Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 10:31 UTC

General

  • Target

    http://jakwens.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://jakwens.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
      2⤵
        PID:2240

    Network

    • flag-us
      DNS
      jakwens.com
      iexplore.exe
      Remote address:
      8.8.8.8:53
      Request
      jakwens.com
      IN A
      Response
      jakwens.com
      IN A
      35.233.80.224
    • flag-be
      GET
      http://jakwens.com/
      Remote address:
      35.233.80.224:80
      Request
      GET / HTTP/1.1
      Accept: text/html, application/xhtml+xml, */*
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: jakwens.com
      Connection: Keep-Alive
      Response
      HTTP/1.0 200 Internal Server Error
      cache-control: cache
      content-type: text/html
    • flag-be
      GET
      http://jakwens.com/favicon.ico
      Remote address:
      35.233.80.224:80
      Request
      GET /favicon.ico HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: jakwens.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 404 Not Found
      date: Thu, 11 Jan 2024 10:31:19 GMT
      content-type: text/html
      content-length: 1245
    • flag-us
      DNS
      www.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      92.123.241.137
    • flag-us
      DNS
      www.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      92.123.241.137
    • flag-us
      GET
      http://www.bing.com/favicon.ico
      Remote address:
      92.123.128.195:80
      Request
      GET /favicon.ico HTTP/1.1
      Accept: */*
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
      Host: www.bing.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Cache-Control: public, max-age=15552000
      Content-Length: 4286
      Content-Type: image/x-icon
      Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
      Date: Thu, 11 Jan 2024 10:31:28 GMT
      Connection: keep-alive
      X-CDN-TraceID: 0.c3777b5c.1704969088.d7ec1cc
    • flag-us
      DNS
      Remote address:
      92.123.128.195:80
      Response
      HTTP/1.0 408 Request Time-out
      Server: AkamaiGHost
      Mime-Version: 1.0
      Date: Thu, 11 Jan 2024 10:32:04 GMT
      Content-Type: text/html
      Content-Length: 218
      Expires: Thu, 11 Jan 2024 10:32:04 GMT
    • 35.233.80.224:80
      http://jakwens.com/
      http
      762 B
      270 B
      6
      4

      HTTP Request

      GET http://jakwens.com/

      HTTP Response

      200
    • 35.233.80.224:80
      http://jakwens.com/favicon.ico
      http
      429 B
      1.5kB
      5
      3

      HTTP Request

      GET http://jakwens.com/favicon.ico

      HTTP Response

      404
    • 92.123.128.195:80
      http://www.bing.com/favicon.ico
      http
      542 B
      5.1kB
      7
      7

      HTTP Request

      GET http://www.bing.com/favicon.ico

      HTTP Response

      200
    • 92.123.128.195:80
      www.bing.com
      http
      288 B
      598 B
      6
      4

      HTTP Response

      408
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      799 B
      7.8kB
      10
      12
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      799 B
      7.8kB
      10
      12
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      775 B
      7.8kB
      9
      12
    • 8.8.8.8:53
      jakwens.com
      dns
      iexplore.exe
      57 B
      73 B
      1
      1

      DNS Request

      jakwens.com

      DNS Response

      35.233.80.224

    • 8.8.8.8:53
      www.microsoft.com
      dns
      63 B
      230 B
      1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      92.123.241.137

    • 8.8.8.8:53
      www.microsoft.com
      dns
      63 B
      230 B
      1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      92.123.241.137

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      47KB

      MD5

      2468388a05552669e0eb572b0edcd63a

      SHA1

      98003b90dd8092fafd89bf9398b2a4c92638beb4

      SHA256

      6e7581ec37552d5096952d6303472ea9bfe2c80c9a39a13925edf58c7cdaaf42

      SHA512

      099557e4c1787c81e601e408722c2296d2e39791e3ddf216aee082edbeacda48043e96e3e5f0807dbb459643e3e8565316f1dd7f6ddbc7f26135a3c4ab48b952

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      6ff93a9062b00b7698c97054102f2d99

      SHA1

      6b14442dd15a2a5db06e4aecbd4271c48551cd5d

      SHA256

      8368b80ad7cb755678f57d52e6ac7a9ec4d9fa9bae0e19e3edfa48ceb0adfaee

      SHA512

      25ccb0c6351eb669cdaf5c88855aac8ba695d4e943e19f001ed84ce64e33ce41fbd0d69e25f8fad29cb625ace758686b5ebc214e78a39b3c2bcf5a6eed4e23c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      9ecf6faaf1c5d7424df1de66acd1960e

      SHA1

      11f4edba93e89f6fa21a3067262af373fcfd4ea0

      SHA256

      65417bc409544fc882e2928d1d9cd16a01ee05b827d120200144318c1a563d23

      SHA512

      7caaca2d00bc28d14edef536d65c3f402d04c6a634d22c23cc35a81b0881715c9b6f562282364b233119d0c14404e100850820e4a90d06892b022259bd3b23c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      b40e476f8c0379ce25a6c2d33d848ca3

      SHA1

      cc84ddf35c74dd1f9dbd00cfce67e1731ba48c72

      SHA256

      01c891394bda5d3f826d533203451cddfb165a04a9fb70df2a8240cf52e6ef85

      SHA512

      1a9233ea78a906454f5e80c03dcd0fbf2b99032658acc221ce9e7469c50858b032ca6218c8abe17b479964aa0789bc81c4d2aff74618566f79a5c01db2da0dd8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      cf520dae5a51ad2dd3e089586c3b70e9

      SHA1

      5421c81cad4ba76c3112242133219d74836a1f19

      SHA256

      fa4cb03cac9d801adbf7d2ed1d24a36ca983e79f60eba193e7f6c10db47393e8

      SHA512

      be931832a0a6fa8e3edbd22b26418730856bfd6d4775b1a17b03e3229f6b0aa2378c1ac8e364ddd33725df0e9312eb46ab6878f12b4e2072e6b2e3bcf2689bfc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2a7a8120b8d529a7e890daf32d3d07bb

      SHA1

      8058765f867aff3bd3aed95fed7a1366a7774dab

      SHA256

      165ba25108b193ce83a5c47a05d397824ded635c7178207a51b61fc93d79bd98

      SHA512

      f4436698657c8c1081d08ac41dbdbba0d16e04046b78b8ef48134ea3eb423eb672a59429647a74e143af4ecf8083f5bf3554d4e4eb51db0604b46b3c0eaef1cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Tar398D.tmp

      Filesize

      4KB

      MD5

      28bd1fabc38b2587ef4041b11fd3ac6a

      SHA1

      803700f6b2b89a5c06356569908ca1af23067638

      SHA256

      702574ea4240fda88dcb09864ac9f82e6f44ef06ada0c2274af239ceccb2688d

      SHA512

      c2a83813727ab6dac249f0ce0ed86daef3644e4ab0daabbe0d90186c37d8420b59e3888ed2a9841a8f8c1a7c2238d53bb89f3f40c8d607d817590807f3ac71f3

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.