Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

b9e50818cb...18.exe

windows7-x64

7

b9e50818cb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 01:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe

  • Size

    236KB

  • MD5

    b9e50818cbcc4dc0bda90f2fffe199b6

  • SHA1

    265e136868280ea25cf316c0e8e0580146aa408a

  • SHA256

    0a586fcd7de03e54dbb416149af1601f44a770dbe093df3ca98b1d510702bca9

  • SHA512

    f61f6fe48ac6d61d0fe4830d60444ad1f9fd37859c77fb1d0c69db006c50a917da4b56493ca898aa60e7a2023dff3c2d7aff4ac3c99c56e008686483b765bf1d

  • SSDEEP

    3072:MlELL7XOCw0xQCdMey44tVkZj+8FzB7C1XWLmjPUXiYR8Pyqs8AsjaqzwQAn:/3kOMeaavF17EP6qyqs4DAn

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:544
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
    1⤵
      PID:2768

    Network

    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      csc3-2010-crl.verisign.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      csc3-2010-crl.verisign.com
      IN A
      Response
      csc3-2010-crl.verisign.com
      IN CNAME
      crl-symcprod.digicert.com
      crl-symcprod.digicert.com
      IN CNAME
      crl.edge.digicert.com
      crl.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-se
      GET
      http://csc3-2010-crl.verisign.com/CSC3-2010.crl
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      192.229.221.95:80
      Request
      GET /CSC3-2010.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: csc3-2010-crl.verisign.com
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Age: 5620
      Cache-Control: public, max-age=3600
      Content-Type: application/pkix-crl
      Date: Fri, 23 Aug 2024 01:47:18 GMT
      Last-Modified: Fri, 23 Aug 2024 00:13:38 GMT
      Server: ECAcc (lhd/35E5)
      X-Cache: HIT
      X-Content-Type-Options: nosniff
      X-Frame-Options: SAMEORIGIN
      X-XSS-Protection: 1; mode=block
      Content-Length: 81444
    • flag-us
      DNS
      74.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.19.199.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      4.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      42.56.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      42.56.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      42.56.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      42.56.20.217.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 405350
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0061B917BCE84066B59F8246D1CED9AC Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:29Z
      date: Fri, 23 Aug 2024 01:48:29 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 604205
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 58494B5ADE59404386450CB7497419D6 Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:29Z
      date: Fri, 23 Aug 2024 01:48:29 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 439986
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C506F46EC355455CA968373EC1D70E2F Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:29Z
      date: Fri, 23 Aug 2024 01:48:29 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 360094
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0A85A653AE7D449F99A046EE3204E065 Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:29Z
      date: Fri, 23 Aug 2024 01:48:29 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 561868
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A53E27FC032949009DB2DEFFCCD1775C Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:29Z
      date: Fri, 23 Aug 2024 01:48:29 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 666447
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9386810A6ECB4EAF9C37850ABBC1207B Ref B: LON04EDGE1108 Ref C: 2024-08-23T01:48:33Z
      date: Fri, 23 Aug 2024 01:48:33 GMT
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • flag-us
      DNS
      b.coughstuffs.com
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      b.coughstuffs.com
      IN A
      Response
    • 192.229.221.95:80
      http://csc3-2010-crl.verisign.com/CSC3-2010.crl
      http
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      1.8kB
       84.4kB
       37
      64

      HTTP Request

      GET http://csc3-2010-crl.verisign.com/CSC3-2010.crl

      HTTP Response

      200
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      112.0kB
       3.2MB
       2339
      2327

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       8.2kB
       19
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       8.2kB
       19
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       8.2kB
       19
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       8.2kB
       19
      13
    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      csc3-2010-crl.verisign.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      72 B
       212 B
       1
      1

      DNS Request

      csc3-2010-crl.verisign.com

      DNS Response

      192.229.221.95

    • 8.8.8.8:53
      74.19.199.152.in-addr.arpa
      dns
      72 B
       143 B
       1
      1

      DNS Request

      74.19.199.152.in-addr.arpa

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      4.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      4.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      219 B
       147 B
       3
      1

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      171.39.242.20.in-addr.arpa

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      42.56.20.217.in-addr.arpa
      dns
      142 B
       131 B
       2
      1

      DNS Request

      42.56.20.217.in-addr.arpa

      DNS Request

      42.56.20.217.in-addr.arpa

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      189 B
       136 B
       3
      1

      DNS Request

      b.coughstuffs.com

      DNS Request

      b.coughstuffs.com

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      126 B
       136 B
       2
      1

      DNS Request

      b.coughstuffs.com

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      126 B
       136 B
       2
      1

      DNS Request

      b.coughstuffs.com

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      126 B
       136 B
       2
      1

      DNS Request

      b.coughstuffs.com

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
       170 B
       2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    • 8.8.8.8:53
      b.coughstuffs.com
      dns
      b9e50818cbcc4dc0bda90f2fffe199b6_JaffaCakes118.exe
      63 B
       136 B
       1
      1

      DNS Request

      b.coughstuffs.com

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/544-0-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/544-11-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/544-12-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/544-14-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/544-17-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/544-19-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.