Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-01-2025 10:59

General

  • Target

    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe

  • Size

    168KB

  • MD5

    3beba00c01a8c927e347a12396049a9e

  • SHA1

    f5f0a8713617cccd9cd8e1d93efc7698da997550

  • SHA256

    9e28a0b6cc35f363e7d12b4c4629048d15d3b99cf376bc80253d6ab02afe06c0

  • SHA512

    43912b8e169ffc64c3dfa2e0afc43df58334f73d6d3d0232e42c70e1b16cf58f88a3f0d462ff4c833952f15c925786812f9782fed7fba41a524e994d9c80f348

  • SSDEEP

    3072:H1jdn+HgcoYoCdq4bAhJ3dVjoyiy8ItpTVjhMbW6pe:H5uBkCdqZbVEyiy8IdH6A

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 4 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2528
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming
      2⤵
      • System Location Discovery: System Language Discovery
      PID:572

Network

  • flag-us
    DNS
    onlineinstitute.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    onlineinstitute.com
    IN A
    Response
    onlineinstitute.com
    IN A
    50.28.76.229
  • flag-us
    GET
    http://onlineinstitute.com/g7/images/logo2.jpg?v5=90&tq=gHZutDyMv5rJfCG1J8K%2B1MWCJbP4lltXIA%3D%3D
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    50.28.76.229:80
    Request
    GET /g7/images/logo2.jpg?v5=90&tq=gHZutDyMv5rJfCG1J8K%2B1MWCJbP4lltXIA%3D%3D HTTP/1.0
    Connection: close
    Host: onlineinstitute.com
    Accept: */*
    User-Agent: mozilla/2.0
    Response
    HTTP/1.1 200 OK
    Date: Tue, 14 Jan 2025 10:59:42 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, close
    Last-Modified: Mon, 09 Jun 2014 17:01:30 GMT
    Accept-Ranges: bytes
    Content-Length: 3933
    Content-Type: image/jpeg
  • flag-us
    DNS
    hddforpda.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    hddforpda.com
    IN A
    Response
  • flag-us
    DNS
    zonedg.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    zonedg.com
    IN A
    Response
    zonedg.com
    IN A
    103.224.212.214
  • flag-us
    DNS
    zonedg.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    zonedg.com
    IN A
    Response
    zonedg.com
    IN A
    103.224.212.214
  • flag-us
    DNS
    zonedg.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    zonedg.com
    IN A
    Response
    zonedg.com
    IN A
    103.224.212.214
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqhSr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqhSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Tue, 14 Jan 2025 11:00:07 GMT
    server: Apache
    set-cookie: __tad=1736852407.6814174; expires=Fri, 12-Jan-2035 11:00:07 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqhSr%2Fe%2BV5ZuRg%3D%3D&subid1=20250114-2200-073a-9f3f-ffc613f2b05b
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Tue, 14 Jan 2025 11:00:07 GMT
    server: Apache
    set-cookie: __tad=1736852407.1942718; expires=Fri, 12-Jan-2035 11:00:07 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D&subid1=20250114-2200-079b-9523-ae78a86c8335
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8CiYvEaSPT%2Bsqpi8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8CiYvEaSPT%2Bsqpi8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Tue, 14 Jan 2025 11:00:07 GMT
    server: Apache
    set-cookie: __tad=1736852407.8975917; expires=Fri, 12-Jan-2035 11:00:07 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8CiYvEaSPT%2Bsqpi8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D&subid1=20250114-2200-0725-a60b-1a859668aca8
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-us
    DNS
    www.google.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-gb
    GET
    http://www.google.com/
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    142.250.187.196:80
    Request
    GET / HTTP/1.0
    Connection: close
    Host: www.google.com
    Accept: */*
    Response
    HTTP/1.0 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNuHmbwGIjAdsN9ckQBVKnePv2TEzJZTBIgoEm_sQiCSPZgo4hplFLfp_BmKPiVyQ0s0_urpKfMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwI24eZvAYQ0sC6qQMSBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-GYlEQbC4zuDU3mvaEwWDrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 14 Jan 2025 11:00:43 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-VAOI4dznhwWk0s8O7V-a6KI9R5r4L8Ws4lPtJu2eZDlFfdWYqlqg; expires=Sun, 13-Jul-2025 11:00:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-us
    DNS
    booklaboratoryonline.com
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    8.8.8.8:53
    Request
    booklaboratoryonline.com
    IN A
    Response
  • flag-us
    POST
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    103.224.212.214:80
    Request
    POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G HTTP/1.1
    Host: zonedg.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Content-Length: 0
    Connection: close
    Response
    HTTP/1.1 302 Found
    date: Tue, 14 Jan 2025 11:00:44 GMT
    server: Apache
    set-cookie: __tad=1736852444.1640379; expires=Fri, 12-Jan-2035 11:00:44 GMT; Max-Age=315360000
    location: http://ww25.zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G&subid1=20250114-2200-4469-b3ea-dc90237d5229
    content-length: 2
    content-type: text/html; charset=UTF-8
    connection: close
  • flag-gb
    GET
    http://www.google.com/
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    142.250.187.196:80
    Request
    GET / HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNyHmbwGIjDSpnN6doYOT3_jrsUA8IMLjBTRDQy25BZBq_c-5pvAjPPEGhmHHMZdzQJGKd3prjMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgsI3IeZvAYQmc7JexIEtdewUw
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-lGNzsgvyrXnybTXz4aA5dA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 14 Jan 2025 11:00:44 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-XvWDVL69E1WGvOBqUXA8aYxqzh1PYrm3Br4GXWQgV5EXE7h1lR6fI; expires=Sun, 13-Jul-2025 11:00:44 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Connection: close
  • flag-gb
    GET
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNyHmbwGIjDSpnN6doYOT3_jrsUA8IMLjBTRDQy25BZBq_c-5pvAjPPEGhmHHMZdzQJGKd3prjMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    Remote address:
    142.250.187.196:80
    Request
    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGNyHmbwGIjDSpnN6doYOT3_jrsUA8IMLjBTRDQy25BZBq_c-5pvAjPPEGhmHHMZdzQJGKd3prjMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Tue, 14 Jan 2025 11:00:44 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3075
    X-XSS-Protection: 0
    Connection: close
  • 50.28.76.229:80
    http://onlineinstitute.com/g7/images/logo2.jpg?v5=90&tq=gHZutDyMv5rJfCG1J8K%2B1MWCJbP4lltXIA%3D%3D
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    495 B
    4.5kB
    7
    8

    HTTP Request

    GET http://onlineinstitute.com/g7/images/logo2.jpg?v5=90&tq=gHZutDyMv5rJfCG1J8K%2B1MWCJbP4lltXIA%3D%3D

    HTTP Response

    200
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqhSr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    585 B
    718 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqhSr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    302
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    565 B
    698 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D

    HTTP Response

    302
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8CiYvEaSPT%2Bsqpi8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    591 B
    724 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B8CiYvEaSPT%2Bsqpi8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D

    HTTP Response

    302
  • 142.250.187.196:80
    http://www.google.com/
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    302 B
    1.5kB
    5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 103.224.212.214:80
    http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    577 B
    710 B
    5
    4

    HTTP Request

    POST http://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9PiwomL2GUvg7sbefvJsSvT8t61i9hlL9PmxrHH0bV%2FmiMWrdPd5SOeikL50gGg46f%2FHowP8GT7iis3fcvAdQuT%2B0alxtygbpb6HvnSAOQij%2B82oYvEaTuLuwd129WxK5VKv975Xlm5G

    HTTP Response

    302
  • 142.250.187.196:80
    http://www.google.com/
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    307 B
    1.5kB
    5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 127.0.0.1:59475
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
  • 127.0.0.1:59475
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
  • 142.250.187.196:80
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNyHmbwGIjDSpnN6doYOT3_jrsUA8IMLjBTRDQy25BZBq_c-5pvAjPPEGhmHHMZdzQJGKd3prjMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    526 B
    3.7kB
    6
    7

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNyHmbwGIjDSpnN6doYOT3_jrsUA8IMLjBTRDQy25BZBq_c-5pvAjPPEGhmHHMZdzQJGKd3prjMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 8.8.8.8:53
    onlineinstitute.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    65 B
    81 B
    1
    1

    DNS Request

    onlineinstitute.com

    DNS Response

    50.28.76.229

  • 8.8.8.8:53
    hddforpda.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    59 B
    132 B
    1
    1

    DNS Request

    hddforpda.com

  • 8.8.8.8:53
    zonedg.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    56 B
    72 B
    1
    1

    DNS Request

    zonedg.com

    DNS Response

    103.224.212.214

  • 8.8.8.8:53
    zonedg.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    56 B
    72 B
    1
    1

    DNS Request

    zonedg.com

    DNS Response

    103.224.212.214

  • 8.8.8.8:53
    zonedg.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    56 B
    72 B
    1
    1

    DNS Request

    zonedg.com

    DNS Response

    103.224.212.214

  • 8.8.8.8:53
    www.google.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 8.8.8.8:53
    booklaboratoryonline.com
    dns
    JaffaCakes118_3beba00c01a8c927e347a12396049a9e.exe
    70 B
    143 B
    1
    1

    DNS Request

    booklaboratoryonline.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\A855.D54

    Filesize

    1KB

    MD5

    ba97fde0fcb12299d0be3dde3f740d38

    SHA1

    a94d8a9c5c13791e8365030f2bd3550fd29b580e

    SHA256

    e217ece768c677170e7ad4afd8bbe3f3c29365c3fea876d07cabc5c4f117b3f8

    SHA512

    09ae51d247ae51bc37595e9ee0c4d920bf1e30a6626fe2f22fce8bf1a74c9f41c283ee03b0ddf1ae05922a0a33d8ea19f403ab3c35b67d534212f35db40a040f

  • C:\Users\Admin\AppData\Roaming\A855.D54

    Filesize

    600B

    MD5

    1b9602e07e72c892f2bbdbb8b89bcc0b

    SHA1

    a30f12dbdc386f4f237f8f1c1ff3af07d1ff7181

    SHA256

    1e3b40b6e79a5fb78f9ee09f8d8fba05f96f230005e19a3cccc84692c5ef4a28

    SHA512

    8f2020c1a40f0527e7be224c14bee149f9fb4ed8e5c9e29404edcec4d32561c99243acebbe362210c3794b9f384a10abecae819985a54eafa6eca14b6e66c5db

  • C:\Users\Admin\AppData\Roaming\A855.D54

    Filesize

    996B

    MD5

    a4dc54fecc96ad65b1e4d778f8412382

    SHA1

    d769407d1b5e7df06328fb2979bc75b47cdd1763

    SHA256

    7395667c934e8a99f5d66a5e656244c53c18e9503f36203ea4b6c067420e709b

    SHA512

    3361e4bbebd5a5344bb6b873784b366c7a3167ebe43bcaa4c94aec2b170a721177f6091676389ccab782c71d5f38c5a7771e72dfa31b6cc7c7d9fd594de0d308

  • memory/572-85-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/2528-5-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/2528-6-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/2528-8-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/3060-1-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/3060-2-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/3060-16-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

  • memory/3060-177-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.