Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

475d2c1307...18.exe

windows7-x64

7

475d2c1307...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 00:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe

  • Size

    42KB

  • MD5

    475d2c1307067d14e51b441cc79ee1af

  • SHA1

    4970a0f9a34667cb9f0d425709eadef1c66f7d05

  • SHA256

    2e73fc86852e49119ec4d91261b6e471ae1255a51fb9a94efe6cb5f796a1ed86

  • SHA512

    65fde1dc5997fdc81847d8b0736dbc78401b63fe830f87501157b460b90edfa8b870a07445c1c8544e4bd2ab8afc84c403f965dcda81fc9ef7dc1ad5ab6a286e

  • SSDEEP

    384:0YXloE0Pf/SkChw60EV0KUm/pnLpmYOS:0YX4PqaMUu1m

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    PID:712

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE; domain=.bing.com; expires=Sat, 09-Aug-2025 00:05:49 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5CC794FAEFB4474A8098CB07E2D79953 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
    date: Mon, 15 Jul 2024 00:05:49 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=oZX5q4pKBlmpcCmiLPyT4MPS_AZbgnqWrSshJxrg2oM; domain=.bing.com; expires=Sat, 09-Aug-2025 00:05:49 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C311A45C68D0411AA7420D23D2605000 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
    date: Mon, 15 Jul 2024 00:05:49 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0D32A530BC9C67D93167B18DBDBB66EE; MSPTC=oZX5q4pKBlmpcCmiLPyT4MPS_AZbgnqWrSshJxrg2oM
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0D7C46693E2540809D12D4A04AC06F85 Ref B: LON04EDGE0614 Ref C: 2024-07-15T00:05:49Z
    date: Mon, 15 Jul 2024 00:05:49 GMT
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    tls, http2
    2.0kB
     9.3kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16320c6da8cb494ba7fe864a90e75f8e&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204
  • 50.22.93.243:443
    475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
    260 B
     5
  • 184.173.202.225:443
    475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
    260 B
     5
  • 184.173.202.224:443
    475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
    260 B
     5
  • 50.97.205.48:443
    475d2c1307067d14e51b441cc79ee1af_JaffaCakes118.exe
    260 B
     5
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/712-0-0x0000000009200000-0x0000000009210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/712-1-0x0000000009200000-0x0000000009210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/712-2-0x0000000007000000-0x000000000700A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/712-3-0x000000000B000000-0x000000000B007000-memory.dmp

    Filesize

    28KB

    Download

  • memory/712-5-0x000000000B000000-0x000000000B007000-memory.dmp

    Filesize

    28KB

    Download

  • memory/712-6-0x000000000B000000-0x000000000B007000-memory.dmp

    Filesize

    28KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.