Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
128s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 05:49 UTC
Static task
static1
Behavioral task
behavioral1
Sample
eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html
Resource
win7-20240903-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html
Resource
win10v2004-20240802-en
0 signatures
150 seconds
General
-
Target
eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html
-
Size
77KB
-
MD5
eab347c65c9bc0bdfac8eefc174f2aa7
-
SHA1
7ba70a2a6b347414cb3d784225f5a98fbd37fe8b
-
SHA256
da189beac71e1d0ec77f750919ecb619b941e24a43b4574bd0babe379bada816
-
SHA512
9f9a9be779666f40853286715003864cd6c0a6c6022e43659291f147474c7405205ee85f6f0ab115f0f702057ffe421490d2d049a0d8aa272b67f750309092f9
-
SSDEEP
1536:S5YDhRfST8yW+JKCujGbc9kzILW8nQDuLweDGO:SOffS/bhcDN
Score
1/10
Malware Config
Signatures
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html1⤵PID:560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1336,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:11⤵PID:368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3864,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:11⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5408,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=1296 /prefetch:81⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=3340,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:81⤵PID:2552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5792,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:11⤵PID:3868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5972,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:11⤵PID:1604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5436,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:81⤵PID:2256
Network
-
Remote address:8.8.8.8:53Requestbusiness.bing.comIN AResponsebusiness.bing.comIN CNAMEbusiness-bing-com.b-0005.b-msedge.netbusiness-bing-com.b-0005.b-msedge.netIN CNAMEb-0005.b-msedge.netb-0005.b-msedge.netIN A13.107.6.158
-
Remote address:8.8.8.8:53Requestbusiness.bing.comIN UnknownResponsebusiness.bing.comIN CNAMEbusiness-bing-com.b-0005.b-msedge.netbusiness-bing-com.b-0005.b-msedge.netIN CNAMEb-0005.b-msedge.net
-
Remote address:8.8.8.8:53Requestinformpromo.comIN AResponse
-
Remote address:8.8.8.8:53Requestinformpromo.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN UnknownResponse
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN AResponse
-
Remote address:8.8.8.8:53Requestinformpromo.comIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN UnknownResponse
-
Remote address:8.8.8.8:53Requestbzib.nelreports.netIN AResponsebzib.nelreports.netIN CNAMEbzib.nelreports.net.akamaized.netbzib.nelreports.net.akamaized.netIN CNAMEa416.dscd.akamai.neta416.dscd.akamai.netIN A23.73.139.27a416.dscd.akamai.netIN A23.73.139.50
-
Remote address:8.8.8.8:53Requestbzib.nelreports.netIN UnknownResponsebzib.nelreports.netIN CNAMEbzib.nelreports.net.akamaized.netbzib.nelreports.net.akamaized.netIN CNAMEa416.dscd.akamai.net
-
Remote address:8.8.8.8:53Requests7.addthis.comIN AResponses7.addthis.comIN CNAMEs8.addthis.coms8.addthis.comIN CNAMEds-s7.addthis.com.edgekey.netds-s7.addthis.com.edgekey.netIN CNAMEe4016.a.akamaiedge.nete4016.a.akamaiedge.netIN A2.18.109.243
-
Remote address:8.8.8.8:53Requests7.addthis.comIN UnknownResponses7.addthis.comIN CNAMEs8.addthis.coms8.addthis.comIN CNAMEds-s7.addthis.com.edgekey.netds-s7.addthis.com.edgekey.netIN CNAMEe4016.a.akamaiedge.net
-
Remote address:2.18.109.243:80RequestGET /js/250/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 308 Permanent Redirect
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/250/addthis_widget.js
Date: Thu, 19 Sep 2024 05:49:09 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
-
Remote address:8.8.8.8:53Requests7.addthis.comIN AResponses7.addthis.comIN CNAMEs8.addthis.coms8.addthis.comIN CNAMEds-s7.addthis.com.edgekey.netds-s7.addthis.com.edgekey.netIN CNAMEe4016.a.akamaiedge.nete4016.a.akamaiedge.netIN A2.18.109.243
-
Remote address:8.8.8.8:53Requests7.addthis.comIN UnknownResponses7.addthis.comIN CNAMEs8.addthis.coms8.addthis.comIN CNAMEds-s7.addthis.com.edgekey.netds-s7.addthis.com.edgekey.netIN CNAMEe4016.a.akamaiedge.net
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request27.139.73.23.in-addr.arpaIN PTRResponse27.139.73.23.in-addr.arpaIN PTRa23-73-139-27deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request243.109.18.2.in-addr.arpaIN PTRResponse243.109.18.2.in-addr.arpaIN PTRa2-18-109-243deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN AResponse
-
Remote address:8.8.8.8:53Request133.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN UnknownResponse
-
Remote address:8.8.8.8:53Requestcookies.ambercrow.comIN AResponse
-
Remote address:8.8.8.8:53Requestcookies.ambercrow.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requestwww.bnserving.comIN AResponsewww.bnserving.comIN A192.243.61.225www.bnserving.comIN A192.243.59.12www.bnserving.comIN A192.243.59.13www.bnserving.comIN A192.243.59.20www.bnserving.comIN A192.243.61.227
-
Remote address:8.8.8.8:53Requestwww.bnserving.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requestcookies.ambercrow.comIN AResponse
-
Remote address:192.243.61.225:80RequestGET /invoke.js HTTP/1.1
Host: www.bnserving.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Thu, 19 Sep 2024 05:49:11 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 94030e49c34af5c791087603ab4620fd
Cache-Control: max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A163.70.151.35
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN UnknownResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.com
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A163.70.151.35
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A157.240.221.35
-
Remote address:8.8.8.8:53Request35.151.70.163.in-addr.arpaIN PTRResponse35.151.70.163.in-addr.arpaIN PTRedge-star-mini-shv-02-lhr6facebookcom
-
Remote address:8.8.8.8:53Request225.61.243.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requeststatic.xx.fbcdn.netIN AResponsestatic.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A157.240.27.27
-
Remote address:8.8.8.8:53Requeststatic.xx.fbcdn.netIN UnknownResponsestatic.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN Unknownh2h3scontent.xx.fbcdn.netIN Unknownscontentfallbackxxfbcdnneth2h3
-
Remote address:8.8.8.8:53Requestscontent.xx.fbcdn.netIN AResponsescontent.xx.fbcdn.netIN A157.240.27.27
-
Remote address:8.8.8.8:53Requestscontent.xx.fbcdn.netIN UnknownResponsescontent.xx.fbcdn.netIN Unknownscontentfallbackxxfbcdnneth2h3scontent.xx.fbcdn.netIN Unknownh2h3
-
Remote address:8.8.8.8:53Requestexternal.xx.fbcdn.netIN AResponseexternal.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A157.240.27.27
-
Remote address:8.8.8.8:53Requestexternal.xx.fbcdn.netIN UnknownResponseexternal.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN Unknownscontentfallbackxxfbcdnneth2h3scontent.xx.fbcdn.netIN Unknownh2h3
-
Remote address:8.8.8.8:53Request27.27.240.157.in-addr.arpaIN PTRResponse27.27.240.157.in-addr.arpaIN PTRxx-fbcdn-shv-01-dus1fbcdnnet
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.135.221.88.in-addr.arpaIN PTRResponse26.135.221.88.in-addr.arpaIN PTRa88-221-135-26deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request33.135.221.88.in-addr.arpaIN PTRResponse33.135.221.88.in-addr.arpaIN PTRa88-221-135-33deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
3.9kB 10.2kB 19 24
-
2.8kB 5.4kB 12 14
-
635 B 726 B 7 6
HTTP Request
GET http://s7.addthis.com/js/250/addthis_widget.jsHTTP Response
308 -
3.1kB 6.8kB 17 22
-
672 B 983 B 6 5
HTTP Request
GET http://www.bnserving.com/invoke.jsHTTP Response
200 -
2.3kB 3.1kB 10 9
-
5.8kB 42.8kB 35 51
-
260 B 5
-
5.0kB 15.9kB 29 35
-
260 B 5
-
2.3kB 5.2kB 10 12
-
63 B 144 B 1 1
DNS Request
business.bing.com
DNS Response
13.107.6.158
-
63 B 185 B 1 1
DNS Request
business.bing.com
-
61 B 134 B 1 1
DNS Request
informpromo.com
-
61 B 134 B 1 1
DNS Request
informpromo.com
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
61 B 134 B 1 1
DNS Request
informpromo.com
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
65 B 172 B 1 1
DNS Request
bzib.nelreports.net
DNS Response
23.73.139.2723.73.139.50
-
65 B 204 B 1 1
DNS Request
bzib.nelreports.net
-
60 B 169 B 1 1
DNS Request
s7.addthis.com
DNS Response
2.18.109.243
-
60 B 211 B 1 1
DNS Request
s7.addthis.com
-
60 B 169 B 1 1
DNS Request
s7.addthis.com
DNS Response
2.18.109.243
-
60 B 211 B 1 1
DNS Request
s7.addthis.com
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
27.139.73.23.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
243.109.18.2.in-addr.arpa
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
72 B 158 B 1 1
DNS Request
133.32.126.40.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
67 B 135 B 1 1
DNS Request
cookies.ambercrow.com
-
67 B 135 B 1 1
DNS Request
cookies.ambercrow.com
-
63 B 143 B 1 1
DNS Request
www.bnserving.com
DNS Response
192.243.61.225192.243.59.12192.243.59.13192.243.59.20192.243.61.227
-
63 B 129 B 1 1
DNS Request
www.bnserving.com
-
67 B 135 B 1 1
DNS Request
cookies.ambercrow.com
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
163.70.151.35
-
62 B 136 B 1 1
DNS Request
www.facebook.com
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
163.70.151.35
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
157.240.221.35
-
72 B 125 B 1 1
DNS Request
35.151.70.163.in-addr.arpa
-
73 B 153 B 1 1
DNS Request
225.61.243.192.in-addr.arpa
-
65 B 104 B 1 1
DNS Request
static.xx.fbcdn.net
DNS Response
157.240.27.27
-
65 B 169 B 1 1
DNS Request
static.xx.fbcdn.net
-
67 B 83 B 1 1
DNS Request
scontent.xx.fbcdn.net
DNS Response
157.240.27.27
-
67 B 148 B 1 1
DNS Request
scontent.xx.fbcdn.net
-
67 B 106 B 1 1
DNS Request
external.xx.fbcdn.net
DNS Response
157.240.27.27
-
67 B 171 B 1 1
DNS Request
external.xx.fbcdn.net
-
11.3kB 324.6kB 99 287
-
3.1kB 4.5kB 7 9
-
72 B 116 B 1 1
DNS Request
27.27.240.157.in-addr.arpa
-
4.3kB 6.7kB 9 13
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
26.135.221.88.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
204 B 3
-
71 B 157 B 1 1
DNS Request
197.87.175.4.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
33.135.221.88.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa