Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/01/2024, 10:31 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://jakwens.com
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
http://jakwens.com
Resource
win10v2004-20231222-en
General
-
Target
http://jakwens.com
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D8EC2A1-B06C-11EE-AED6-D669B05BD432} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2352 iexplore.exe 2352 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2352 wrote to memory of 2240 2352 iexplore.exe 17 PID 2352 wrote to memory of 2240 2352 iexplore.exe 17 PID 2352 wrote to memory of 2240 2352 iexplore.exe 17 PID 2352 wrote to memory of 2240 2352 iexplore.exe 17
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://jakwens.com1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:22⤵PID:2240
-
Network
-
Remote address:8.8.8.8:53Requestjakwens.comIN AResponsejakwens.comIN A35.233.80.224
-
Remote address:35.233.80.224:80RequestGET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: jakwens.com
Connection: Keep-Alive
ResponseHTTP/1.0 200 Internal Server Error
content-type: text/html
-
Remote address:35.233.80.224:80RequestGET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jakwens.com
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
content-type: text/html
content-length: 1245
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:92.123.128.195:80RequestGET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: www.bing.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
Date: Thu, 11 Jan 2024 10:31:28 GMT
Connection: keep-alive
X-CDN-TraceID: 0.c3777b5c.1704969088.d7ec1cc
-
Remote address:92.123.128.195:80ResponseHTTP/1.0 408 Request Time-out
Mime-Version: 1.0
Date: Thu, 11 Jan 2024 10:32:04 GMT
Content-Type: text/html
Content-Length: 218
Expires: Thu, 11 Jan 2024 10:32:04 GMT
-
762 B 270 B 6 4
HTTP Request
GET http://jakwens.com/HTTP Response
200 -
429 B 1.5kB 5 3
HTTP Request
GET http://jakwens.com/favicon.icoHTTP Response
404 -
542 B 5.1kB 7 7
HTTP Request
GET http://www.bing.com/favicon.icoHTTP Response
200 -
288 B 598 B 6 4
HTTP Response
408 -
799 B 7.8kB 10 12
-
799 B 7.8kB 10 12
-
775 B 7.8kB 9 12
-
57 B 73 B 1 1
DNS Request
jakwens.com
DNS Response
35.233.80.224
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
47KB
MD52468388a05552669e0eb572b0edcd63a
SHA198003b90dd8092fafd89bf9398b2a4c92638beb4
SHA2566e7581ec37552d5096952d6303472ea9bfe2c80c9a39a13925edf58c7cdaaf42
SHA512099557e4c1787c81e601e408722c2296d2e39791e3ddf216aee082edbeacda48043e96e3e5f0807dbb459643e3e8565316f1dd7f6ddbc7f26135a3c4ab48b952
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD56ff93a9062b00b7698c97054102f2d99
SHA16b14442dd15a2a5db06e4aecbd4271c48551cd5d
SHA2568368b80ad7cb755678f57d52e6ac7a9ec4d9fa9bae0e19e3edfa48ceb0adfaee
SHA51225ccb0c6351eb669cdaf5c88855aac8ba695d4e943e19f001ed84ce64e33ce41fbd0d69e25f8fad29cb625ace758686b5ebc214e78a39b3c2bcf5a6eed4e23c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ecf6faaf1c5d7424df1de66acd1960e
SHA111f4edba93e89f6fa21a3067262af373fcfd4ea0
SHA25665417bc409544fc882e2928d1d9cd16a01ee05b827d120200144318c1a563d23
SHA5127caaca2d00bc28d14edef536d65c3f402d04c6a634d22c23cc35a81b0881715c9b6f562282364b233119d0c14404e100850820e4a90d06892b022259bd3b23c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b40e476f8c0379ce25a6c2d33d848ca3
SHA1cc84ddf35c74dd1f9dbd00cfce67e1731ba48c72
SHA25601c891394bda5d3f826d533203451cddfb165a04a9fb70df2a8240cf52e6ef85
SHA5121a9233ea78a906454f5e80c03dcd0fbf2b99032658acc221ce9e7469c50858b032ca6218c8abe17b479964aa0789bc81c4d2aff74618566f79a5c01db2da0dd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf520dae5a51ad2dd3e089586c3b70e9
SHA15421c81cad4ba76c3112242133219d74836a1f19
SHA256fa4cb03cac9d801adbf7d2ed1d24a36ca983e79f60eba193e7f6c10db47393e8
SHA512be931832a0a6fa8e3edbd22b26418730856bfd6d4775b1a17b03e3229f6b0aa2378c1ac8e364ddd33725df0e9312eb46ab6878f12b4e2072e6b2e3bcf2689bfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52a7a8120b8d529a7e890daf32d3d07bb
SHA18058765f867aff3bd3aed95fed7a1366a7774dab
SHA256165ba25108b193ce83a5c47a05d397824ded635c7178207a51b61fc93d79bd98
SHA512f4436698657c8c1081d08ac41dbdbba0d16e04046b78b8ef48134ea3eb423eb672a59429647a74e143af4ecf8083f5bf3554d4e4eb51db0604b46b3c0eaef1cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
4KB
MD528bd1fabc38b2587ef4041b11fd3ac6a
SHA1803700f6b2b89a5c06356569908ca1af23067638
SHA256702574ea4240fda88dcb09864ac9f82e6f44ef06ada0c2274af239ceccb2688d
SHA512c2a83813727ab6dac249f0ce0ed86daef3644e4ab0daabbe0d90186c37d8420b59e3888ed2a9841a8f8c1a7c2238d53bb89f3f40c8d607d817590807f3ac71f3