Analysis

  • max time kernel
    95s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 08:54 UTC

General

  • Target

    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe

  • Size

    576KB

  • MD5

    12aa4a99be0d56cff118505edb815346

  • SHA1

    a3fc6df33b90821231200771af03fd042228218b

  • SHA256

    c9c98f92d4eee2ed2cb55d7410b6e3528c39d08d83cdac92526ca9bd34c1e00f

  • SHA512

    18a03073629d384cdce192cc8a199777c6ab37414ab339713e1f952ae24d9e13dce0edd3e067c6c789ad7e2cf69436f039358e7c6cb6713b51f13b29559709d4

  • SSDEEP

    12288:m4GdCP0FvEgU41cdqUK6Tgmss1sjZ7UqngHK6j1f6P0tB/6p5S:m4Gdtvi41cdqUK6T6s1sjFUqd6jlaYKS

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3768

Network

  • flag-us
    DNS
    imp.optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    imp.optimuminstaller.com
    IN A
    Response
    imp.optimuminstaller.com
    IN CNAME
    traff-1.hugedomains.com
    traff-1.hugedomains.com
    IN CNAME
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    IN A
    54.209.32.212
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    IN A
    52.71.57.184
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:29 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:29 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_31&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_31&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:30 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:30 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
  • flag-us
    DNS
    www.hugedomains.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.hugedomains.com
    IN A
    Response
    www.hugedomains.com
    IN A
    172.67.70.191
    www.hugedomains.com
    IN A
    104.26.7.37
    www.hugedomains.com
    IN A
    104.26.6.37
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:29 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: site_version_phase=108; expires=Mon, 29-Sep-2025 08:54:29 GMT; path=/
    set-cookie: site_version=HDv3; expires=Mon, 29-Sep-2025 08:54:29 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SraUGUBSmDxNmkmeOePFcpdsKuN%2Bd4gakbYxoE%2BqFpXQ%2Bf24AfLHjYiErk3sY4nFDdhzgKzUgJSIMNGtxt0hhdQD2SC0UsfjcZv5R9dtTQM2SDguCWFqRfvArYwBr5RC6NSvr88%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f293acd50666-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    c.pki.goog
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.67
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.217.169.67:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 04 Oct 2024 08:24:08 GMT
    Expires: Fri, 04 Oct 2024 09:14:08 GMT
    Cache-Control: public, max-age=3000
    Age: 1821
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.217.169.67:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 04 Oct 2024 08:24:11 GMT
    Expires: Fri, 04 Oct 2024 09:14:11 GMT
    Cache-Control: public, max-age=3000
    Age: 1818
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    212.32.209.54.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.32.209.54.in-addr.arpa
    IN PTR
    Response
    212.32.209.54.in-addr.arpa
    IN PTR
    ec2-54-209-32-212 compute-1 amazonawscom
  • flag-us
    DNS
    191.70.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    191.70.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.169.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.169.217.172.in-addr.arpa
    IN PTR
    Response
    67.169.217.172.in-addr.arpa
    IN PTR
    lhr48s09-in-f31e100net
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:30 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:30 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxzojChAMGzA80feIg1b1kRkdl3xS3IhrlE4cRVtM%2FdE3fd0%2F5WcxFe6raxLiQk9BfrjwkdunokAxKXQ%2BBsqFjfU%2BdOnB%2FFF98OfHv09WCLyd0nQv2%2F8blFFeQoA%2BCqbYpJsCmo%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f296680c732d-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    install2.optimum-installer.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    install2.optimum-installer.com
    IN A
    Response
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:30 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:30 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2BJYfadLAMHd%2FWGKo6R4KQRfRC30mwP1x0mMWJQfxQi1YItSVVd%2Bd74xYclMAzPh8qqmn9D6Vna4dvfF9wYKqTZzgCNT7IH8q0v0nPkic5h6PnA4fZ8lUnBgNehAZc9nIdnd7Ls%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f29958736341-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:31 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:30 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oNXk8I4SC%2BYexhEI%2FqUBxDmG7B8kd7kI8RVMkspXI5PIO6ZCzcal3TB4xnLesp9xj5a4cJ%2B8FcuEFBC2j5cXjCGXvZlwZsJKLq%2BISHF4Lk9Ri61k4%2BLFyoxzwdo%2FSfnzILHPzCk%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f29b4f89bea2-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:35 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:35 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    54.209.32.212:80
    Request
    GET /impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: imp.optimuminstaller.com
    Response
    HTTP/1.1 302 Found
    content-length: 0
    date: Fri, 04 Oct 2024 08:54:36 GMT
    location: https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:36 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kq8onLVSbGH5TAYWaoMpJuPmJfarNUK%2B5FNQ7PTK0UQaUWSsXeJJqAgIw%2BCzGiylC0T783fw%2BuN%2BP0wc69IamfRfmsz9Cqi5n8JYeHdjPPYhUWSvz1OCdEmVmctSN1cPnpOlhrM%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2bbef0d7332-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:36 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    set-cookie: captcha-tracker=; expires=Thu, 03-Oct-2024 08:54:36 GMT; path=/
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=52yNbUE5NagPrB69YHn7LITj8joHoP5ulNLM2dXpIsMQROXGR%2BJ6%2BvN%2FwN32nWJ3mLoxanIqEiqwgBrCTIoBtw%2BiMzy2dHBHjolkSjWtZpIzceCessQ3Iz1EI0brjexmA3FgkkU%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2be8e6e6377-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    install2.optimum-installer.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    install2.optimum-installer.com
    IN A
    Response
  • flag-us
    GET
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    Remote address:
    172.67.70.191:443
    Request
    GET /domain_profile.cfm?d=optimuminstaller.com HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: |Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: www.hugedomains.com
    Connection: Keep-Alive
    Cookie: site_version_phase=108; site_version=HDv3
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 08:54:38 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: private
    vary: Accept-Encoding
    x-powered-by: ASP.NET
    lb: TclPrdLbHd3
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14G%2F88tyLZKJn2ysKJ%2BSfHjVUKx%2FHYUQSSWwjQ2RlEMmK641ADuQ2IhPybpo5wCjBeTXYVHb3X7z%2FxNG6dngVGkNwTsrC%2BTnGEJ%2BYlsMYKMTM5xKjssHud9BbjZ%2FxLznEv6tftY%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd3f2c70ad748ca-LHR
    Content-Encoding: gzip
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 54.209.32.212:80
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean
    http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    2.1kB
    1.0kB
    13
    9

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_run&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dpi_1&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=json_installer_initialize_31&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=install_bad_config&spsource=&referrer=0|http://install2.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-10-23T15:29:08.1685164Z&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.5kB
    14.6kB
    22
    18

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.217.169.67:80
    http://c.pki.goog/r/r4.crl
    http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    556 B
    3.8kB
    7
    5

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.4kB
    3.8kB
    14
    10

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.4kB
    3.8kB
    14
    10

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.4kB
    3.8kB
    14
    10

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 54.209.32.212:80
    http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean
    http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.3kB
    689 B
    10
    5

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=dotnet_version_4.0&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=offer_0_accepted_&spsource=&offer_id=clean

    HTTP Response

    302

    HTTP Request

    GET http://imp.optimuminstaller.com/impression.do/?user_id=cc67164f-071a-42c1-8ea5-135a2cbc19f8&event=setup_complete&spsource=&offer_id=clean

    HTTP Response

    302
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.8kB
    11.4kB
    24
    20

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.3kB
    3.7kB
    13
    9

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 172.67.70.191:443
    https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com
    tls, http
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    1.7kB
    11.3kB
    21
    17

    HTTP Request

    GET https://www.hugedomains.com/domain_profile.cfm?d=optimuminstaller.com

    HTTP Response

    200
  • 8.8.8.8:53
    imp.optimuminstaller.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    70 B
    200 B
    1
    1

    DNS Request

    imp.optimuminstaller.com

    DNS Response

    54.209.32.212
    52.71.57.184

  • 8.8.8.8:53
    www.hugedomains.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    65 B
    113 B
    1
    1

    DNS Request

    www.hugedomains.com

    DNS Response

    172.67.70.191
    104.26.7.37
    104.26.6.37

  • 8.8.8.8:53
    c.pki.goog
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.67

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    212.32.209.54.in-addr.arpa
    dns
    72 B
    127 B
    1
    1

    DNS Request

    212.32.209.54.in-addr.arpa

  • 8.8.8.8:53
    191.70.67.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    191.70.67.172.in-addr.arpa

  • 8.8.8.8:53
    67.169.217.172.in-addr.arpa
    dns
    73 B
    111 B
    1
    1

    DNS Request

    67.169.217.172.in-addr.arpa

  • 8.8.8.8:53
    install2.optimum-installer.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    76 B
    149 B
    1
    1

    DNS Request

    install2.optimum-installer.com

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    install2.optimum-installer.com
    dns
    12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
    76 B
    149 B
    1
    1

    DNS Request

    install2.optimum-installer.com

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    146 B
    147 B
    2
    1

    DNS Request

    104.219.191.52.in-addr.arpa

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\truste.jpg

    Filesize

    5KB

    MD5

    1959eb33004d6107d3412e109c37b742

    SHA1

    59c3a787483e7743d5b805cd36726a0bec7e4992

    SHA256

    e60a764cd4d721c9fd261555510c51c668d112a37f2da2f0be1da6dceaa5f8ad

    SHA512

    238724a6b809d371c6ebab6057c61019e48caf7dd3245c6dca77efb5c015703a206472a9b82f778114c8dce3f10dd13fba972644b137020e4e5507053358e68e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.