1613d0c101f86407286c1bd4d47ec4b6d24dc959909d50dd7b8b27899a561a91

Analysis

max time kernel
141s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 07:28 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
Size

517KB
MD5

467d97d3ec6ba4829178366b161ce3fe
SHA1

c6838b7536d2245bb27ae633c71599c1535b143e
SHA256

1613d0c101f86407286c1bd4d47ec4b6d24dc959909d50dd7b8b27899a561a91
SHA512

121ed32334180356b376f5276a1082f2f870799e6daf7db436f5fb5d56b18765f784b69d0a3ebcd0cc9d89c299366fcaafa902a37f9128cf593c2aa5e1243d45
SSDEEP

12288:WuoEjlj6rHTNlf6O2dHfd1ngE9o9mUcqM:WjExerRVTm1gJU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1900	Launcher.exe
5064	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0008000000023bd0-36.dat	nsis_installer_1
behavioral2/files/0x0008000000023bd0-36.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
5064	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5064	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
5064	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1900	1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe	88
PID 1060 wrote to memory of 1900	1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe	88
PID 1060 wrote to memory of 1900	1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe	88
PID 1060 wrote to memory of 5064	1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe	90
PID 1060 wrote to memory of 5064	1060	467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\Launcher.exe
  C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\Launcher.exe /in="e467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe" /out="467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe" /psw="f52ae3cc3cc945dcb051cd6d4f381238" /typ=dec
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1900
- C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe /path="C:\Users\Admin\AppData\Local\Temp\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5064

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

api.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.madodls.com

IN A

Response
DNS

api.v2.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure1.com

IN A

Response

api.v2.sslsecure1.com

IN A

193.166.255.171
DNS

api.v2.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure1.com

IN A
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

api.v2.sslsecure2.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure2.com

IN A

Response
DNS

api.v2.sslsecure3.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure3.com

IN A

Response
DNS

api.v2.sslsecure4.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure4.com

IN A

Response
DNS

api.v2.sslsecure4.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure4.com

IN A
DNS

api.v2.sslsecure5.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure5.com

IN A

Response
DNS

api.v2.sslsecure6.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure6.com

IN A

Response
DNS

api.v2.sslsecure7.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure7.com

IN A

Response
DNS

api.v2.sslsecure8.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure8.com

IN A

Response
DNS

api.v2.sslsecure9.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure9.com

IN A

Response
DNS

api.v2.sslsecure10.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.sslsecure10.com

IN A

Response
DNS

staticrr.paleokits.net

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.paleokits.net

IN A

Response
DNS

staticrr.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure1.com

IN A

Response

staticrr.sslsecure1.com

IN A

193.166.255.171
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

staticrr.sslsecure2.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure2.com

IN A

Response
DNS

staticrr.sslsecure3.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure3.com

IN A

Response
DNS

staticrr.sslsecure4.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure4.com

IN A

Response
DNS

staticrr.sslsecure5.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure5.com

IN A

Response
DNS

staticrr.sslsecure6.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure6.com

IN A

Response
DNS

staticrr.sslsecure7.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure7.com

IN A

Response
DNS

staticrr.sslsecure8.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure8.com

IN A

Response
DNS

staticrr.sslsecure9.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure9.com

IN A

Response
DNS

staticrr.sslsecure10.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

staticrr.sslsecure10.com

IN A

Response
DNS

track.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.madodls.com

IN A

Response
DNS

track.v2.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure1.com

IN A

Response

track.v2.sslsecure1.com

IN A

193.166.255.171
DNS

98.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.209.201.84.in-addr.arpa

IN PTR

Response
DNS

98.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.209.201.84.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

track.v2.sslsecure2.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure2.com

IN A

Response
DNS

track.v2.sslsecure2.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure2.com

IN A

Response
DNS

track.v2.sslsecure3.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure3.com

IN A

Response
DNS

track.v2.sslsecure3.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure3.com

IN A

Response
DNS

track.v2.sslsecure4.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure4.com

IN A

Response
DNS

track.v2.sslsecure4.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure4.com

IN A

Response
DNS

track.v2.sslsecure5.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure5.com

IN A

Response
DNS

track.v2.sslsecure5.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure5.com

IN A

Response
DNS

track.v2.sslsecure6.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure6.com

IN A

Response
DNS

track.v2.sslsecure6.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure6.com

IN A

Response
DNS

track.v2.sslsecure7.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure7.com

IN A

Response
DNS

track.v2.sslsecure7.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure7.com

IN A

Response
DNS

track.v2.sslsecure8.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure8.com

IN A

Response
DNS

track.v2.sslsecure8.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure8.com

IN A

Response
DNS

track.v2.sslsecure9.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure9.com

IN A

Response
DNS

track.v2.sslsecure9.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure9.com

IN A

Response
DNS

track.v2.sslsecure10.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure10.com

IN A

Response
DNS

track.v2.sslsecure10.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.sslsecure10.com

IN A

Response
DNS

api.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.madodls.com

IN A

Response
DNS

api.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

api.v2.madodls.com

IN A

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

dtrack.secdls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

dtrack.secdls.com

IN A

Response
DNS

track.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.madodls.com

IN A

Response
DNS

track.v2.madodls.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

track.v2.madodls.com

IN A

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 702880
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 40B7FCC92A9042E183FAD3F45B2DB40B Ref B: LON601060106031 Ref C: 2024-10-15T07:29:56Z
date: Tue, 15 Oct 2024 07:29:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388099_161004OUH0NF85BHB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388099_161004OUH0NF85BHB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 707951
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 878874E61E894B6E92EA687AE995094F Ref B: LON601060106031 Ref C: 2024-10-15T07:29:56Z
date: Tue, 15 Oct 2024 07:29:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 401499
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B2D08BC47ED74AE596F3EF2978251E43 Ref B: LON601060106031 Ref C: 2024-10-15T07:29:56Z
date: Tue, 15 Oct 2024 07:29:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 585223
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C0E4F6A7F614614842DE3741C65F80A Ref B: LON601060106031 Ref C: 2024-10-15T07:29:56Z
date: Tue, 15 Oct 2024 07:29:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 582432
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E86521874AAA434AA64F5D350BB82D04 Ref B: LON601060106031 Ref C: 2024-10-15T07:29:56Z
date: Tue, 15 Oct 2024 07:29:56 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 588459
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DB62D22415B49F985BA6921813B02A2 Ref B: LON601060106031 Ref C: 2024-10-15T07:29:57Z
date: Tue, 15 Oct 2024 07:29:56 GMT
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response

193.166.255.171:80

api.v2.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

260 B
5
193.166.255.171:80

staticrr.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

260 B
5
193.166.255.171:80

track.v2.sslsecure1.com

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

260 B
5
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

128.2kB
3.7MB
2688
2684

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388099_161004OUH0NF85BHB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

dtrack.secdls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

63 B
136 B
1
1

DNS Request

dtrack.secdls.com
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

api.v2.madodls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

64 B
137 B
1
1

DNS Request

api.v2.madodls.com
8.8.8.8:53

api.v2.sslsecure1.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

134 B
83 B
2
1

DNS Request

api.v2.sslsecure1.com

DNS Request

api.v2.sslsecure1.com

DNS Response

193.166.255.171
8.8.8.8:53

dtrack.secdls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

63 B
136 B
1
1

DNS Request

dtrack.secdls.com
8.8.8.8:53

api.v2.sslsecure2.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure2.com
8.8.8.8:53

api.v2.sslsecure3.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure3.com
8.8.8.8:53

api.v2.sslsecure4.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

134 B
140 B
2
1

DNS Request

api.v2.sslsecure4.com

DNS Request

api.v2.sslsecure4.com
8.8.8.8:53

api.v2.sslsecure5.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure5.com
8.8.8.8:53

api.v2.sslsecure6.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure6.com
8.8.8.8:53

api.v2.sslsecure7.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure7.com
8.8.8.8:53

api.v2.sslsecure8.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure8.com
8.8.8.8:53

api.v2.sslsecure9.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

67 B
140 B
1
1

DNS Request

api.v2.sslsecure9.com
8.8.8.8:53

api.v2.sslsecure10.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

68 B
141 B
1
1

DNS Request

api.v2.sslsecure10.com
8.8.8.8:53

staticrr.paleokits.net

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

68 B
141 B
1
1

DNS Request

staticrr.paleokits.net
8.8.8.8:53

staticrr.sslsecure1.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
85 B
1
1

DNS Request

staticrr.sslsecure1.com

DNS Response

193.166.255.171
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

dtrack.secdls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

63 B
136 B
1
1

DNS Request

dtrack.secdls.com
8.8.8.8:53

staticrr.sslsecure2.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure2.com
8.8.8.8:53

staticrr.sslsecure3.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure3.com
8.8.8.8:53

staticrr.sslsecure4.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure4.com
8.8.8.8:53

staticrr.sslsecure5.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure5.com
8.8.8.8:53

staticrr.sslsecure6.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure6.com
8.8.8.8:53

staticrr.sslsecure7.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure7.com
8.8.8.8:53

staticrr.sslsecure8.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure8.com
8.8.8.8:53

staticrr.sslsecure9.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
142 B
1
1

DNS Request

staticrr.sslsecure9.com
8.8.8.8:53

staticrr.sslsecure10.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

70 B
143 B
1
1

DNS Request

staticrr.sslsecure10.com
8.8.8.8:53

track.v2.madodls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

66 B
139 B
1
1

DNS Request

track.v2.madodls.com
8.8.8.8:53

track.v2.sslsecure1.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

69 B
85 B
1
1

DNS Request

track.v2.sslsecure1.com

DNS Response

193.166.255.171
8.8.8.8:53

98.209.201.84.in-addr.arpa

dns

144 B
264 B
2
2

DNS Request

98.209.201.84.in-addr.arpa

DNS Request

98.209.201.84.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

dtrack.secdls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

126 B
272 B
2
2

DNS Request

dtrack.secdls.com

DNS Request

dtrack.secdls.com
8.8.8.8:53

track.v2.sslsecure2.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure2.com

DNS Request

track.v2.sslsecure2.com
8.8.8.8:53

track.v2.sslsecure3.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure3.com

DNS Request

track.v2.sslsecure3.com
8.8.8.8:53

track.v2.sslsecure4.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure4.com

DNS Request

track.v2.sslsecure4.com
8.8.8.8:53

track.v2.sslsecure5.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure5.com

DNS Request

track.v2.sslsecure5.com
8.8.8.8:53

track.v2.sslsecure6.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure6.com

DNS Request

track.v2.sslsecure6.com
8.8.8.8:53

track.v2.sslsecure7.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure7.com

DNS Request

track.v2.sslsecure7.com
8.8.8.8:53

track.v2.sslsecure8.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure8.com

DNS Request

track.v2.sslsecure8.com
8.8.8.8:53

track.v2.sslsecure9.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

138 B
284 B
2
2

DNS Request

track.v2.sslsecure9.com

DNS Request

track.v2.sslsecure9.com
8.8.8.8:53

track.v2.sslsecure10.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

140 B
286 B
2
2

DNS Request

track.v2.sslsecure10.com

DNS Request

track.v2.sslsecure10.com
8.8.8.8:53

api.v2.madodls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

128 B
274 B
2
2

DNS Request

api.v2.madodls.com

DNS Request

api.v2.madodls.com
8.8.8.8:53

dtrack.secdls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

126 B
272 B
2
2

DNS Request

dtrack.secdls.com

DNS Request

dtrack.secdls.com
8.8.8.8:53

track.v2.madodls.com

dns

467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

132 B
278 B
2
2

DNS Request

track.v2.madodls.com

DNS Request

track.v2.madodls.com
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

29.243.111.52.in-addr.arpa

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
340 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

66.112.168.52.in-addr.arpa

dns

144 B
292 B
2
2

DNS Request

66.112.168.52.in-addr.arpa

DNS Request

66.112.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Filesize
387KB

MD5
09cbf630383f8167f6e1ca2d47a9bb8f

SHA1
14668af37c543af239f837b732d2f6d0f106ddc9

SHA256
e428909745311f6a6d35524be5bd02dc3ab84031e2fb2831d46cc184235f9df8

SHA512
b51191c65deec04e760d33452d629aa64378affec1b69f748ed8182a8748d11551817648485b2d4118dd1c05e1e2c32fa864c0d5f5f7f8946fc5fbe0a2841bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe.config

Filesize
690B

MD5
bca0ea75b6940aa86960d7b9098a5998

SHA1
3d57f82158ac72c7eb2e72ba19a80485d8103130

SHA256
5a494295936d2170433864b449257bbac7b976413811a0b6339e37f83a891f8d

SHA512
260a05c509d874239a27798421ee75ac7e2bbc0d2a0485122740e8b8adcd8f43f98f7633cef278d9f7f4a132633b4b1cdf4b641e2233e891dce2d6eb6e75c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\Launcher.exe

Filesize
105KB

MD5
eb689fb1a8fd87e93209cf3038404d68

SHA1
d00a4189642b4ae4d97f797c8fdf7dd35875a8b7

SHA256
b8e99c41b345cbb1c61d851a91fcefb209fb83c9a88354ec26545a4f17e6d3f2

SHA512
fa1e0c29d82d4804f1f79de5c464cf8091dac0f1e6563d75eef6537f82c76884746dc4a5419a9a3f51bc1d5283d1867485b5e4e9d52fe0d621f74994937f8a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\Launcher.exe.config

Filesize
340B

MD5
91629f6b28cbe2b52bb86cb5af3bdbca

SHA1
35fb57ac58c9eb0668f5832a588d9f81e040568b

SHA256
589c122996fadc118731c6f983c5d3b498c4b4b59700ea548f4cfb79e4eaaeeb

SHA512
f08382296696173784841a163c73c19e7bd674a08a053c0434d55696f45039721925e5d829e4bbbf71b07385d1b88c5ea241b8247eb0d81bf381205977bd14c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\e467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe

Filesize
387KB

MD5
bb69c224def7911412485974e0c5c976

SHA1
64eb730064ab2f342df48f5932811c9346e68c66

SHA256
8335c63a8b4c2db5fa3251176278d611cfa95d20c7b482819d7cfe767453a033

SHA512
3b2aca4bf1ca0b9254145c6e7942fde5bcc748a54335fe05100dda4e7d74db7d997d2199a166174cd92b121ed3a8308aafa854f684611e1bc7a5cba254cb3abd

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\467d97d3ec6ba4829178366b161ce3fe_JaffaCakes118.exe\s4o1WKStZmeQrj2\installer.exe

Filesize
517KB

MD5
467d97d3ec6ba4829178366b161ce3fe

SHA1
c6838b7536d2245bb27ae633c71599c1535b143e

SHA256
1613d0c101f86407286c1bd4d47ec4b6d24dc959909d50dd7b8b27899a561a91

SHA512
121ed32334180356b376f5276a1082f2f870799e6daf7db436f5fb5d56b18765f784b69d0a3ebcd0cc9d89c299366fcaafa902a37f9128cf593c2aa5e1243d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstC18D.tmp\pwgen.dll

Filesize
16KB

MD5
a555472395178ac8c733d90928e05017

SHA1
f44b192d66473f01a6540aaec4b6c9ac4c611d35

SHA256
82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

SHA512
e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

Download Submit
memory/1900-15-0x0000000073182000-0x0000000073183000-memory.dmp

Filesize
4KB

Download
memory/1900-16-0x0000000073180000-0x0000000073731000-memory.dmp

Filesize
5.7MB

Download
memory/1900-17-0x0000000073180000-0x0000000073731000-memory.dmp

Filesize
5.7MB

Download
memory/1900-21-0x0000000073180000-0x0000000073731000-memory.dmp

Filesize
5.7MB

Download
memory/5064-29-0x00007FFA36325000-0x00007FFA36326000-memory.dmp

Filesize
4KB

Download
memory/5064-31-0x00007FFA36070000-0x00007FFA36A11000-memory.dmp

Filesize
9.6MB

Download
memory/5064-32-0x00000000016B0000-0x00000000016BE000-memory.dmp

Filesize
56KB

Download
memory/5064-33-0x000000001C410000-0x000000001C8DE000-memory.dmp

Filesize
4.8MB

Download
memory/5064-34-0x000000001C0E0000-0x000000001C17C000-memory.dmp

Filesize
624KB

Download
memory/5064-35-0x00000000016E0000-0x00000000016E8000-memory.dmp

Filesize
32KB

Download
memory/5064-30-0x00007FFA36070000-0x00007FFA36A11000-memory.dmp

Filesize
9.6MB

Download
memory/5064-38-0x000000001E3D0000-0x000000001E432000-memory.dmp

Filesize
392KB

Download
memory/5064-40-0x00007FFA36325000-0x00007FFA36326000-memory.dmp

Filesize
4KB

Download
memory/5064-41-0x00007FFA36070000-0x00007FFA36A11000-memory.dmp

Filesize
9.6MB

Download
memory/5064-42-0x00007FFA36070000-0x00007FFA36A11000-memory.dmp

Filesize
9.6MB

Download
memory/5064-49-0x00007FFA36070000-0x00007FFA36A11000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request