Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2024, 07:14 UTC
Static task
static1
Behavioral task
behavioral1
Sample
5f85321c8661ffdb24548d212c45ea96_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5f85321c8661ffdb24548d212c45ea96_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5f85321c8661ffdb24548d212c45ea96_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
5f85321c8661ffdb24548d212c45ea96
-
SHA1
4518ef792cd991ed81fec16c5798f0ac63229b23
-
SHA256
f175911db11d011ab055dd2f48de8d4d016e0bed602c89c55f316572db3d9ce8
-
SHA512
07c2024831aa9fba6cdf0b9086a1d8847101134a07b703c4adf5a6d45f0d85ea45d10ada577ef695b239de628d96acac6f33bb53d5a907cd902075f0359af085
-
SSDEEP
12288:LXXQkfkBc+hnwYNudJ05wBtzDPQd5T7PhlN/Y5G+MYAoDyCJrlYESTsICiInR6:TAkfkN9wYq73P25nplNLFuydfTyR6
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1584 5f85321c8661ffdb24548d212c45ea96_JaffaCakes118.exe 1584 5f85321c8661ffdb24548d212c45ea96_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestos.kitaracdn.comIN AResponse
-
Remote address:8.8.8.8:53Requestos.kitaracdn.comIN A
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request140.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request192.142.123.92.in-addr.arpaIN PTRResponse192.142.123.92.in-addr.arpaIN PTRa92-123-142-192deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 804657
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 73992A42967F48758D43F1B88D966907 Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 712130
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71B948D3853C425A8807EDA6A4808AA9 Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 746478
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A6FAE874919443EDB836C407A34B0776 Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 585223
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 60772AC8600D44D69BDC3B128BD07624 Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 815230
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C708891ECF33487488E8C7A8ABE08118 Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 401499
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92FE7352EC9E41388CD4C36E0973258D Ref B: LON04EDGE0608 Ref C: 2024-07-20T07:16:18Z
date: Sat, 20 Jul 2024 07:16:17 GMT
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2145.5kB 4.2MB 3051 3045
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
124 B 135 B 2 1
DNS Request
os.kitaracdn.com
DNS Request
os.kitaracdn.com
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
140.32.126.40.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
192.142.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156B
MD51ea9e5b417811379e874ad4870d5c51a
SHA1a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa
-
Filesize
3KB
MD57013f5a38b7e5df13729294ddf474d99
SHA106423dd44e8a1b7550d80f5942fd72a372f8c77c
SHA25603e4642a7f23a5fab3e127a5ba91e3d829fa5e76545b1a30cb3f3d57f569d249
SHA512a9802809f020bd990d9c1bd075b7e1a9ecb4660687b51c5b0a256075972dc5f4fc434ad209602fdec46c753a54bf1b6d25db0e778d35dc9fdf8afb16ab365d1d
-
Filesize
506B
MD55335f1c12201b5f7cf5f8b4f5692e3d1
SHA113807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA5120d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df
-
Filesize
16KB
MD5612a87dd7da6eaec11e680a5a6fdcf6e
SHA155270a0973a98ac13c805a7ec4f018c13348f4ca
SHA256a15c437dbbab21947446ad9d39fb221b1d900fe6e716b412a144fac3044acfee
SHA5124b58b03368125b780878d97e872ace5866e284b822aa1c9d5556e30b09a501bc2257ccf277de61746d79271e7c003664e7ff537866d072e9a0cf2788127111c3
-
Filesize
925B
MD5249e564a2ac708877c7fbe9a73ed6b19
SHA165b20a84f59d70b63bb3198b394fd9577741a317
SHA256ea7984a4af75179bd5a42e56bcdae7d06cb89d03d814a0168f8a223bebbed058
SHA51286595185632af4fb7ae7b425eb2fd67818ffd2f079da4b236754a74dfc1d1e1e3b5904f122c6fa5e592e674d7c5d38c16be52fa362bc78773f90bf7ae6768222
-
Filesize
1KB
MD5233e3ecaf8b6f0a9f82ca79ccd1788a1
SHA169775c8479f3ec49f8c3817305320a208349938b
SHA2568b0bf039e841739da7555d8b2348b02111b9a00cca8f654ae73953778155f638
SHA512099f1becf1176d4d0abc7887332ebc6a19ea4631a8c0f93a6c5ccbd35bae62621dc3090aa8ae78d5d8a42a12f0e8ab8458a60fe66c1b9fdc5b56d929dc0d96e9
-
Filesize
12KB
MD53d508e41c8e160e70b4f2e1a9a66b1bc
SHA1900e64092e3849cf54bf61957e78d4d78faf612f
SHA2561ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82
SHA51240b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547
-
Filesize
1KB
MD535800b05c4334c3a5cddf4260ac9d4b9
SHA154affc5d79378b688b64171c03434abe83b5c6c6
SHA256d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea
SHA51276eeb5bb528949fcc5baa327463459d99991823c2ab5aa82366c797d74ac0db9b5bb5b8d5a55ee73990e0c1b0c3074f9ad09ccbf4ac19ec4737dd97d8687ba7f
-
Filesize
1KB
MD56e729d132f975194c6d3975cad7d5ee4
SHA1ca7d67a9b6a06d7ac20099eecec71c23ef85abd8
SHA25685f2a178f1b32d85a162b68590b526c50ce70e82e04c508597476da67b962856
SHA51260c71988687d2df96f3c9b48fe5ae7ca92821f887dacedb33c8f611d199513253834f387c12d0452548ace076aebc299b0e5494c47caf2219009c0b256ba8747
-
Filesize
477B
MD5830234f26fce01833c8f74f1829d7717
SHA138207d8cbf96b4e1a7d6182b7da4b25c31e538dc
SHA256fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2
SHA512f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2
-
Filesize
21KB
MD5360281e85620142c3329848262da263d
SHA1032ae1e422af859d78d172e918573fb0f55318de
SHA2566c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55
SHA51248ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6