Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ee2aa61156...18.exe

windows7-x64

10

ee2aa61156...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/12/2024, 09:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    ee2aa61156752adf4c1e8307503cf843

  • SHA1

    baaffcb1edb02f8ca7a7bea62a8323a4d7f4abf4

  • SHA256

    8f16e5d2e24631d1e1de8006debd527332b55eff219b9b1e37033588a318ada8

  • SHA512

    bdd94e4873dfb0c21ffead46f575c7605e0ae6b957649ce6067c08b3966bed8e57821b39bab01c7e02456ca2f8554a6492476b663e333a1498edfd06cbafc70e

  • SSDEEP

    768:YNqQ07c92/EyTAYtxqfGNC0klI7C8ycYlI5P194jp4Yc:687wc1aGNC0klI7CPpIFa6h

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 3 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:744

Network

  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
    Response
    24.139.73.23.in-addr.arpa
    IN PTR
    a23-73-139-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    182.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    resources.jar
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    resources.jar
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN MX
    Response
    cs.stanford.edu
    IN MX
    smtp2�
    cs.stanford.edu
    IN MX
    cs.stanford.edu
    IN MX
    smtp1�
  • flag-us
    DNS
    smtp2.cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp2.cs.stanford.edu
    IN A
    Response
    smtp2.cs.stanford.edu
    IN A
    171.64.64.26
  • flag-us
    DNS
    outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN MX
    Response
    outlook.com
    IN MX
     outlook-comolc protection�
  • flag-us
    DNS
    outlook-com.olc.protection.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook-com.olc.protection.outlook.com
    IN A
    Response
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.68.11
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.10.3
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.68.24
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.10.9
  • flag-us
    DNS
    nocorp.me
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    nocorp.me
    IN MX
    Response
    nocorp.me
    IN MX
    in2-smtpmessagingenginecom
    nocorp.me
    IN MX
    in1-smtp�2
  • flag-us
    DNS
    in2-smtp.messagingengine.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    in2-smtp.messagingengine.com
    IN A
    Response
    in2-smtp.messagingengine.com
    IN A
    202.12.124.216
    in2-smtp.messagingengine.com
    IN A
    202.12.124.217
  • flag-us
    DNS
    alumni.caltech.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.40.4
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.194.13
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.9.2
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.194.3
  • flag-us
    DNS
    gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN A
    Response
    cs.stanford.edu
    IN A
    171.64.64.64
  • flag-us
    DNS
    outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN A
    Response
    outlook.com
    IN A
    52.96.223.2
    outlook.com
    IN A
    52.96.214.50
    outlook.com
    IN A
    52.96.91.34
    outlook.com
    IN A
    52.96.172.98
    outlook.com
    IN A
    52.96.228.130
    outlook.com
    IN A
    52.96.222.194
    outlook.com
    IN A
    52.96.111.82
    outlook.com
    IN A
    52.96.222.226
    outlook.com
    IN A
    52.96.229.242
  • flag-us
    DNS
    in1-smtp.messagingengine.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    in1-smtp.messagingengine.com
    IN A
    Response
    in1-smtp.messagingengine.com
    IN A
    103.168.172.222
    in1-smtp.messagingengine.com
    IN A
    103.168.172.217
    in1-smtp.messagingengine.com
    IN A
    103.168.172.223
    in1-smtp.messagingengine.com
    IN A
    103.168.172.221
    in1-smtp.messagingengine.com
    IN A
    103.168.172.218
    in1-smtp.messagingengine.com
    IN A
    103.168.172.216
    in1-smtp.messagingengine.com
    IN A
    103.168.172.220
    in1-smtp.messagingengine.com
    IN A
    103.168.172.219
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    alumni.caltech.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    204.13.239.180
  • flag-us
    DNS
    smtp1.cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp1.cs.stanford.edu
    IN A
    Response
    smtp1.cs.stanford.edu
    IN A
    171.64.64.25
  • flag-us
    DNS
    mx.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.outlook.com
    IN A
    Response
  • flag-us
    DNS
    nocorp.me
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    nocorp.me
    IN A
    Response
  • flag-us
    DNS
    mail.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.outlook.com
    IN A
    Response
  • flag-us
    DNS
    mx.nocorp.me
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    smtp.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.outlook.com
    IN A
    Response
    smtp.outlook.com
    IN CNAME
    outlook.office365.com
    outlook.office365.com
    IN CNAME
    ooc-g2.tm-4.office.com
    ooc-g2.tm-4.office.com
    IN A
    52.98.224.130
    ooc-g2.tm-4.office.com
    IN A
    40.99.201.130
    ooc-g2.tm-4.office.com
    IN A
    52.97.211.194
    ooc-g2.tm-4.office.com
    IN A
    40.99.218.82
    ooc-g2.tm-4.office.com
    IN A
    52.97.202.98
    ooc-g2.tm-4.office.com
    IN A
    52.97.211.162
    ooc-g2.tm-4.office.com
    IN A
    40.99.213.66
    ooc-g2.tm-4.office.com
    IN A
    40.99.202.98
  • flag-us
    DNS
    mail.nocorp.me
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    smtp.nocorp.me
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    mx.gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.gzip.org
    IN A
    Response
  • flag-us
    DNS
    mail.gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.gzip.org
    IN A
    Response
    mail.gzip.org
    IN CNAME
    gzip.org
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    mail.gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.gzip.org
    IN A
    Response
    mail.gzip.org
    IN CNAME
    gzip.org
    gzip.org
    IN A
    85.187.148.2
  • 10.16.105.68:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 10.35.18.135:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 10.16.121.76:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 172.16.51.206:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.26:25
    smtp2.cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 52.101.68.11:25
    outlook-com.olc.protection.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 202.12.124.216:25
    in2-smtp.messagingengine.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 52.101.40.4:25
    alumni-caltech-edu.mail.protection.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 85.187.148.2:25
    gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 15.228.173.191:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.64:25
    cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 52.96.223.2:25
    outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 103.168.172.222:25
    in1-smtp.messagingengine.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 204.13.239.180:25
    alumni.caltech.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 85.187.148.2:25
    gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 172.16.51.120:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.25:25
    smtp1.cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 52.98.224.130:25
    smtp.outlook.com
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 85.187.148.2:25
    mail.gzip.org
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 167.194.179.54:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.64:25
    cs.stanford.edu
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    260 B
     5
  • 141.240.218.155:1042
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    104 B
     2
  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    24.139.73.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    24.139.73.23.in-addr.arpa

  • 8.8.8.8:53
    182.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    182.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    resources.jar
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    resources.jar
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     121 B
     1
    1

    DNS Request

    cs.stanford.edu

  • 8.8.8.8:53
    smtp2.cs.stanford.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    67 B
     83 B
     1
    1

    DNS Request

    smtp2.cs.stanford.edu

    DNS Response

    171.64.64.26

  • 8.8.8.8:53
    outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    57 B
     100 B
     1
    1

    DNS Request

    outlook.com

  • 8.8.8.8:53
    outlook-com.olc.protection.outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    84 B
     148 B
     1
    1

    DNS Request

    outlook-com.olc.protection.outlook.com

    DNS Response

    52.101.68.11
    52.101.10.3
    52.101.68.24
    52.101.10.9

  • 8.8.8.8:53
    nocorp.me
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    55 B
     124 B
     1
    1

    DNS Request

    nocorp.me

  • 8.8.8.8:53
    in2-smtp.messagingengine.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    74 B
     106 B
     1
    1

    DNS Request

    in2-smtp.messagingengine.com

    DNS Response

    202.12.124.216
    202.12.124.217

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    92 B
     156 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.40.4
    52.101.194.13
    52.101.9.2
    52.101.194.3

  • 8.8.8.8:53
    gzip.org
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    gzip.org
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     77 B
     1
    1

    DNS Request

    cs.stanford.edu

    DNS Response

    171.64.64.64

  • 8.8.8.8:53
    outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    57 B
     201 B
     1
    1

    DNS Request

    outlook.com

    DNS Response

    52.96.223.2
    52.96.214.50
    52.96.91.34
    52.96.172.98
    52.96.228.130
    52.96.222.194
    52.96.111.82
    52.96.222.226
    52.96.229.242

  • 8.8.8.8:53
    in1-smtp.messagingengine.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    74 B
     202 B
     1
    1

    DNS Request

    in1-smtp.messagingengine.com

    DNS Response

    103.168.172.222
    103.168.172.217
    103.168.172.223
    103.168.172.221
    103.168.172.218
    103.168.172.216
    103.168.172.220
    103.168.172.219

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    64 B
     80 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    204.13.239.180

  • 8.8.8.8:53
    smtp1.cs.stanford.edu
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    67 B
     83 B
     1
    1

    DNS Request

    smtp1.cs.stanford.edu

    DNS Response

    171.64.64.25

  • 8.8.8.8:53
    mx.outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    60 B
     130 B
     1
    1

    DNS Request

    mx.outlook.com

  • 8.8.8.8:53
    nocorp.me
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    55 B
     117 B
     1
    1

    DNS Request

    nocorp.me

  • 8.8.8.8:53
    mail.outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    62 B
     145 B
     1
    1

    DNS Request

    mail.outlook.com

  • 8.8.8.8:53
    mx.nocorp.me
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    58 B
     120 B
     1
    1

    DNS Request

    mx.nocorp.me

  • 8.8.8.8:53
    smtp.outlook.com
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    62 B
     255 B
     1
    1

    DNS Request

    smtp.outlook.com

    DNS Response

    52.98.224.130
    40.99.201.130
    52.97.211.194
    40.99.218.82
    52.97.202.98
    52.97.211.162
    40.99.213.66
    40.99.202.98

  • 8.8.8.8:53
    mail.nocorp.me
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    60 B
     122 B
     1
    1

    DNS Request

    mail.nocorp.me

  • 8.8.8.8:53
    smtp.nocorp.me
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    60 B
     122 B
     1
    1

    DNS Request

    smtp.nocorp.me

  • 8.8.8.8:53
    mx.gzip.org
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    57 B
     124 B
     1
    1

    DNS Request

    mx.gzip.org

  • 8.8.8.8:53
    mail.gzip.org
    dns
    ee2aa61156752adf4c1e8307503cf843_JaffaCakes118.exe
    118 B
     178 B
     2
    2

    DNS Request

    mail.gzip.org

    DNS Request

    mail.gzip.org

    DNS Response

    85.187.148.2

    DNS Response

    85.187.148.2

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Winamp 5.0 (en).ShareReactor.com
    Filesize

    46KB

    MD5

    ee2aa61156752adf4c1e8307503cf843

    SHA1

    baaffcb1edb02f8ca7a7bea62a8323a4d7f4abf4

    SHA256

    8f16e5d2e24631d1e1de8006debd527332b55eff219b9b1e37033588a318ada8

    SHA512

    bdd94e4873dfb0c21ffead46f575c7605e0ae6b957649ce6067c08b3966bed8e57821b39bab01c7e02456ca2f8554a6492476b663e333a1498edfd06cbafc70e

    Download Submit

  • memory/744-0-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/744-3-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.