Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

662f45827c...18.exe

windows7-x64

1

662f45827c...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 04:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe

  • Size

    39KB

  • MD5

    662f45827c0ab8f7c7b53d62cf5977a5

  • SHA1

    68e8fce2abe36de8a444748f962b4a582166adc3

  • SHA256

    2fc57148710cd61a0d3980dd9e254f23b20671138268cdf72e93d67e31364c5a

  • SHA512

    5fed34218a6f91045f3ce9d40207980363e8e6d39f3fbb96c0b6a00f1be94ce3ad9da60da376635853457d26da6f94f646caa73d889cc504cc37cda29e202cc2

  • SSDEEP

    768:5bsmMyiWbcWLtQ5roP5aZO5t27kZKoaXpuScIQzTGf/:5gmMLWbcWLCNoP5aoNa0ScIQy

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe"
    1⤵
      PID:2420

    Network

    • flag-us
      DNS
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      home.51.com
      IN A
      Response
      home.51.com
      IN CNAME
      home.51.com.dsa.dnsv1.com.cn
      home.51.com.dsa.dnsv1.com.cn
      IN CNAME
      ppjzolql.sched.d0.tdnsdp1.cn
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      58.251.62.110
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      1.56.98.101
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      116.162.203.111
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      118.212.138.173
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      58.251.62.189
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      58.251.62.191
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      58.251.62.192
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      119.188.180.230
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      116.177.225.247
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      116.136.188.184
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      58.144.235.61
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      112.84.131.83
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      221.204.43.242
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      112.84.131.82
      ppjzolql.sched.d0.tdnsdp1.cn
      IN A
      211.97.95.244
    • flag-us
      DNS
      blog.myspace.cn
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      blog.myspace.cn
      IN A
      Response
      blog.myspace.cn
      IN A
      3.64.163.50
    • flag-de
      GET
      http://blog.myspace.cn/e/408491456.htm
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      3.64.163.50:80
      Request
      GET /e/408491456.htm HTTP/1.1
      Host: blog.myspace.cn
      Cache-Control: no-cache
      Response
      HTTP/1.1 410 Gone
      Server: openresty
      Date: Tue, 23 Jul 2024 05:33:19 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
    • flag-us
      DNS
      hi.baidu.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      hi.baidu.com
      IN A
      Response
      hi.baidu.com
      IN CNAME
      im.n.shifen.com
      im.n.shifen.com
      IN CNAME
      in.m.wshifen.com
      in.m.wshifen.com
      IN A
      104.193.88.125
      in.m.wshifen.com
      IN A
      104.193.88.126
    • flag-us
      GET
      http://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.html
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      104.193.88.125:80
      Request
      GET /jack27309937/blog/item/817557e9494440e9b3fb9541.html HTTP/1.1
      Host: hi.baidu.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 302 Found
      Content-Length: 49
      Content-Type: text/html; charset=utf-8
      Date: Tue, 23 Jul 2024 05:33:20 GMT
      Location: https://infoflow.baidu.com
    • flag-us
      DNS
      infoflow.baidu.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      infoflow.baidu.com
      IN A
      Response
      infoflow.baidu.com
      IN CNAME
      im.n.shifen.com
      im.n.shifen.com
      IN CNAME
      in.m.wshifen.com
      in.m.wshifen.com
      IN A
      104.193.88.126
      in.m.wshifen.com
      IN A
      104.193.88.125
    • flag-us
      GET
      https://infoflow.baidu.com/
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      104.193.88.126:443
      Request
      GET / HTTP/1.1
      Host: infoflow.baidu.com
      Cache-Control: no-cache
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Connection: keep-alive
      Content-Length: 4546
      Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: baidu: *.infoflow.baidu.com *.im.baidu.com zhiqiu.baidu.com passport.baidu.com passport.bdimg.com cdnjs.cloudflare.com uuap.baidu.com uuap.baidu-int.com *.weiyun.baidu.com wappass.baidu.com hi-static.bj.bcebos.com ops-wps.cdn.bcebos.com wps-office-static.cdn.bcebos.com code.bdstatic.com knowledge-infoflow.cdn.bcebos.com knowledge-infoflow.bj.bcebos.com workflow.cdn.bcebos.com hi-static.cdn.bcebos.com ufosdk.baidu.com office-online.baidu.com office-online-gray.baidu.com hidoc-office-online-gray.weiyun.baidu.com uflow.baidu-int.com uflow-gray.baidu-int.com jsdk.baidu.com libs.baidu.com fe.bdimg.com hmcdn.baidu.com hm.baidu.com himonitor.baidu.com cdn.bootcss.com:* qapm.baidu.com *.qatest.baidu.com *.cdn.bcebos.com *.bcebos.com; object-src 'self'; frame-src 'self' baidu: *.infoflow.baidu.com *.im.baidu.com *.neisou.baidu-int.com passport.baidu.com uuap.baidu.com uuap.baidu-int.com hmcdn.baidu.com hm.baidu.com office-service.baidu.com office-service-gray.baidu.com office-gray.weiyun.baidu.com http://office-service-gray.baidu.com https://office-service-gray.baidu.com http://office-gray.weiyun.baidu.com https://office-gray.weiyun.baidu.com ufosdk.baidu.com http://office-online.baidu.com https://office-online.baidu.com office-online-gray.baidu.com hidoc-office-online-gray.weiyun.baidu.com learn.baidu.com wvjbscheme: webviewprogressproxy: data:; report-uri https://log.im.baidu.com/gc/csp-report https://report-uri.baidu.com/report?app=hi
      Content-Type: text/html; charset=utf-8
      Date: Tue, 23 Jul 2024 05:33:22 GMT
      Env: online
      Etag: "661924a9-11c2"
      Last-Modified: Fri, 12 Apr 2024 12:10:17 GMT
      Server: openresty
      Vary: Accept-Encoding
      X-Envoy-Upstream-Service-Time: 1
      X-Logid: 470825735610639360
      X-Xss-Protection: 1;mode=block
    • flag-us
      DNS
      blog.sina.com.cn
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      blog.sina.com.cn
      IN A
      Response
      blog.sina.com.cn
      IN CNAME
      blogx.sina.com.cn
      blogx.sina.com.cn
      IN A
      202.108.0.52
    • flag-us
      DNS
      37440.5p5p.info
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      37440.5p5p.info
      IN A
      Response
    • 58.251.62.110:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 1.56.98.101:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 116.162.203.111:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 3.64.163.50:80
      http://blog.myspace.cn/e/408491456.htm
      http
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      311 B
       466 B
       5
      4

      HTTP Request

      GET http://blog.myspace.cn/e/408491456.htm

      HTTP Response

      410
    • 104.193.88.125:80
      http://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.html
      http
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      535 B
       550 B
       9
      8

      HTTP Request

      GET http://hi.baidu.com/jack27309937/blog/item/817557e9494440e9b3fb9541.html

      HTTP Response

      302
    • 104.193.88.126:443
      https://infoflow.baidu.com/
      tls, http
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      1.2kB
       12.9kB
       16
      21

      HTTP Request

      GET https://infoflow.baidu.com/

      HTTP Response

      200
    • 202.108.0.52:80
      blog.sina.com.cn
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 118.212.138.173:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 58.251.62.189:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 58.251.62.191:80
      home.51.com
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      152 B
       3
    • 8.8.8.8:53
      home.51.com
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      57 B
       379 B
       1
      1

      DNS Request

      home.51.com

      DNS Response

      58.251.62.110
      1.56.98.101
      116.162.203.111
      118.212.138.173
      58.251.62.189
      58.251.62.191
      58.251.62.192
      119.188.180.230
      116.177.225.247
      116.136.188.184
      58.144.235.61
      112.84.131.83
      221.204.43.242
      112.84.131.82
      211.97.95.244

    • 8.8.8.8:53
      blog.myspace.cn
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      61 B
       77 B
       1
      1

      DNS Request

      blog.myspace.cn

      DNS Response

      3.64.163.50

    • 8.8.8.8:53
      hi.baidu.com
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      58 B
       143 B
       1
      1

      DNS Request

      hi.baidu.com

      DNS Response

      104.193.88.125
      104.193.88.126

    • 8.8.8.8:53
      infoflow.baidu.com
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      64 B
       149 B
       1
      1

      DNS Request

      infoflow.baidu.com

      DNS Response

      104.193.88.126
      104.193.88.125

    • 8.8.8.8:53
      blog.sina.com.cn
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      62 B
       98 B
       1
      1

      DNS Request

      blog.sina.com.cn

      DNS Response

      202.108.0.52

    • 8.8.8.8:53
      37440.5p5p.info
      dns
      662f45827c0ab8f7c7b53d62cf5977a5_JaffaCakes118.exe
      61 B
       140 B
       1
      1

      DNS Request

      37440.5p5p.info

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2420-0-0x0000000000400000-0x000000000040AAF0-memory.dmp

      Filesize

      42KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.