1e4fa0f6c628d3b99c3f638171c26b9b30bcb08d108d2f18977c2253ed2c7736

Analysis

max time kernel
128s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 18:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebfa40f10a5a6ff51b5354d3dc1e8abe_JaffaCakes118.html
Size

67KB
MD5

ebfa40f10a5a6ff51b5354d3dc1e8abe
SHA1

fc89843e23db08429a9e743cf7831f6a0e63a5ab
SHA256

1e4fa0f6c628d3b99c3f638171c26b9b30bcb08d108d2f18977c2253ed2c7736
SHA512

7a3bff4cdc620ff3230ac92c31b9e9880f901db8be47cfd562e1d201af454ad14b4165cb495153fbddc01bb9eaab5a65cdae74beae7fbabbfea32fb488d97457
SSDEEP

768:JiegcMiR3sI2PDDnX0g6SDD7oTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8s/k:JgeTzNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ebfa40f10a5a6ff51b5354d3dc1e8abe_JaffaCakes118.html
1⤵
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4204,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:1
1⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3784,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:1
1⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5420,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
1⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5464,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
1⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5460,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
1⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5836,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:8
1⤵
PID:816

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

img.sedoparking.com

Remote address:

8.8.8.8:53

Request

img.sedoparking.com

IN A

Response

img.sedoparking.com

IN CNAME

sedo.cachefly.net

sedo.cachefly.net

IN CNAME

vip1.g5.cachefly.net

vip1.g5.cachefly.net

IN A

205.234.175.175
DNS

img.sedoparking.com

Remote address:

8.8.8.8:53

Request

img.sedoparking.com

IN Unknown

Response

img.sedoparking.com

IN CNAME

sedo.cachefly.net

sedo.cachefly.net

IN CNAME

vip1.g5.cachefly.net
GET

http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

Remote address:

205.234.175.175:80

Request

GET /js/jquery-1.11.3.custom.min.js HTTP/1.1
Host: img.sedoparking.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 19 Sep 2024 18:49:00 GMT
Content-Type: application/x-javascript
Content-Length: 25176
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Expires: Fri, 20 Sep 2024 18:49:00 GMT
X-CFHash: "7dd2fc9525d32ef5c44abe9036c98ad1"
X-CFF: B
Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
Vary: Accept-Encoding
X-CF3: H
CF4Age: 0
x-cf-tsc: 1685886798
CF4ttl: 31536000.000
Content-Encoding: gzip
X-CF2: H
Server: CFS 1124
X-CF-ReqID: 8973f8b3cbf97188ec6ee524bf9adf60
X-CF1: 11696:fR.lon1:cf:nom:cacheN.lon1-01:H
Accept-Ranges: bytes
GET

http://img.sedoparking.com/templates/brick_gfx/common/logo_2016_blue.svg

Remote address:

205.234.175.175:80

Request

GET /templates/brick_gfx/common/logo_2016_blue.svg HTTP/1.1
Host: img.sedoparking.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 19 Sep 2024 18:49:00 GMT
Content-Type: image/svg+xml
Content-Length: 2077
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Thu, 26 Sep 2024 18:49:00 GMT
X-CFHash: "cc975fdfd0cacdb8d27a0797b2d6ba71"
X-CFF: B
Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
Vary: Accept-Encoding
X-CF3: H
CF4Age: 0
x-cf-tsc: 1714078443
CF4ttl: 31536000.000
Content-Encoding: gzip
X-CF2: H
Server: CFS 1124
X-CF-ReqID: 27d35c747d3ab848c128495312299afe
X-CF1: 11696:fR.lon1:cf:nom:cacheN.lon1-01:H
Accept-Ranges: bytes
DNS

ww1.go.mobilix.mobi

Remote address:

8.8.8.8:53

Request

ww1.go.mobilix.mobi

IN A

Response

ww1.go.mobilix.mobi

IN A

95.211.219.65
DNS

ww1.go.mobilix.mobi

Remote address:

8.8.8.8:53

Request

ww1.go.mobilix.mobi

IN Unknown

Response
DNS

sedoparking.com

Remote address:

8.8.8.8:53

Request

sedoparking.com

IN A

Response

sedoparking.com

IN A

64.190.63.136
DNS

sedoparking.com

Remote address:

8.8.8.8:53

Request

sedoparking.com

IN Unknown

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.135.81

a416.dscd.akamai.net

IN A

88.221.134.17
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
GET

http://sedoparking.com/search/rl.php?rlt=1515471290c93efbc4e346336d2320e74b789c6e6c&num=10&callback=jQuery1113003268342705813043_1726771739754&_=1726771739755

Remote address:

64.190.63.136:80

Request

GET /search/rl.php?rlt=1515471290c93efbc4e346336d2320e74b789c6e6c&num=10&callback=jQuery1113003268342705813043_1726771739754&_=1726771739755 HTTP/1.1
Host: sedoparking.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

date: Thu, 19 Sep 2024 18:49:01 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Thu, 19 Sep 2024 18:49:00 GMT
x-cache-miss-from: parking-7768d5b45d-98sg5
server: Parking/1.0
content-encoding: gzip
GET

http://ww1.go.mobilix.mobi/search/tsc.php?200=MjYxMDMxNTkz&21=MzcuNzIuMTc1LjY3&681=MTUxNTQ3MTI5MDU4ZmE4MTRlZmQ5ZjNjMGJjNDc3YzYzNTI2ZmE2N2Y4&crc=e3bd2193876623337108b32fbbdc2e5835c63dd1&cv=1

Remote address:

95.211.219.65:80

Request

GET /search/tsc.php?200=MjYxMDMxNTkz&21=MzcuNzIuMTc1LjY3&681=MTUxNTQ3MTI5MDU4ZmE4MTRlZmQ5ZjNjMGJjNDc3YzYzNTI2ZmE2N2Y4&crc=e3bd2193876623337108b32fbbdc2e5835c63dd1&cv=1 HTTP/1.1
Host: ww1.go.mobilix.mobi
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Origin: null
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 642
content-type: text/html; charset=utf-8
date: Thu, 19 Sep 2024 18:49:00 GMT
server: nginx
set-cookie: sid=d5c52499-76b7-11ef-ad7a-9ca00b9924b6; path=/; domain=.mobilix.mobi; expires=Tue, 07 Oct 2092 22:03:07 GMT; max-age=2147483647; HttpOnly
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

175.175.234.205.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.175.234.205.in-addr.arpa

IN PTR

Response

175.175.234.205.in-addr.arpa

IN PTR

vip1 G-anycast1cacheflynet
DNS

81.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.135.221.88.in-addr.arpa

IN PTR

Response

81.135.221.88.in-addr.arpa

IN PTR

a88-221-135-81deploystaticakamaitechnologiescom
DNS

136.63.190.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.63.190.64.in-addr.arpa

IN PTR

Response
DNS

65.219.211.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.219.211.95.in-addr.arpa

IN PTR

Response
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

33.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.135.221.88.in-addr.arpa

IN PTR

Response

33.135.221.88.in-addr.arpa

IN PTR

a88-221-135-33deploystaticakamaitechnologiescom
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

40.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.135.221.88.in-addr.arpa

IN PTR

Response

40.135.221.88.in-addr.arpa

IN PTR

a88-221-135-40deploystaticakamaitechnologiescom

13.107.6.158:443

business.bing.com

tls

3.9kB
10.2kB
20
25
205.234.175.175:80

http://img.sedoparking.com/templates/brick_gfx/common/logo_2016_blue.svg

http

1.6kB
29.6kB
19
29

HTTP Request

GET http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

HTTP Response

200

HTTP Request

GET http://img.sedoparking.com/templates/brick_gfx/common/logo_2016_blue.svg

HTTP Response

200
64.190.63.136:80

http://sedoparking.com/search/rl.php?rlt=1515471290c93efbc4e346336d2320e74b789c6e6c&num=10&callback=jQuery1113003268342705813043_1726771739754&_=1726771739755

http

701 B
728 B
6
5

HTTP Request

GET http://sedoparking.com/search/rl.php?rlt=1515471290c93efbc4e346336d2320e74b789c6e6c&num=10&callback=jQuery1113003268342705813043_1726771739754&_=1726771739755

HTTP Response

403
95.211.219.65:80

http://ww1.go.mobilix.mobi/search/tsc.php?200=MjYxMDMxNTkz&21=MzcuNzIuMTc1LjY3&681=MTUxNTQ3MTI5MDU4ZmE4MTRlZmQ5ZjNjMGJjNDc3YzYzNTI2ZmE2N2Y4&crc=e3bd2193876623337108b32fbbdc2e5835c63dd1&cv=1

http

700 B
1.3kB
5
5

HTTP Request

GET http://ww1.go.mobilix.mobi/search/tsc.php?200=MjYxMDMxNTkz&21=MzcuNzIuMTc1LjY3&681=MTUxNTQ3MTI5MDU4ZmE4MTRlZmQ5ZjNjMGJjNDc3YzYzNTI2ZmE2N2Y4&crc=e3bd2193876623337108b32fbbdc2e5835c63dd1&cv=1

HTTP Response

200
88.221.135.81:443

bzib.nelreports.net

tls

2.8kB
6.9kB
12
15
88.221.135.33:443

www.bing.com

tls

2.3kB
5.2kB
10
12
88.221.135.40:443

www.bing.com

tls

2.6kB
986 B
9
9

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

img.sedoparking.com

dns

65 B
134 B
1
1

DNS Request

img.sedoparking.com

DNS Response

205.234.175.175
8.8.8.8:53

img.sedoparking.com

dns

65 B
174 B
1
1

DNS Request

img.sedoparking.com
8.8.8.8:53

ww1.go.mobilix.mobi

dns

65 B
81 B
1
1

DNS Request

ww1.go.mobilix.mobi

DNS Response

95.211.219.65
8.8.8.8:53

ww1.go.mobilix.mobi

dns

65 B
123 B
1
1

DNS Request

ww1.go.mobilix.mobi
8.8.8.8:53

sedoparking.com

dns

61 B
77 B
1
1

DNS Request

sedoparking.com

DNS Response

64.190.63.136
8.8.8.8:53

sedoparking.com

dns

61 B
143 B
1
1

DNS Request

sedoparking.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.135.81

88.221.134.17
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

175.175.234.205.in-addr.arpa

dns

74 B
116 B
1
1

DNS Request

175.175.234.205.in-addr.arpa
8.8.8.8:53

81.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

81.135.221.88.in-addr.arpa
8.8.8.8:53

136.63.190.64.in-addr.arpa

dns

72 B
156 B
1
1

DNS Request

136.63.190.64.in-addr.arpa
8.8.8.8:53

65.219.211.95.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

65.219.211.95.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

33.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

33.135.221.88.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

40.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

40.135.221.88.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.