Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 04:43 UTC
Static task
static1
Behavioral task
behavioral1
Sample
662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
-
Size
39KB
-
MD5
662f45827c0ab8f7c7b53d62cf5977a5
-
SHA1
68e8fce2abe36de8a444748f962b4a582166adc3
-
SHA256
2fc57148710cd61a0d3980dd9e254f23b20671138268cdf72e93d67e31364c5a
-
SHA512
5fed34218a6f91045f3ce9d40207980363e8e6d39f3fbb96c0b6a00f1be94ce3ad9da60da376635853457d26da6f94f646caa73d889cc504cc37cda29e202cc2
-
SSDEEP
768:5bsmMyiWbcWLtQ5roP5aZO5t27kZKoaXpuScIQzTGf/:5gmMLWbcWLCNoP5aoNa0ScIQy
Malware Config
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Requesthome.51.comIN AResponsehome.51.comIN CNAMEhome.51.com.dsa.dnsv1.com.cnhome.51.com.dsa.dnsv1.com.cnIN CNAMEppjzolql.sched.d0.tdnsdp1.cnppjzolql.sched.d0.tdnsdp1.cnIN A58.251.62.110ppjzolql.sched.d0.tdnsdp1.cnIN A1.56.98.101ppjzolql.sched.d0.tdnsdp1.cnIN A116.162.203.111ppjzolql.sched.d0.tdnsdp1.cnIN A118.212.138.173ppjzolql.sched.d0.tdnsdp1.cnIN A58.251.62.189ppjzolql.sched.d0.tdnsdp1.cnIN A58.251.62.191ppjzolql.sched.d0.tdnsdp1.cnIN A58.251.62.192ppjzolql.sched.d0.tdnsdp1.cnIN A119.188.180.230ppjzolql.sched.d0.tdnsdp1.cnIN A116.177.225.247ppjzolql.sched.d0.tdnsdp1.cnIN A116.136.188.184ppjzolql.sched.d0.tdnsdp1.cnIN A58.144.235.61ppjzolql.sched.d0.tdnsdp1.cnIN A112.84.131.83ppjzolql.sched.d0.tdnsdp1.cnIN A221.204.43.242ppjzolql.sched.d0.tdnsdp1.cnIN A112.84.131.82ppjzolql.sched.d0.tdnsdp1.cnIN A211.97.95.244
-
Remote address:8.8.8.8:53Requestblog.myspace.cnIN AResponseblog.myspace.cnIN A3.64.163.50
-
Remote address:3.64.163.50:80RequestGET /e/408491456.htm HTTP/1.1
Host: blog.myspace.cn
Cache-Control: no-cache
ResponseHTTP/1.1 410 Gone
Date: Tue, 23 Jul 2024 05:33:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:8.8.8.8:53Requesthi.baidu.comIN AResponsehi.baidu.comIN CNAMEim.n.shifen.comim.n.shifen.comIN CNAMEin.m.wshifen.comin.m.wshifen.comIN A104.193.88.125in.m.wshifen.comIN A104.193.88.126
-
GEThttp://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.html662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exeRemote address:104.193.88.125:80RequestGET /jack27309937/blog/item/817557e9494440e9b3fb9541.html HTTP/1.1
Host: hi.baidu.com
Cache-Control: no-cache
ResponseHTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Jul 2024 05:33:20 GMT
Location: https://infoflow.baidu.com
-
Remote address:8.8.8.8:53Requestinfoflow.baidu.comIN AResponseinfoflow.baidu.comIN CNAMEim.n.shifen.comim.n.shifen.comIN CNAMEin.m.wshifen.comin.m.wshifen.comIN A104.193.88.126in.m.wshifen.comIN A104.193.88.125
-
Remote address:104.193.88.126:443RequestGET / HTTP/1.1
Host: infoflow.baidu.com
Cache-Control: no-cache
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 4546
Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: baidu: *.infoflow.baidu.com *.im.baidu.com zhiqiu.baidu.com passport.baidu.com passport.bdimg.com cdnjs.cloudflare.com uuap.baidu.com uuap.baidu-int.com *.weiyun.baidu.com wappass.baidu.com hi-static.bj.bcebos.com ops-wps.cdn.bcebos.com wps-office-static.cdn.bcebos.com code.bdstatic.com knowledge-infoflow.cdn.bcebos.com knowledge-infoflow.bj.bcebos.com workflow.cdn.bcebos.com hi-static.cdn.bcebos.com ufosdk.baidu.com office-online.baidu.com office-online-gray.baidu.com hidoc-office-online-gray.weiyun.baidu.com uflow.baidu-int.com uflow-gray.baidu-int.com jsdk.baidu.com libs.baidu.com fe.bdimg.com hmcdn.baidu.com hm.baidu.com himonitor.baidu.com cdn.bootcss.com:* qapm.baidu.com *.qatest.baidu.com *.cdn.bcebos.com *.bcebos.com; object-src 'self'; frame-src 'self' baidu: *.infoflow.baidu.com *.im.baidu.com *.neisou.baidu-int.com passport.baidu.com uuap.baidu.com uuap.baidu-int.com hmcdn.baidu.com hm.baidu.com office-service.baidu.com office-service-gray.baidu.com office-gray.weiyun.baidu.com http://office-service-gray.baidu.com https://office-service-gray.baidu.com http://office-gray.weiyun.baidu.com https://office-gray.weiyun.baidu.com ufosdk.baidu.com http://office-online.baidu.com https://office-online.baidu.com office-online-gray.baidu.com hidoc-office-online-gray.weiyun.baidu.com learn.baidu.com wvjbscheme: webviewprogressproxy: data:; report-uri https://log.im.baidu.com/gc/csp-report https://report-uri.baidu.com/report?app=hi
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Jul 2024 05:33:22 GMT
Env: online
Etag: "661924a9-11c2"
Last-Modified: Fri, 12 Apr 2024 12:10:17 GMT
Server: openresty
Vary: Accept-Encoding
X-Envoy-Upstream-Service-Time: 1
X-Logid: 470825735610639360
X-Xss-Protection: 1;mode=block
-
Remote address:8.8.8.8:53Requestblog.sina.com.cnIN AResponseblog.sina.com.cnIN CNAMEblogx.sina.com.cnblogx.sina.com.cnIN A202.108.0.52
-
Remote address:8.8.8.8:53Request37440.5p5p.infoIN AResponse
-
152 B 3
-
152 B 3
-
152 B 3
-
3.64.163.50:80http://blog.myspace.cn/e/408491456.htmhttp662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe311 B 466 B 5 4
HTTP Request
GET http://blog.myspace.cn/e/408491456.htmHTTP Response
410 -
104.193.88.125:80http://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.htmlhttp662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe535 B 550 B 9 8
HTTP Request
GET http://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.htmlHTTP Response
302 -
104.193.88.126:443https://infoflow.baidu.com/tls, http662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe1.2kB 12.9kB 16 21
HTTP Request
GET https://infoflow.baidu.com/HTTP Response
200 -
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
57 B 379 B 1 1
DNS Request
home.51.com
DNS Response
58.251.62.1101.56.98.101116.162.203.111118.212.138.17358.251.62.18958.251.62.19158.251.62.192119.188.180.230116.177.225.247116.136.188.18458.144.235.61112.84.131.83221.204.43.242112.84.131.82211.97.95.244
-
61 B 77 B 1 1
DNS Request
blog.myspace.cn
DNS Response
3.64.163.50
-
58 B 143 B 1 1
DNS Request
hi.baidu.com
DNS Response
104.193.88.125104.193.88.126
-
64 B 149 B 1 1
DNS Request
infoflow.baidu.com
DNS Response
104.193.88.126104.193.88.125
-
62 B 98 B 1 1
DNS Request
blog.sina.com.cn
DNS Response
202.108.0.52
-
61 B 140 B 1 1
DNS Request
37440.5p5p.info