Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

0c47927106...8.html

windows7-x64

1

0c47927106...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2024, 16:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c47927106e7e8944602b3178e6686c3_JaffaCakes118.html

  • Size

    68KB

  • MD5

    0c47927106e7e8944602b3178e6686c3

  • SHA1

    72aedd48cd7c3850c0cc5aa838f2de318416a690

  • SHA256

    ec83f8f175ab7823d65b40736ef4ab5ab10171a47c79de3f4d6e4f7c9aaeed85

  • SHA512

    ef652414338615d818a713115a3bdd1da695759122c92666c21a199b4279f0702edab66399082cb211c5f5474f411d06523ebff59b2953fad38b6233e89616f4

  • SSDEEP

    768:JiIgcMsSZ8tN99OIsi09ZvsxoT2SqQCZkoTnMdtbBnfBgN8/oygcRWQFVGys//IU:JGWSTEPec0tbrga6crNnz8PJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0c47927106e7e8944602b3178e6686c3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2556

Network

  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • flag-us
    DNS
    img.sedoparking.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img.sedoparking.com
    IN A
    Response
    img.sedoparking.com
    IN CNAME
    sedo.cachefly.net
    sedo.cachefly.net
    IN CNAME
    vip1.g5.cachefly.net
    vip1.g5.cachefly.net
    IN A
    205.234.175.175
  • flag-gb
    GET
    http://www.google.com/adsense/domains/caf.js
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:80
    Request
    GET /adsense/domains/caf.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Type: text/javascript; charset=UTF-8
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
    Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
    Date: Wed, 01 May 2024 16:32:53 GMT
    Expires: Wed, 01 May 2024 16:32:53 GMT
    Cache-Control: private, max-age=3600
    ETag: "10287402930606056118"
    X-Content-Type-Options: nosniff
    Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: sffe
    X-XSS-Protection: 0
  • flag-us
    GET
    http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js
    IEXPLORE.EXE
    Remote address:
    205.234.175.175:80
    Request
    GET /js/jquery-1.11.3.custom.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.sedoparking.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 01 May 2024 16:32:53 GMT
    Content-Type: application/x-javascript
    Content-Length: 25176
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=86400
    Expires: Thu, 02 May 2024 16:32:53 GMT
    X-CFHash: "7dd2fc9525d32ef5c44abe9036c98ad1"
    X-CFF: B
    Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
    Vary: Accept-Encoding
    X-CF3: H
    CF4Age: 0
    x-cf-tsc: 1685886798
    CF4ttl: 31536000.000
    Content-Encoding: gzip
    X-CF2: H
    Server: CFS 0215
    X-CF-ReqID: aa5d744f4f965ee46a1556623efa303c
    X-CF1: 11696:fE.lon1:cf:nom:cacheN.lon1-01:M
    Accept-Ranges: bytes
  • 142.250.178.4:80
    http://www.google.com/adsense/domains/caf.js
    http
    IEXPLORE.EXE
    1.9kB
     77.8kB
     36
    61

    HTTP Request

    GET http://www.google.com/adsense/domains/caf.js

    HTTP Response

    200
  • 205.234.175.175:80
    http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js
    http
    IEXPLORE.EXE
    1.0kB
     26.7kB
     16
    23

    HTTP Request

    GET http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js

    HTTP Response

    200
  • 205.234.175.175:80
    img.sedoparking.com
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 142.250.178.4:80
    www.google.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.7kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    12
  • 8.8.8.8:53
    www.google.com
    dns
    IEXPLORE.EXE
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

  • 8.8.8.8:53
    img.sedoparking.com
    dns
    IEXPLORE.EXE
    65 B
     134 B
     1
    1

    DNS Request

    img.sedoparking.com

    DNS Response

    205.234.175.175

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fe598c446f3337520834f9e112213ce9

    SHA1

    e4c603a6a687c228b54f1fc9f9e3cf9aca1b75bf

    SHA256

    3f1609f1e3692ef19a30d6f0db9899727518c6af5fdc307de56286ddf4967642

    SHA512

    adaab44146de4388fd63a2421cdd3be93eee912bbe94e7a95c14e43749a23f8a0c5ac20c4114c14a8e8bc32fe1a58c10d7129e85c431f80296d095d604cc4cdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9621824898c7a3f68beeb7c30aeeaa89

    SHA1

    13ea821fd5adca8d14edda99e92d41f3883b65ca

    SHA256

    d4455551944efa2952bc2ae758cc8b3333ec2957144c1964dea31f32dde9dd59

    SHA512

    a536beca35e7f6d264c389b19a36c386482e229b8d189b838093f1826b36d639049873f61a9281c0f2607ece6ef717c7a515b91f8db06ede023313a03c0fd2a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3911a9ff6b638eadfc44c8a6c843c374

    SHA1

    2daddf498995d8023dda28512388bbab99389412

    SHA256

    9681295aee2e8698a0e049172a4ae8b08b4b35a2129f6bd01ff3749baf19c615

    SHA512

    90ead9ae86e1cc146d185bdc535ecc4cd9c172e4449f719f2d33c56c530f3789f5341ba7d4f18395ecf3e680bedfa58accebbf425d3e276ff693f6e33de085a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e580444bf8c927960dff0f968b132504

    SHA1

    21c9dd4ee587708cca60b2bbf639b375c18359b8

    SHA256

    546a776b6cc888f7ee3e02dfa046ac800f52bbda7dcf8b5819cd1956eaff6ca4

    SHA512

    351ff7fd0f6af832f1992d2360f7a0478c7dfecd53d6558d6c6a9446409622b3b1caa3b5a2d3caefd20b710d99e60f7c363dfc467c115d723095f53c9e6aef76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7b5c11085665a7ee60b654e5e0f6a038

    SHA1

    1fb55a5688cb6da893d1c6d6427f589a486ba9bb

    SHA256

    7a014ce89225c1798beadc0b4d0d7a2b2e17204980fa064165fea7e8b44b1df0

    SHA512

    e588fa82141453a11c0e248449e4f4d6ec5213e1b116b6ea76db177652813d79e9693d243e71424ac63a850ccfef7843f8b23e3297d1da258a3808061296ad21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fa737a1da031d6d05d2034dafc45135d

    SHA1

    df4961f50e0fea18b9221f7efbd9d0193e2f0b95

    SHA256

    f382b70d950517eff6502aaac4ea56b4cdb8bc7fe42aced6c5b05ef292dd36b0

    SHA512

    8cb874f4c6a9cd27551710e928c8b1b1cd3016bae0f550c74937b0b820e505f1f19368234f316edbeb34fd74839852c67edb020a0ebcf04c038841670f22485f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3fd1b60ffa1662b9d227a221f96c9662

    SHA1

    5391a9a855b4e5548db4e70df0d38d960b7ddeae

    SHA256

    eb4d41d0a1fc6d3932a6fa67939c88dff7a9a9e9e9f5fc0f53108eabacd3845b

    SHA512

    9c8a6a460a5a16155fe38724d3c95a9f218a9cb856bba8e8d0c4482e16f96c6f9fd35d62455b45770d66d3ed24c8bc3451a0e2ce8456a97552cba43aa9bf831a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    913a87e6107c9eb67cd3ff2415880b46

    SHA1

    eaf93d3cf4d3e16e585e8f6ca81ada575338683b

    SHA256

    b3bb9478ac03e84f3d7e29addfd58ddf247e873d80c335c12443eb07e783d8fb

    SHA512

    b9662e56fb5c16c0a024d5e19c5e33c6934a8186fbef16cc3dbd8c1ece164b4d79e176ea915d9f98d39cf15851708fb834a9b2b84637ce862f6856e0d685a0c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0c54faac5bbbd30ce3e2466747041f5d

    SHA1

    7734813dc18f01ccccc0993177c3f9666f07600d

    SHA256

    b8e213e9b76e0827cf327c32b49f3e7f96437325a72a2fd95869e1aa7a3b0f44

    SHA512

    3a28eb517a10537eda22933845da62b4ab6f33ac7db1d2cbb70ff26cd455a7d2cb661ebae729b7ea2be39c7e8de43f24b5947b0266237f3b62daa89d5d92b6e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f81b450b63b3a5c6063a4bb43dbfbd56

    SHA1

    8a23ab5d490ce5d8d6db6dc1430544ac87bda8e2

    SHA256

    03c28d9240c3f3a1908950e739666710d1435425b5f4237678706100db452b53

    SHA512

    ede9242270b0549ac0e6e4f5ebb5fc5c24a93244f6a70d7396813958d1b0679379d07ca5403faf4e8aedc2cb1391f19ebffffbbd973c2df74c036520cca6aa76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1229479454d6796a6a6e3e6ab6162e4f

    SHA1

    587b56c942a7b1cacabd54deb342b66922040f8b

    SHA256

    b0ee53f0c9896309e2aac77318a00d35937adb12136a6ada89ede68db9e98728

    SHA512

    f03f81358a08432c9e6a8b4450d57dfed28627c4183f41008813553716dd22cff3c22feb1bc9467ff1cdb5c102092940639948a8200477660381403f2efe5186

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    544005f0b8718c1ce961e3b79e31f175

    SHA1

    286e3afbb27f33d7f01fad0838bedadb410d1913

    SHA256

    adaf9ee86bac6a499709e329969c7db501d37ad318e29fd6264fb317cd317fcb

    SHA512

    69c7b6a800d90a3be00ca15d9dd7e6d3bb2b45844cb1980c912698af16bd15c10c5819b66db0a4254fd555398a7fd373983b7c68399d1fe07a718a0ac360bab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    464509cfb95048cf316a0eb619a30447

    SHA1

    6cb12ab7e0adedd9c0e93d237512ee0b635f2aeb

    SHA256

    5e990e89bad6f81e54dee24d7e51546c7fc8389485767021741214054eb8d006

    SHA512

    3f45ee85f230fceb81eb8a0b8cdfea5b51774c801bb5198043cfb77f33cc34a858fd33da61651e497f1dd21f0edbf856e64f26351fbc551ef32aec90b3f02bf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6999b76102d90ab285e37633371744e8

    SHA1

    8abcb50eab46a858fecacda9add0cc8d5b2b75e7

    SHA256

    251953be2908b0ccbb9c7d98938b2a2d01146c7246d29a1af66b9dd9c7666a6b

    SHA512

    08e3c0cb424301538c2b228acc35858929f49e56382bf054e9608f4d92405ffb30c8f37d30b8dbeb717cec7d6db797e957b75828c02a70a4d88a19817e87a1f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    63686ac203724054d5e5cfd73a08f5c6

    SHA1

    28ce0c70ffefc68df496453b0240924877a8a021

    SHA256

    36946dffdc2a52714f572b7ea3da7ea9b551db95696016150efd89c70ec7a5f0

    SHA512

    d3309cdb25b1bf46ac0fcb64edbc3ef50d6a6bf0397c1e13817fda711d59436b3571c5dd2096ab19ddad7a3104c1795d914dbc978e0e486bd628348e4f677cea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    65a209ffb06f12e03b215bba9ed625ad

    SHA1

    b3595c3c5e27bff33dd2167bc57be5da76fd82cb

    SHA256

    1d0f54c67656ae5b4a3e2560d3020afc7035e46e77101703c6aa7de1dc90cf40

    SHA512

    6ed24f9d56e433c59cd52437e3efca10d4fc06e5c3b3b97beb13107cc3587bf0dc3f926c0ff2781db9911143dd1ac008fde71e3009dee32b50d114cb59ab7373

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2af071976c290e901977f74afd067735

    SHA1

    dc3900e8def626d7b37383677f0a1743033e6324

    SHA256

    adb370fd2140de4440a5a17d646e2e67c7f2c1afde5bb19e0bec2b7de4f3efe5

    SHA512

    74ea294dd90bacf69952ef163a0b5c769a83ae88cc61e1bb738d7a98e468223dcab80a9e5231ffde419b96676df2d879cc2d4ebdaa1097e44a7b6c459b286948

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6e79360ffb518b8350329f7d759a5278

    SHA1

    851c91d549f8f011c91e052f73ccb90151938781

    SHA256

    4f76dcc8a683a8d9ad6d0f031fc99aa3d65f8b673fbb2220f71a9129a7d7323c

    SHA512

    3c1f6d0ef93e3584f30b2c311e76640f56070a3e7038e40d804e721e77c733c783a466c652be38dc7ced63756f474956091c66de2acf03cdf94322498caaac1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3EB7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3F75.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3F8A.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.