Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

7ac2729502...8.html

windows7-x64

1

7ac2729502...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 22:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ac272950226d84948dff16770cc8096_JaffaCakes118.html

  • Size

    139KB

  • MD5

    7ac272950226d84948dff16770cc8096

  • SHA1

    474ab8463056717bba75c5bec69151414735897d

  • SHA256

    93cd3a1ebab60adc22999de167b50106506dad1e3de717465508fa3a00ddd19d

  • SHA512

    295f398cdedfb0a2aac2183b82658c7ff99c713b6a83d43d913dae8c6eb6e6d76893d9b598ec7fa7278de04ed4f2934fd2d084f99e2a6050339141f3f44aa0db

  • SSDEEP

    1536:SZfnwXzTlpfmZsyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SZW6ZsyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ac272950226d84948dff16770cc8096_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2780

Network

  • flag-us
    DNS
    edu.cn.evyad.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    edu.cn.evyad.cn
    IN A
    Response
  • flag-us
    DNS
    bdimg.share.baidu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    bdimg.share.baidu.com
    IN A
    Response
    bdimg.share.baidu.com
    IN CNAME
    share.jomodns.com
    share.jomodns.com
    IN CNAME
    share.n.shifen.com
    share.n.shifen.com
    IN A
    39.156.68.163
    share.n.shifen.com
    IN A
    112.34.113.148
    share.n.shifen.com
    IN A
    163.177.17.97
    share.n.shifen.com
    IN A
    180.101.212.103
    share.n.shifen.com
    IN A
    182.61.201.93
    share.n.shifen.com
    IN A
    182.61.201.94
    share.n.shifen.com
    IN A
    182.61.244.229
    share.n.shifen.com
    IN A
    14.215.182.161
  • 39.156.68.163:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 39.156.68.163:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 112.34.113.148:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 112.34.113.148:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.7kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.7kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.7kB
     10
    13
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 8.8.8.8:53
    edu.cn.evyad.cn
    dns
    IEXPLORE.EXE
    61 B
     114 B
     1
    1

    DNS Request

    edu.cn.evyad.cn

  • 8.8.8.8:53
    bdimg.share.baidu.com
    dns
    IEXPLORE.EXE
    67 B
     252 B
     1
    1

    DNS Request

    bdimg.share.baidu.com

    DNS Response

    39.156.68.163
    112.34.113.148
    163.177.17.97
    180.101.212.103
    182.61.201.93
    182.61.201.94
    182.61.244.229
    14.215.182.161

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    70303edadb78e3837ff3afc5e5a3bdd1

    SHA1

    d9917bc882a853a325cd9fe8fdf94510b86890ed

    SHA256

    ee58213133a93845b519c125f5f9da80df384ddc982166b6a93c09334c82e4d6

    SHA512

    894c998b6fc19b77b3c16f4d9505a7a2a0c5a913bec27eb7abd12f1299d8b363e44728eabc1dbf91759b108b9f0d5e6c7451c8dcb608cd90d6cc43a821f7836a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c0782f70a1dea741a02589a52fb90de

    SHA1

    da9c18fdfa9eab7c6302eb95d0bca4115e931ac0

    SHA256

    96a4427c597365e42f13107b6a58ab4a3424d3010e44a30754b9e38c053de9f8

    SHA512

    65a2b1c03f56194c6ca90f1c36970f460bfb3dedbdf0364f7803df07339792d3c0d47faca4056048d3e4478de6b28ab80f95c73c3736549e970708d9bd4477f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e19c083919b6345f35d2f6dc8ebe265e

    SHA1

    9a1647a87c90428ffb513d84409770174b34f222

    SHA256

    84bb0e9a60d72bb4e95a60333a9f9f373699e4eb9bb228b5822c1135b4853623

    SHA512

    c91287e1758cc52ff372043b56370a17e89ea73ae30887f976f089d81fc7e88b8e80ec9cec754f6160743adb70b93c983765ecbdd6e9eb01e08816d43d977037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c0b9fdab3e53f563bf92d3e111da8b0

    SHA1

    9f286234819669ac5ad8b10b9ea07abb50bb2450

    SHA256

    ed176f1541461a1448025d5d56eb0e9ac8ffbe11abad050883d5a83ff295cd93

    SHA512

    59448e3ad9ca9942d72dc0cb3e587b5666c9b67266faf399ee0bf07932c69f99f3522ecd71b4af8768ce3aa4d7ed0b10c63b65a6bd8a1cb0e121e0f393068a0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78964f83a82df48865904ea93f497060

    SHA1

    3e96723adc3b1dadd23c6a25f11b79f06a9811c1

    SHA256

    64b4e6818ce452917fc6da64799ce7cf2eb8bb45bf801aca18021e260800e0f6

    SHA512

    9a11a414c64a15fbc7f60a157d21068290619b9030ce6ac62fc685e1739b2b4dda92491f6b65b2b852259ebdd42dae97aaeaaab623acd5ac69d02238573e591f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    089422378bc2162926776e1822e4e3b8

    SHA1

    065e3baff41587147fb116b647e2d6b488a67b39

    SHA256

    53305b7aa72fb9811bfdc5cbe74941b466f026124f1181f1ba73774b230023a9

    SHA512

    999cc06e765d18baff90cdb0611969589ab2d60470de71b9afdeefd01341fc5100aa681167a6b6709f29f2595135cae202043dca3eda7c9e22243e20835b0897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e161213dfa766c18ea1125e0323642c1

    SHA1

    30a649db8f4e3d12c767b1fb6cecbd59c1f066de

    SHA256

    b1b96308128407d2655a69ba817116267c3b5454b64049c9d665882c5fa28ee5

    SHA512

    5e41c7198f79c0bc8a2ff59b1fcb55e14e8004953901897c979e494d7837615c631ac6a141df006399bab360199772ef3e707fcca7f71ff434943b077b425249

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37e6429e0096c145bd1e231b8a501f68

    SHA1

    1d719768a9a5a94f1483623147e219dbf73cfbf5

    SHA256

    5b713d0579d43379cd0aa3eda725e1abadd66dc9360b76dcdeb0be14761bdbee

    SHA512

    e92c31802237f680aa8a20da1e811626a2c7d6a4592302cc78f2683437c1459a3dccaf288e936ea871325684abbe7d1a5dca6fc575ba94de141b88eaa0135905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73d74679ea0868710a3cb46b334fd399

    SHA1

    d9f04a058f66c48272b2e31dbffa132c6f3ee090

    SHA256

    c922a9ddc47e6d009ead7d0033db4c2ca70568fe0e372378a04d87c510545049

    SHA512

    9186643ec233e14c8d27b5b01c9ec85af8e8e18372262fe70c812c029e5465420e3e226f27690633e356cd367f5d3bd3e2470077633a48f99d5dfb6b0afa3aba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1077.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar10C8.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.