Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 20:39 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118.exe
Resource
win7-20240729-en
3 signatures
150 seconds
General
-
Target
d2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118.exe
-
Size
430KB
-
MD5
d2cb2c4500e5de56bf8255e34610a8c0
-
SHA1
35f1ee92571f47828e822f621783d67d6252b1d2
-
SHA256
de90bac4129ff264b8b6b68f3d03f5ae2a0bc830fe3519ddd970580d7836b352
-
SHA512
8c9db4eb14328b286b82e40e86814aa48b21d48b06c4a4929208c419a9f5b98414ab1f18d227b21dc9233187d284a2e0f0a3dbc221b2020a41f148b988482696
-
SSDEEP
12288:vB3F2de/oZcYi9HvuVQknab8m0p7vxWA:vFYdeccYi9H2yknPp7gA
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 8 iplogger.org 10 iplogger.org 2 iplogger.org -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestiplogger.orgIN A
-
Remote address:8.8.8.8:53Requestiplogger.orgIN A
-
Remote address:8.8.8.8:53Requestiplogger.orgIN A
-
Remote address:8.8.8.8:53Requestiplogger.orgIN A
-
Remote address:8.8.8.8:53Requestiplogger.orgIN A
-
Remote address:8.8.8.8:53Requestgclean-soft.comIN AResponse
-
Remote address:8.8.8.8:53Requestiplogger.orgIN AResponseiplogger.orgIN A172.67.74.161iplogger.orgIN A104.26.3.46iplogger.orgIN A104.26.2.46
-
Remote address:172.67.74.161:80RequestGET /1nLz47 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://iplogger.org/1nLz47#80
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3l%2FlHZ0WpNoFMBXDKVuENBd3uBhYGvmSgefAevNpiYsOr%2F0VEhGRsLIBCYZYbIPAtfGACWjZ9wXj3%2BA%2Fcs5DJQa3JuA9q6SyTJEU9Z6CXEBikwsKWI0ed0jXOWTbw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf9820f1a15d1fd-LHR
-
Remote address:172.67.74.161:443RequestGET /1nL HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.42596435546875
expires: Sat, 07 Sep 2024 20:39:25 +0000
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vmuFiUu6657SM6I1vGOb6Ys7d55OqCBqeGGdiQCsx0kys%2BRRo%2FmZ4ZrqdPnR7nrTtmK05G00XqSL%2BPq4gKXPFP0OowFZnJjmF%2FS17F6q%2BvrqVOqyR6fBaWb%2FxytK0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf982111bc1637f-LHR
-
Remote address:172.67.74.161:443RequestGET /1tn HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.42596435546875
expires: Sat, 07 Sep 2024 20:39:25 +0000
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wktJRh9a0JniZ1Ujgd%2FDCsc6X89gm943JdvhBC98SzKugbNDbqFm5eC0y634nhwx0mfZLlv0xV7pBI2ykIFEHNHX71%2Biq4f4HvIryQYPztAzzrkEb1OJ7ZSnE%2FTGUw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Hdqwyk4iTfYWguTScm0JmG1sDa1cTfPbA_e9v3AurOk-1725741565-1.0.1.1-tvaKp_ZAdF9BI9dVMQ_eik0RFee4CchphV2vzZX2WgP0Zi8YdGNKZgmC1ufGrc.JAgskiJtUhbgKQZ9to3G51ceB23mgBZiiT.j6g1trU5CKTlFB0rkpzgz4tAINIY1JuLsU8eHXgYdO0daRwuYB.A"}],"group":"cf-csp-endpoint","max_age":86400}
Content-Security-Policy-Report-Only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Hdqwyk4iTfYWguTScm0JmG1sDa1cTfPbA_e9v3AurOk-1725741565-1.0.1.1-tvaKp_ZAdF9BI9dVMQ_eik0RFee4CchphV2vzZX2WgP0Zi8YdGNKZgmC1ufGrc.JAgskiJtUhbgKQZ9to3G51ceB23mgBZiiT.j6g1trU5CKTlFB0rkpzgz4tAINIY1JuLsU8eHXgYdO0daRwuYB.A; report-to cf-csp-endpoint
Server: cloudflare
CF-RAY: 8bf982125d5a637f-LHR
-
Remote address:172.67.74.161:443RequestGET /1PM HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.42596435546875
expires: Sat, 07 Sep 2024 20:39:26 +0000
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KQOKLzGboelgwo1zBOYBKaSO%2F2UCOBcxbqwqTdlkf55CPyKH37CdFH6icaGjTnTRp5RgnIu0hjCXLDB%2Fy6dlRfmLX%2FVGGiG6oj52vuBllLDk7jJE1h58Brdcf2bWw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf982138f70637f-LHR
-
Remote address:172.67.74.161:443RequestGET /1z9 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.42596435546875
expires: Sat, 07 Sep 2024 20:39:26 +0000
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2F%2BC%2BC50RQL73BXvFwBcW271QoXVvFMKD2lGUTKnUSvynve9UaKDayUY5CDM3gx%2FSM4SCsJJf%2F42EMmGHtYj1DUU%2FP%2F1q1Evo%2Fssu2pZpiSZfhGqcRb%2FGtZ%2B1%2FVDOg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf98214a8d7637f-LHR
-
Remote address:172.67.74.161:80RequestGET /1tnbw7 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://iplogger.org/1tnbw7#80
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zvao1ivpX%2FzvvISWLFpzESnYw69UkhS6ZZBq1DqBw0GpDIg2BXpQ%2F2aEWzKUDGKIUJtSmH%2FGi2Ett6gxmS0zyuC1sdhpw1tRQzhYMueUadVlIQsNT6r7DhAEkUYZfw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf98211aac0416a-LHR
-
Remote address:172.67.74.161:80RequestGET /1PMX37 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://iplogger.org/1PMX37#80
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mr1UpQHGiD1m40qbdtUspJMus1JPH9%2BYTR3PS3nthLCRuqzd3YXilIoUpbFuU5B%2FaOEpa27biKqzV4CfdG6D2RnL7r%2BFp8TPXyhH5UaTpbYUG4mr72w5k2ftWwZo5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf98212fe89368f-LHR
-
Remote address:172.67.74.161:80RequestGET /1z9A57 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 || Windows: Admin
Host: iplogger.org
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://iplogger.org/1z9A57#80
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JepR7%2B8zbV0maxtHL3dzEy6oygrdFeKa4mWsZZnYaqT7Dq6LF4h2UKBKn%2F5ON%2BDWLB63YO%2BTkD8KACRvbTeCbU7pFyBXo9GnmR4kTZohez1SAJpIlI0lZ6B%2Bm17Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8bf982143b9193de-LHR
-
Remote address:8.8.8.8:53Requestg-cleaner.infoIN AResponse
-
494 B 985 B 5 4
HTTP Request
GET http://iplogger.org/1nLz47HTTP Response
301 -
172.67.74.161:443https://iplogger.org/1z9tls, httpd2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118.exe2.8kB 45.1kB 31 50
HTTP Request
GET https://iplogger.org/1nLHTTP Response
200HTTP Request
GET https://iplogger.org/1tnHTTP Response
200HTTP Request
GET https://iplogger.org/1PMHTTP Response
200HTTP Request
GET https://iplogger.org/1z9HTTP Response
200 -
494 B 983 B 5 4
HTTP Request
GET http://iplogger.org/1tnbw7HTTP Response
301 -
494 B 983 B 5 4
HTTP Request
GET http://iplogger.org/1PMX37HTTP Response
301 -
494 B 987 B 5 4
HTTP Request
GET http://iplogger.org/1z9A57HTTP Response
301
-
290 B 5
DNS Request
iplogger.org
DNS Request
iplogger.org
DNS Request
iplogger.org
DNS Request
iplogger.org
DNS Request
iplogger.org
-
61 B 134 B 1 1
DNS Request
gclean-soft.com
-
58 B 106 B 1 1
DNS Request
iplogger.org
DNS Response
172.67.74.161104.26.3.46104.26.2.46
-
60 B 139 B 1 1
DNS Request
g-cleaner.info