Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...64.exe

windows7-x64

1

JaffaCakes...64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2025, 10:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe

  • Size

    37KB

  • MD5

    0bdf47eab689f6d7cf23f64fb06fac64

  • SHA1

    b0b9dee4bb1ef616e376c1d3a8ffc8fc9b250514

  • SHA256

    672083ab81b115705354d6264336bd0b879848087933cd603231c7850671c2e7

  • SHA512

    c5def6629156c01ec4aa2c886d5720aec40c68c3d5e063659146f44229830d2cff7ae9230f8ae3f850085b8846e524fa4b84054036914721f1e5c37d48fe33b0

  • SSDEEP

    768:Us4cQbCXSh9RgjkEprmk358B+LqESKs8udqd9zYcCeK:3RQbqqdqCoR2KJud8HK

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2544

Network

  • flag-us
    DNS
    5acdf4a3.linkbucks.com
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    5acdf4a3.linkbucks.com
    IN A
    Response
  • flag-us
    DNS
    google.com
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    google.com
    IN A
    Response
    google.com
    IN A
    142.250.180.14
  • flag-gb
    GET
    http://google.com/
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.180.14:80
    Request
    GET / HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
    Accept-Language: en-US
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwI4aaOvAYQvNX8pwESBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-HjkpyC1qvfKwDLu0MztfHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Sun, 12 Jan 2025 10:03:13 GMT
    Server: gws
    Content-Length: 392
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-VyzLG6HfQ315rdOJOLF49NiNoNGzJTQPUjX1-XDOgUkEY0-gCJ-Q; expires=Fri, 11-Jul-2025 10:03:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-us
    DNS
    www.google.com
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-gb
    GET
    http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.187.196:80
    Request
    GET /sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
    Accept-Language: en-US
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Connection: Keep-Alive
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Sun, 12 Jan 2025 10:03:13 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3063
    X-XSS-Protection: 0
  • flag-gb
    GET
    https://www.google.com/recaptcha/api.js
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.187.196:443
    Request
    GET /recaptcha/api.js HTTP/1.1
    Accept: */*
    Referer: http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    Accept-Language: en-US
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: www.google.com
    Connection: Keep-Alive
    Cookie: AEC=AZ6Zc-VyzLG6HfQ315rdOJOLF49NiNoNGzJTQPUjX1-XDOgUkEY0-gCJ-Q
    Response
    HTTP/1.1 200 OK
    Content-Type: text/javascript; charset=utf-8
    Expires: Sun, 12 Jan 2025 10:03:14 GMT
    Date: Sun, 12 Jan 2025 10:03:14 GMT
    Cache-Control: private, max-age=300
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
    Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    c.pki.goog
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.178.3
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.178.3:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sun, 12 Jan 2025 09:17:32 GMT
    Expires: Sun, 12 Jan 2025 10:07:32 GMT
    Cache-Control: public, max-age=3000
    Age: 2741
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    o.pki.goog
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.178.3
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDQHFkpJVehgBDuGMMGYHaS
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.178.3:80
    Request
    GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDQHFkpJVehgBDuGMMGYHaS HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Sun, 12 Jan 2025 09:55:29 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 465
  • flag-gb
    GET
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.178.3:80
    Request
    GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Server: ocsp_responder
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Sun, 12 Jan 2025 09:37:42 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 1532
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    95.101.134.51
    a1363.dscg.akamai.net
    IN A
    95.101.134.56
  • flag-fr
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    95.101.134.51:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
    Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
    ETag: 0x8DD1A40E476D877
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f38ffdb8-101e-0026-446a-5d1ff2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 12 Jan 2025 10:03:44 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    104.80.22.51
  • flag-fr
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    104.80.22.51:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: PjrtHAukbJio72s77Ag5mA==
    Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
    ETag: 0x8DCFA0366D6C4CA
    x-ms-request-id: 23d3fbc0-501e-0045-3eed-2b8209000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 12 Jan 2025 10:03:44 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV1e7d618b.0
    ms-cv-esi: CASMicrosoftCV1e7d618b.0
    X-RTag: RT
  • flag-us
    DNS
    5acdf4a3.linkbucks.com
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    8.8.8.8:53
    Request
    5acdf4a3.linkbucks.com
    IN A
    Response
  • flag-gb
    GET
    http://google.com/
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.180.14:80
    Request
    GET / HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
    Accept-Language: en-US
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGKSnjrwGIjBHGgIvZ13fA40D3R81SlVXKGYM9cWEOrBYdx_fSOu-EsVoncM7eEfsLfLludAJX2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgsIpaeOvAYQ-9-RPxIEtdewUw
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-w36cnZwpk9qCYuBotY9Ngg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Sun, 12 Jan 2025 10:04:21 GMT
    Server: gws
    Content-Length: 392
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-VYkOslX0W4VujVuoOO-HwUnZBJYijIGREwkF0E4_1EW7OCuzIpzVE; expires=Fri, 11-Jul-2025 10:04:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-gb
    GET
    http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGKSnjrwGIjBHGgIvZ13fA40D3R81SlVXKGYM9cWEOrBYdx_fSOu-EsVoncM7eEfsLfLludAJX2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    Remote address:
    142.250.187.196:80
    Request
    GET /sorry/index?continue=http://google.com/&q=EgS117BTGKSnjrwGIjBHGgIvZ13fA40D3R81SlVXKGYM9cWEOrBYdx_fSOu-EsVoncM7eEfsLfLludAJX2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
    Accept-Language: en-US
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Connection: Keep-Alive
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Sun, 12 Jan 2025 10:04:21 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3063
    X-XSS-Protection: 0
  • 142.250.180.14:80
    http://google.com/
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    792 B
     2.7kB
     7
    5

    HTTP Request

    GET http://google.com/

    HTTP Response

    302
  • 142.250.187.196:80
    http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    959 B
     3.6kB
     7
    6

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGOCmjrwGIjBQo2N4H3pk6eh2LATGCSAeQ67qyAtM792C9hBoWCitmmIvfOsaDDtLazwhWOsy2bEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 142.250.187.196:443
    https://www.google.com/recaptcha/api.js
    tls, http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    1.5kB
     6.2kB
     11
    12

    HTTP Request

    GET https://www.google.com/recaptcha/api.js

    HTTP Response

    200
  • 142.250.178.3:80
    http://c.pki.goog/r/r1.crl
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    348 B
     1.7kB
     5
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 142.250.178.3:80
    http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    780 B
     1.6kB
     7
    4

    HTTP Request

    GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDQHFkpJVehgBDuGMMGYHaS

    HTTP Response

    200

    HTTP Request

    GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

    HTTP Response

    200
  • 95.101.134.51:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
     1.7kB
     4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 104.80.22.51:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    393 B
     1.7kB
     4
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 142.250.180.14:80
    http://google.com/
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    700 B
     2.7kB
     5
    4

    HTTP Request

    GET http://google.com/

    HTTP Response

    302
  • 142.250.187.196:80
    http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGKSnjrwGIjBHGgIvZ13fA40D3R81SlVXKGYM9cWEOrBYdx_fSOu-EsVoncM7eEfsLfLludAJX2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    867 B
     3.6kB
     5
    5

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://google.com/&q=EgS117BTGKSnjrwGIjBHGgIvZ13fA40D3R81SlVXKGYM9cWEOrBYdx_fSOu-EsVoncM7eEfsLfLludAJX2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 8.8.8.8:53
    5acdf4a3.linkbucks.com
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    68 B
     68 B
     1
    1

    DNS Request

    5acdf4a3.linkbucks.com

  • 8.8.8.8:53
    google.com
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    56 B
     72 B
     1
    1

    DNS Request

    google.com

    DNS Response

    142.250.180.14

  • 8.8.8.8:53
    www.google.com
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 8.8.8.8:53
    c.pki.goog
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.178.3

  • 8.8.8.8:53
    o.pki.goog
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    56 B
     107 B
     1
    1

    DNS Request

    o.pki.goog

    DNS Response

    142.250.178.3

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    95.101.134.51
    95.101.134.56

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    104.80.22.51

  • 8.8.8.8:53
    5acdf4a3.linkbucks.com
    dns
    JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
    68 B
     68 B
     1
    1

    DNS Request

    5acdf4a3.linkbucks.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\api[1].js
    Filesize

    870B

    MD5

    959fca740c230726e5a7cdf2b7603468

    SHA1

    1fa3eb9690cb728a4ba96846bd8eac87fa914073

    SHA256

    1a7a8da967879cf8c53e114c331242c5d44c39d4b4778a0824bc2f363504c3a5

    SHA512

    c493d157fdb40ca20752cd7419c3bf837c12831ef05d0d3e41844e17fc99096d1a7429adaa58ade3eb99aa5e5ce4ad91af8ef7c25f36c7e69f341ad0f2e88e86

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\recaptcha__en[1].js
    Filesize

    547KB

    MD5

    19ddac3be88eda2c8263c5d52fa7f6bd

    SHA1

    c81720778f57c56244c72ce6ef402bb4de5f9619

    SHA256

    b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

    SHA512

    393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

    Download Submit

  • memory/2544-6-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-3-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-4-0x000007FEF5E6E000-0x000007FEF5E6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2544-5-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-0-0x000007FEF5E6E000-0x000007FEF5E6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2544-7-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-8-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-9-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-10-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-44-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-47-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-2-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2544-1-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.