Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 08:54 UTC

General

  • Target

    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe

  • Size

    576KB

  • MD5

    12aa4a99be0d56cff118505edb815346

  • SHA1

    a3fc6df33b90821231200771af03fd042228218b

  • SHA256

    c9c98f92d4eee2ed2cb55d7410b6e3528c39d08d83cdac92526ca9bd34c1e00f

  • SHA512

    18a03073629d384cdce192cc8a199777c6ab37414ab339713e1f952ae24d9e13dce0edd3e067c6c789ad7e2cf69436f039358e7c6cb6713b51f13b29559709d4

  • SSDEEP

    12288:m4GdCP0FvEgU41cdqUK6Tgmss1sjZ7UqngHK6j1f6P0tB/6p5S:m4Gdtvi41cdqUK6T6s1sjFUqd6jlaYKS

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3060

Network

  • flag-us
    DNS
    imp.optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    imp.optimuminstaller.com
    IN A
    Response
    imp.optimuminstaller.com
    IN CNAME
    traff-6.hugedomains.com
    traff-6.hugedomains.com
    IN CNAME
    hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
    hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
    IN A
    3.140.13.188
    hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
    IN A
    18.119.154.66
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:28 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:28 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_62&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_62&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:29 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:30 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:34 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:35 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    3.140.13.188:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:36 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    DNS
    www.hugedomains.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.hugedomains.com
    IN A
    Response
    www.hugedomains.com
    IN A
    104.26.7.37
    www.hugedomains.com
    IN A
    172.67.70.191
    www.hugedomains.com
    IN A
    104.26.6.37
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:29 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: site_version_phase=108; expires=Mon, 29-Sep-2025 08:54:29 GMT; path=/
    set-cookie: site_version=HDv3; expires=Mon, 29-Sep-2025 08:54:29 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uud32TztYsw5nsACBKUn35JOi6LnqL55DZ2YtP%2By2yZybcDbzzBArRZ6Op1qU8uduOhM5v3p8Vv6FdQ83RitqkMCNNFED99cgowImaiAZniVvwOFQLU66FZf9SXlEldNWg6kodQ%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f28fdaacbd7e-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    c.pki.goog
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.67
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.217.169.67:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 04 Oct 2024 08:24:08 GMT
    Expires: Fri, 04 Oct 2024 09:14:08 GMT
    Cache-Control: public, max-age=3000
    Age: 1820
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.217.169.67:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 04 Oct 2024 08:24:11 GMT
    Expires: Fri, 04 Oct 2024 09:14:11 GMT
    Cache-Control: public, max-age=3000
    Age: 1818
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:29 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:29 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FFKVLsgPSrSejgvnplxBS%2BsCdONR9%2BLwjSqIpIg4b7cfbhjMf0OdoL0wL2dZDPMzTqWoOpd0SrBDRIgHJ2VY6rkx%2BzD%2F9e%2Be7BtH%2F%2F0HmKHsMzm2%2Beylt6Ux6Klh8V5%2FaGoT4Yg%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f292cab5cdb2-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    install2.optimum-installer.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    install2.optimum-installer.com
    IN A
    Response
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:30 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0WfvhR6%2B%2Bd7nZC4pcEE02uvTuFNvdfl1pdG%2BE8pLeukrPf9E%2BQ7xC4AOGUkjrYkiaDaKHSAdFSagAzNpxxargxLqIBY6f9GLJHodMt0PXXyT08aD9y5kX3t3DzC85SgKSAxQes%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2961f435312-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:30 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=049n8V0e2hYRrDjOR5a9cYuq3R41jBPlJxIoVKecWoWjhB07rOk9Gd6cKHge0MrPJ%2BRZr4QoxA6EwbGkoPpRV6GoRr9iCzCur2MnlgCJC8CeuV7y1GZroixz6rcsymGQQf3DY0I%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f299ee3963fe-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:35 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:35 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xvH5d2d4dizu%2Bue%2Bh%2FFoKkAnBAWqd3MHvmGePqkvwIXxCBxlqj9wABYP91av4OdWRvL0NzVP4IkGkZ3JsG6pu7cgpu4Sd477pKGdvkQzlK%2F1qyfoTAw2QhOs1Z1YlSe8ANxfN0w%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2b85fc8948e-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:36 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGJS%2FbyGSLiNQ27Xdf%2BLuN%2FtNDgDRVXyk%2BXWLXJLZZjvZd2PR2B7Mg8wSOj%2FgubcL9i9rrhOZhR07RwbUcIoHUXv8sqpd6x3GBHuFWsS%2FVg9fW9kD%2FezjRiReNIo7dIeYfOsca8%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2bb9e44952c-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    104.26.7.37:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Host: www.hugedomains.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:37 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:37 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2FrVr9YpFhBaTCzImLP2Yx%2FOUzhfhPc8GlgrUd%2FNhATMtssUDznNzaC86D4xPA1sQl95Xk51CDVjdvOPjo02LkI%2Bvy78ObABhAfDWa0m%2FFrJKgpS9n4ctKAWWZ4S9C69mWNG2%2F0%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2c4cc6d63c3-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    2.19.117.18
    a1363.dscg.akamai.net
    IN A
    2.19.117.22
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    2.19.117.18:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
    Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
    ETag: 0x8DCDDD1E3AF2C76
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Fri, 04 Oct 2024 08:55:02 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    2.17.5.133
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    2.17.5.133:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Mon, 03 Jun 2024 21:25:24 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: cyz+t2uRxNE5eKALjGZu1w==
    Last-Modified: Sun, 18 Aug 2024 00:23:49 GMT
    ETag: 0x8DCBF1C07FCB4BF
    x-ms-request-id: f8a60053-701e-000f-593e-f12186000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Fri, 04 Oct 2024 08:55:02 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV3d43708b.0
    ms-cv-esi: CASMicrosoftCV3d43708b.0
    X-RTag: RT
  • 3.140.13.188:80
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean
    http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    2.8kB
    1.5kB
    18
    9

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_62&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean

    HTTP Response

    302
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.2kB
    14.5kB
    15
    19

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.217.169.67:80
    http://c.pki.goog/r/r4.crl
    http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    560 B
    5.0kB
    7
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.1kB
    6.9kB
    10
    13

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.5kB
    14.6kB
    20
    23

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.3kB
    14.4kB
    14
    19

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.1kB
    6.9kB
    10
    12

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.1kB
    11.2kB
    12
    15

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 104.26.7.37:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.1kB
    6.9kB
    11
    13

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 2.19.117.18:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
    1.7kB
    4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 2.17.5.133:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    393 B
    1.7kB
    4
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 8.8.8.8:53
    imp.optimuminstaller.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    70 B
    201 B
    1
    1

    DNS Request

    imp.optimuminstaller.com

    DNS Response

    3.140.13.188
    18.119.154.66

  • 8.8.8.8:53
    www.hugedomains.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    65 B
    113 B
    1
    1

    DNS Request

    www.hugedomains.com

    DNS Response

    104.26.7.37
    172.67.70.191
    104.26.6.37

  • 8.8.8.8:53
    c.pki.goog
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.67

  • 8.8.8.8:53
    install2.optimum-installer.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    76 B
    149 B
    1
    1

    DNS Request

    install2.optimum-installer.com

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
    162 B
    1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    2.19.117.18
    2.19.117.22

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
    230 B
    1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    2.17.5.133

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\truste.jpg

    Filesize

    5KB

    MD5

    1959eb33004d6107d3412e109c37b742

    SHA1

    59c3a787483e7743d5b805cd36726a0bec7e4992

    SHA256

    e60a764cd4d721c9fd261555510c51c668d112a37f2da2f0be1da6dceaa5f8ad

    SHA512

    238724a6b809d371c6ebab6057c61019e48caf7dd3245c6dca77efb5c015703a206472a9b82f778114c8dce3f10dd13fba972644b137020e4e5507053358e68e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.