Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

8e0ab24cc5...18.exe

windows7-x64

10

8e0ab24cc5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2024, 23:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe

  • Size

    713KB

  • MD5

    8e0ab24cc57b4e79508530cc67d25760

  • SHA1

    130f6ea476483729c4b498c0145a0f5dac52d0ef

  • SHA256

    b87d9fe46b6fd58afe41a2e8919907e1a94f5439e89aba6dfa9b27c890cfaaec

  • SHA512

    290dca4dc943b6ad0aa0a74af0574dd11de9d757749b0593782dff48321f557ea866de7436e35cd7e5078a3cf6d24daddedad54113a096b5c6eb925f3ad2d789

  • SSDEEP

    12288:Mk+CItZfMhWTkyQzU+4dt6iNr9cBVX6nLFYn85Sd4dsgiXi5dQgWiE/M:Mk6Ghz9UJt/NrGBUnLT5ddsgwi7qiEE

Score
10/10
webmonitorbackdoordiscoveryinfostealerratupx

Malware Config

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor
  • WebMonitor payload 8 IoCs
  • Webmonitor family
    webmonitor
  • Unexpected DNS network traffic destination 14 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3776

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    160.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    160.144.22.2.in-addr.arpa
    IN PTR
    Response
    160.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-160deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    sdns.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    sdns.se
    IN A
    Response
    sdns.se
    IN A
    185.141.152.26
  • flag-us
    DNS
    ntp.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ntp.se
    IN A
    Response
    ntp.se
    IN A
    194.58.200.20
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-us
    DNS
    20.200.58.194.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.200.58.194.in-addr.arpa
    IN PTR
    Response
    20.200.58.194.in-addr.arpa
    IN PTR
    ntpnetnodse
  • flag-us
    DNS
    26.152.141.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.152.141.185.in-addr.arpa
    IN PTR
    Response
    26.152.141.185.in-addr.arpa
    IN PTR
    enonode enovationse
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-se
    DNS
    c4901363eeb39d241ffda044e46a8113.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    c4901363eeb39d241ffda044e46a8113.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-us
    DNS
    8.4.2.1.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.4.2.1.in-addr.arpa
    IN PTR
    Response
    8.4.2.1.in-addr.arpa
    IN PTR
    public1sdnscn
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    114.114.114.114:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
    Response
  • flag-cn
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    114.114.114.114:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
    Response
  • flag-us
    DNS
    114.114.114.114.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.114.114.114.in-addr.arpa
    IN PTR
    Response
    114.114.114.114.in-addr.arpa
    IN PTR
    public1114dnscom
  • flag-us
    DNS
    pandah.wm01.to
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    pandah.wm01.to
    IN A
    Response
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 298506
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3A5F75A7A0354CAF914D0655EDACDFC4 Ref B: LON601060102042 Ref C: 2024-11-04T00:58:57Z
    date: Mon, 04 Nov 2024 00:58:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 492694
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C786099E55F249E2A8D549F4F2A70887 Ref B: LON601060102042 Ref C: 2024-11-04T00:58:57Z
    date: Mon, 04 Nov 2024 00:58:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 374381
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5EEEC7F796524F7B9CC4E559FB649048 Ref B: LON601060102042 Ref C: 2024-11-04T00:58:57Z
    date: Mon, 04 Nov 2024 00:58:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 312790
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1778A29CD6374CE2B3CEAB1C000C0C26 Ref B: LON601060102042 Ref C: 2024-11-04T00:58:57Z
    date: Mon, 04 Nov 2024 00:58:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 730683
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B19F136315D54E78B5165E84F9B94C26 Ref B: LON601060102042 Ref C: 2024-11-04T00:58:57Z
    date: Mon, 04 Nov 2024 00:58:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-se
    DNS
    904967842fceae89f9f032557c5d3ec1.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    904967842fceae89f9f032557c5d3ec1.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    1.2.4.8:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    114.114.114.114:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
    Response
  • flag-cn
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    114.114.114.114:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
    Response
  • flag-us
    DNS
    pandah.wm01.to
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    pandah.wm01.to
    IN A
    Response
  • flag-se
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-se
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-se
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • flag-se
    DNS
    e6df05f91e6fe5038101eedf0af6e309.se
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    Remote address:
    185.141.152.26:53
    Request
    e6df05f91e6fe5038101eedf0af6e309.se
    IN A
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    84.5kB
     2.1MB
     1530
    1517

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    136.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    136.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    160.144.22.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    160.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    53 B
     69 B
     1
    1

    DNS Request

    sdns.se

    DNS Response

    185.141.152.26

  • 8.8.8.8:53
    ntp.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    52 B
     68 B
     1
    1

    DNS Request

    ntp.se

    DNS Response

    194.58.200.20

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

  • 8.8.8.8:53
    20.200.58.194.in-addr.arpa
    dns
    72 B
     99 B
     1
    1

    DNS Request

    20.200.58.194.in-addr.arpa

  • 8.8.8.8:53
    26.152.141.185.in-addr.arpa
    dns
    73 B
     107 B
     1
    1

    DNS Request

    26.152.141.185.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

    DNS Request

    c4901363eeb39d241ffda044e46a8113.se

  • 1.2.4.8:53
    904967842fceae89f9f032557c5d3ec1.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 8.8.8.8:53
    8.4.2.1.in-addr.arpa
    dns
    66 B
     95 B
     1
    1

    DNS Request

    8.4.2.1.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 1.2.4.8:53
    904967842fceae89f9f032557c5d3ec1.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 114.114.114.114:53
    904967842fceae89f9f032557c5d3ec1.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    81 B
     159 B
     1
    1

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 114.114.114.114:53
    904967842fceae89f9f032557c5d3ec1.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    81 B
     159 B
     1
    1

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 8.8.8.8:53
    114.114.114.114.in-addr.arpa
    dns
    74 B
     106 B
     1
    1

    DNS Request

    114.114.114.114.in-addr.arpa

  • 8.8.8.8:53
    pandah.wm01.to
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    60 B
     113 B
     1
    1

    DNS Request

    pandah.wm01.to

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

    DNS Request

    904967842fceae89f9f032557c5d3ec1.se

  • 1.2.4.8:53
    e6df05f91e6fe5038101eedf0af6e309.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

  • 1.2.4.8:53
    e6df05f91e6fe5038101eedf0af6e309.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    405 B
     5

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

  • 114.114.114.114:53
    e6df05f91e6fe5038101eedf0af6e309.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    81 B
     159 B
     1
    1

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

  • 114.114.114.114:53
    e6df05f91e6fe5038101eedf0af6e309.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    81 B
     159 B
     1
    1

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

  • 8.8.8.8:53
    pandah.wm01.to
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    60 B
     113 B
     1
    1

    DNS Request

    pandah.wm01.to

  • 185.141.152.26:53
    sdns.se
    dns
    8e0ab24cc57b4e79508530cc67d25760_JaffaCakes118.exe
    324 B
     4

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

    DNS Request

    e6df05f91e6fe5038101eedf0af6e309.se

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3776-0-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-1-0x0000000002B00000-0x0000000003B00000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3776-2-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-4-0x0000000002B00000-0x0000000003B00000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3776-6-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-7-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-9-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-10-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-12-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-15-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3776-17-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.