000 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
date: Mon, 15 Jul 2024 00:05:49 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE; MSPTC=oZX5q4pKBlmpcCmiLPyT4MPS_AZbgnqWrSshJxrg2oM
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D7C46693E2540809D12D4A04AC06F85 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
date: Mon, 15 Jul 2024 00:05:49 GMT
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.143.123.92.in-addr.arpaIN PTRResponse240.143.123.92.in-addr.arpaIN PTRa92-123-143-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=tls, http22.0kB 9.3kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
240.143.123.92.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa