Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/08/2024, 23:55 UTC
General
-
Target
c5f616f3c54dfca4225acfc3cc107773_JaffaCakes118.exe
-
Size
547KB
-
MD5
c5f616f3c54dfca4225acfc3cc107773
-
SHA1
6e503972eceea524302648f626384e75205e1511
-
SHA256
61999ad1811489155367e1223b2ac5d24703a3701e9ceddaf1c6dd8958b282b5
-
SHA512
d4261bcef895b628cf6b6f1a1b0f41c2ea7429200d4e3da251d691dbb01fe9637a0d15f40afb97b457afbbdf3e968125e975a7402d5576cea753b8eca472c0ff
-
SSDEEP
12288:DllSxxQjrbsdmeTD7++mTPA2alviql7Y+SzVjlUMGU/KWjNuGFV:DTUN9TPSMXdi4mZlU0KWx
Score
10/10
Malware Config
Signatures
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools 9 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView 5 IoCs
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView 5 IoCs
Password recovery tool for various web browsers
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution 1 TTPs
-
Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 29 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5f616f3c54dfca4225acfc3cc107773_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c5f616f3c54dfca4225acfc3cc107773_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\c5f616f3c54dfca4225acfc3cc107773_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c5f616f3c54dfca4225acfc3cc107773_JaffaCakes118.exe"2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"3⤵
- Accesses Microsoft Outlook accounts
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 27123⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
Network
-
DNS149.220.183.52.in-addr.arpaRemote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse -
DNS76.32.126.40.in-addr.arpaRemote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
DNS76.32.126.40.in-addr.arpaRemote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTR
-
DNS76.32.126.40.in-addr.arpaRemote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTR
-
DNS95.221.229.192.in-addr.arpaRemote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
DNS205.47.74.20.in-addr.arpaRemote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
DNSwhatismyipaddress.comRemote address:8.8.8.8:53Requestwhatismyipaddress.comIN AResponsewhatismyipaddress.comIN A104.19.222.79whatismyipaddress.comIN A104.19.223.79
-
GEThttp://whatismyipaddress.com/Remote address:104.19.222.79:80RequestGET / HTTP/1.1
Host: whatismyipaddress.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Tue, 27 Aug 2024 23:55:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 28 Aug 2024 00:55:36 GMT
Location: https://whatismyipaddress.com/
Set-Cookie: __cf_bm=YA1jTYHJNRAU80YnFokhjPLSpXm_5VOBz8n5VA1UGEY-1724802936-1.0.1.1-t0N1S99UbV6Bv_I3CS20l2Npp9RrNGFp.dr.9G82K.xtHgR8OWKs2EwQerz6xqXSebB9odrJozRVBYWLcmujWQ; path=/; expires=Wed, 28-Aug-24 00:25:36 GMT; domain=.whatismyipaddress.com; HttpOnly
X-Frame-Options: deny
Server: cloudflare
CF-RAY: 8b9ffe4ecd357759-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://whatismyipaddress.com/Remote address:104.19.222.79:443RequestGET / HTTP/1.1
Host: whatismyipaddress.com
Connection: Keep-Alive
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 27 Aug 2024 23:55:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
cf-mitigated: challenge
cf-chl-out: VILonYAyO+6Ui2q+/V1IyudZnpWigUg/XBpVmIrV168BSoxdlxh0df+JAt7ds68uIS8EjaIoXUF/xZ6HF7frft+///GV1omRY/aPiVvGa//rNlmWe4Fk9WAJIUu8Ofu5V937vQQsku2qhptOABMBZQ==$W2qZrQTTWv9vTopG6jnHew==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: __cf_bm=fnlb2rtIzwt3.ZhQijUE79g1MQQVoWYX5eS0geCcZuA-1724802936-1.0.1.1-0LAjNhahuVGjrR0UX.EzYIb_FFMS78LhixqxHUQxitz1AYutlTVNnOOPKVVjA18xHDkWJH8_14COeoXjUCXpLw; path=/; expires=Wed, 28-Aug-24 00:25:36 GMT; domain=.whatismyipaddress.com; HttpOnly; Secure
X-Frame-Options: deny
Server: cloudflare
CF-RAY: 8b9ffe518e86414c-LHR
alt-svc: h3=":443"; ma=86400
-
DNS79.222.19.104.in-addr.arpaRemote address:8.8.8.8:53Request79.222.19.104.in-addr.arpaIN PTRResponse
-
DNSmail.zeeshanenterprises.comRemote address:8.8.8.8:53Requestmail.zeeshanenterprises.comIN AResponsemail.zeeshanenterprises.comIN A37.27.98.198
-
DNS104.219.191.52.in-addr.arpaRemote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
DNS26.165.165.52.in-addr.arpaRemote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
DNS198.187.3.20.in-addr.arpaRemote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
DNS11.227.111.52.in-addr.arpaRemote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
DNStse1.mm.bing.netRemote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
DNStse1.mm.bing.netRemote address:8.8.8.8:53Requesttse1.mm.bing.netIN A
-
DNS26.35.223.20.in-addr.arpaRemote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
DNS26.35.223.20.in-addr.arpaRemote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 427457
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 06E2DF6A49CB4E03B83C46C664F5D58A Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:10Z
date: Tue, 27 Aug 2024 23:57:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339384870_1WSZL43T6U4G68XY0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339384870_1WSZL43T6U4G68XY0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 544366
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3051445A9489434C99E3C93B100A6132 Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:10Z
date: Tue, 27 Aug 2024 23:57:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 464914
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E3ED2D7F4DDD42A88950F91C83A55048 Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:10Z
date: Tue, 27 Aug 2024 23:57:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339384869_1U4BU5OP1KBSS4EDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339384869_1U4BU5OP1KBSS4EDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 526491
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0AEF7E2E592C48C696E81CF6C7F71F49 Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:10Z
date: Tue, 27 Aug 2024 23:57:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301217_1LGEUWZHPMKMEMITB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301217_1LGEUWZHPMKMEMITB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 580155
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97DC279BA3874DA0B99037CF9ECB64CD Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:10Z
date: Tue, 27 Aug 2024 23:57:09 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301626_12UQHHQXE25HHMLCY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301626_12UQHHQXE25HHMLCY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 540101
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B4CF2612E44C490CB008CED1E99E799B Ref B: LON04EDGE1115 Ref C: 2024-08-27T23:57:19Z
date: Tue, 27 Aug 2024 23:57:19 GMT
-
104.19.222.79:80http://whatismyipaddress.com/http
HTTP Request
GET http://whatismyipaddress.com/HTTP Response
301 -
104.19.222.79:443https://whatismyipaddress.com/tls, http
HTTP Request
GET https://whatismyipaddress.com/HTTP Response
403 -
37.27.98.198:25mail.zeeshanenterprises.com -
37.27.98.198:25mail.zeeshanenterprises.com
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301626_12UQHHQXE25HHMLCY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339384870_1WSZL43T6U4G68XY0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339384869_1U4BU5OP1KBSS4EDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301217_1LGEUWZHPMKMEMITB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301626_12UQHHQXE25HHMLCY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200 -
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443tse1.mm.bing.nettls, http2
-
150.171.28.10:443tse1.mm.bing.nettls, http2
-
8.8.8.8:53149.220.183.52.in-addr.arpadns
DNS Request
149.220.183.52.in-addr.arpa
-
8.8.8.8:5376.32.126.40.in-addr.arpadns
DNS Request
76.32.126.40.in-addr.arpa
DNS Request
76.32.126.40.in-addr.arpa
DNS Request
76.32.126.40.in-addr.arpa
-
8.8.8.8:5395.221.229.192.in-addr.arpadns
DNS Request
95.221.229.192.in-addr.arpa
-
8.8.8.8:53205.47.74.20.in-addr.arpadns
DNS Request
205.47.74.20.in-addr.arpa
-
8.8.8.8:53whatismyipaddress.comdns
DNS Request
whatismyipaddress.com
DNS Response
104.19.222.79104.19.223.79
-
8.8.8.8:5379.222.19.104.in-addr.arpadns
DNS Request
79.222.19.104.in-addr.arpa
-
8.8.8.8:53mail.zeeshanenterprises.comdns
DNS Request
mail.zeeshanenterprises.com
DNS Response
37.27.98.198
-
8.8.8.8:53104.219.191.52.in-addr.arpadns
DNS Request
104.219.191.52.in-addr.arpa
-
8.8.8.8:5326.165.165.52.in-addr.arpadns
DNS Request
26.165.165.52.in-addr.arpa
-
8.8.8.8:53198.187.3.20.in-addr.arpadns
DNS Request
198.187.3.20.in-addr.arpa
-
8.8.8.8:5311.227.111.52.in-addr.arpadns
DNS Request
11.227.111.52.in-addr.arpa
-
8.8.8.8:53tse1.mm.bing.netdns
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
8.8.8.8:5326.35.223.20.in-addr.arpadns
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
400B
MD50a9b4592cd49c3c21f6767c2dabda92f
SHA1f534297527ae5ccc0ecb2221ddeb8e58daeb8b74
SHA256c7effe9cb81a70d738dee863991afefab040290d4c4b78b4202383bcb9f88fcd
SHA5126b878df474e5bbfb8e9e265f15a76560c2ef151dcebc6388c82d7f6f86ffaf83f5ade5a09f1842e493cb6c8fd63b0b88d088c728fd725f7139f965a5ee332307
-
Filesize
3KB
MD5f94dc819ca773f1e3cb27abbc9e7fa27
SHA19a7700efadc5ea09ab288544ef1e3cd876255086
SHA256a3377ade83786c2bdff5db19ff4dbfd796da4312402b5e77c4c63e38cc6eff92
SHA51272a2c10d7a53a7f9a319dab66d77ed65639e9aa885b551e0055fc7eaf6ef33bbf109205b42ae11555a0f292563914bc6edb63b310c6f9bda9564095f77ab9196
-
Filesize
352KB
-
Filesize
804KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
560KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB