64dc3aa7e5b0217a54edd41fc85a3998688e96d2f244e31ef182f1fb93af69f3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 19:28 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe
Size

28KB
MD5

7565cd7d136de1971abb9654859109a6
SHA1

b8304d84f139d559a4ef61369dc4a3907ac6e83e
SHA256

64dc3aa7e5b0217a54edd41fc85a3998688e96d2f244e31ef182f1fb93af69f3
SHA512

23165adf99a6888fe8e003a73fa42be84a30b1c4d554d86254a61aa90454c7d46c2001849b07b532e847946cbc1aa373efd0cf3c0636e7e23d6587c5134fca9f
SSDEEP

192:rbYXzwcE+xH9ktVNngUMIIMxkz0sSMT9mZBdZDGZy56lOQrQXRM4WzNXwGMigmgl:r6rgBtGM+VT9mlIvLNXCyyxaXs1W1dS

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Cns = "cnsmin.exe"	7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cnsmin.exe	7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\cnsmin.exe	7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:4912

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

25.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.140.123.92.in-addr.arpa

IN PTR

Response

25.140.123.92.in-addr.arpa

IN PTR

a92-123-140-25deploystaticakamaitechnologiescom
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418587_1WAY0EU9WVN81W6N5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418587_1WAY0EU9WVN81W6N5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 780589
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 515FAFC5956B433F8BBE68EF82E22569 Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:09Z
date: Sat, 27 Jul 2024 00:53:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 550329
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B50F09EA25A4388B7A7623F9F0A3561 Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:09Z
date: Sat, 27 Jul 2024 00:53:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 706074
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1FF1374B412C4BB6A808BF2ACC151D50 Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:09Z
date: Sat, 27 Jul 2024 00:53:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 857850
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D770CDC199E94A079FEF957846B07970 Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:09Z
date: Sat, 27 Jul 2024 00:53:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 713808
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F59CA06E6554CFBB1410D4BC08E912B Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:09Z
date: Sat, 27 Jul 2024 00:53:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 586035
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D26E8618E19F40008B9B1D78FED1A8AA Ref B: LON04EDGE1012 Ref C: 2024-07-27T00:53:10Z
date: Sat, 27 Jul 2024 00:53:09 GMT
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A
DNS

www.123a321a.com

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.123a321a.com

IN A

Response
DNS

25.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.73.42.20.in-addr.arpa

IN PTR

Response

150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

151.6kB
4.3MB
3167
3162

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418587_1WAY0EU9WVN81W6N5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

25.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

25.140.123.92.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

240.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

124 B
135 B
2
1

DNS Request

www.123a321a.com

DNS Request

www.123a321a.com
8.8.8.8:53

www.123a321a.com

dns

7565cd7d136de1971abb9654859109a6_JaffaCakes118.exe

62 B
135 B
1
1

DNS Request

www.123a321a.com
8.8.8.8:53

25.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

25.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.