Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

5

180eff65d4...18.exe

windows7-x64

6

180eff65d4...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 12:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe

  • Size

    139KB

  • MD5

    180eff65d4a9128a37b8e29a608807ac

  • SHA1

    1d651e2d0ccdbf4368cc8f7d931d36cca3528e7a

  • SHA256

    9adde6c083f3f4e47703d3d000b6cf8a4f8fdeaab27b7281ba7f6ee38340dafd

  • SHA512

    71b3cdca055ffebc36c08ea0c21b5897b1a85cd89ace75da58efed114c6e48536adaf03a46e1dfa0de92203ee55b279be308054141e08fbbdc93bdd845264ae0

  • SSDEEP

    3072:Ye8jMCjM/keGyMYaKW6Y307R116ouVecMdlT0/m:YftIPaN33GP16oBxt

Score
6/10
discoverypersistenceupx

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5088

Network

  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    amlocalhost.macrovision.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    amlocalhost.macrovision.com
    IN A
    Response
    amlocalhost.macrovision.com
    IN A
    74.217.74.235
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    101.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • flag-us
    DNS
    d.trymedia.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
  • 74.217.74.235:80
    amlocalhost.macrovision.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    208 B
     4
  • 74.217.74.235:80
    amlocalhost.macrovision.com
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    208 B
     4
  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    amlocalhost.macrovision.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    73 B
     89 B
     1
    1

    DNS Request

    amlocalhost.macrovision.com

    DNS Response

    74.217.74.235

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    101.209.201.84.in-addr.arpa
    dns
    73 B
     133 B
     1
    1

    DNS Request

    101.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    120 B
     238 B
     2
    2

    DNS Request

    d.trymedia.com

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    120 B
     238 B
     2
    2

    DNS Request

    d.trymedia.com

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    120 B
     238 B
     2
    2

    DNS Request

    d.trymedia.com

    DNS Request

    d.trymedia.com

  • 8.8.8.8:53
    d.trymedia.com
    dns
    180eff65d4a9128a37b8e29a608807ac_JaffaCakes118.exe
    120 B
     238 B
     2
    2

    DNS Request

    d.trymedia.com

    DNS Request

    d.trymedia.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5088-2-0x0000000000A70000-0x0000000000A71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5088-16-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/5088-17-0x0000000000A70000-0x0000000000A71000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.