Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c8e65730e3...18.exe

windows7-x64

7

c8e65730e3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 13:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    c8e65730e37a0d727e7bfe5b5c0dc6b7

  • SHA1

    96916b566414a1dfa47fdfd731dc9eea87e25045

  • SHA256

    9d0426682f97209da266f8911e8d10d8fa44e3b83a780f0850aafa84dede1c8d

  • SHA512

    6a30b33a60c983c38b92513c1af087c45ec22c073193993bde2b6c970eb640b84b292d8201f306ad2e36c2ca5c8a57676bbe01b9f060983d445d709dc9c28c1f

  • SSDEEP

    49152:5avvWWRc6Hd4D2yLG71MdOJcx4oryLIrBGinXBgJ:Qvjc6HdI2j71MdaoaOPRgJ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp" /SL5="$902D0,1546942,54272,C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2108
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4460,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
    1⤵
      PID:3688

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-dc-msedge.net
      ax-0001.ax-dc-msedge.net
      IN A
      150.171.29.10
      ax-0001.ax-dc-msedge.net
      IN A
      150.171.30.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      150.171.29.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1D135ED758EB606D13464A3D5992613C; domain=.bing.com; expires=Tue, 23-Sep-2025 13:23:22 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5DE8F6D02879495EA4110A7FA08FC5C5 Ref B: LON212050704051 Ref C: 2024-08-29T13:23:22Z
      date: Thu, 29 Aug 2024 13:23:22 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      150.171.29.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1D135ED758EB606D13464A3D5992613C
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=8Ui1a2GavY-AII4m4ccL1CWCaJ2cNvFXTtcuv-hS910; domain=.bing.com; expires=Tue, 23-Sep-2025 13:23:23 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2B52EED0C7B64480889D6C1B0C28EC78 Ref B: LON212050704051 Ref C: 2024-08-29T13:23:22Z
      date: Thu, 29 Aug 2024 13:23:22 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      150.171.29.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1D135ED758EB606D13464A3D5992613C; MSPTC=8Ui1a2GavY-AII4m4ccL1CWCaJ2cNvFXTtcuv-hS910
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 953543DFE0F24508B89E4B976D5CD6A2 Ref B: LON212050704051 Ref C: 2024-08-29T13:23:23Z
      date: Thu, 29 Aug 2024 13:23:22 GMT
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.29.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.29.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      65.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      65.139.73.23.in-addr.arpa
      IN PTR
      Response
      65.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-65deploystaticakamaitechnologiescom
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 193575
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BFCEA2021C9F42B3984A3A49BA695BAB Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:00 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 195935
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1CC45C64D6F84EB79427D72324CF3388 Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:00 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 580561
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 74A1988F1EC04B9EB1E2C12249F72E91 Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:00 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 579336
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 244910506B76479EA5F75910D655DC81 Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:00 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 677488
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: ECA795C2007D43738FBF128A72A691DB Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:00 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 673255
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C7BFFED89E554641A3F95BD22EDFDD6D Ref B: LON04EDGE0717 Ref C: 2024-08-29T13:25:01Z
      date: Thu, 29 Aug 2024 13:25:01 GMT
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • 150.171.29.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      tls, http2
      2.0kB
       9.4kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d1df75854eb46f6b16ac0f2a0a0a355&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       7.0kB
       16
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       6.9kB
       17
      13
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      103.8kB
       3.0MB
       2182
      2179

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      12
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       169 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.29.10
      150.171.30.10

    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      10.29.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.29.171.150.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      65.139.73.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      65.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      10.28.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.28.171.150.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp
      Filesize

      688KB

      MD5

      c765336f0dcf4efdcc2101eed67cd30c

      SHA1

      fa0279f59738c5aa3b6b20106e109ccd77f895a7

      SHA256

      c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

      SHA512

      06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-US152.tmp\Games.inf
      Filesize

      208B

      MD5

      2b68fb33356b62cf3e8d98523097cc47

      SHA1

      64ae113478e2009fa0fc011d094f93880de9061e

      SHA256

      1f18a5a357b679f5152b9e85ad4d5263a73095ab9b94ca18993c8068eccabf21

      SHA512

      eca4de99518474df811671ecdb4b4ce5de5299cb44c194b3ef6f4dbdcb821a5c0b624f10118ec807deb778f566b6fef82abb2fbd9350d26ff758280526cecdd7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-US152.tmp\isxdl.dll
      Filesize

      49KB

      MD5

      02ecc74f7f91e9ffd84de708683236a6

      SHA1

      3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

      SHA256

      30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

      SHA512

      a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

      Download Submit

    • memory/2108-7-0x0000000000400000-0x00000000004BC000-memory.dmp

      Filesize

      752KB

      Download

    • memory/2108-35-0x0000000000400000-0x00000000004BC000-memory.dmp

      Filesize

      752KB

      Download

    • memory/2728-0-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2728-2-0x0000000000401000-0x000000000040B000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2728-34-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.