Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

7a5f0c7c91...8.html

windows7-x64

1

7a5f0c7c91...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 20:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a5f0c7c91b86322f94120d10188130f_JaffaCakes118.html

  • Size

    19KB

  • MD5

    7a5f0c7c91b86322f94120d10188130f

  • SHA1

    6f621b8ca161158c381519986647db20c1668402

  • SHA256

    7f44044f25019bb3faa407d8a3442c2f709c8f45804ceb5d728cb5fe4b3b238a

  • SHA512

    e177dc3d694020484aff5e70ca7d91ce5b75da3ea763e4a6a5781506c6689e447f101b72ecaa50faa1b8d40642e99c2d51e0ffbe920ae7fe355e8c78704b80e3

  • SSDEEP

    384:ziSKhgES4VBD8cyQ3RUF9xIvemLEXucfIk9xhe8zVc9I0P:zifS4gcV32FfRmFOIk9e6qI0P

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a5f0c7c91b86322f94120d10188130f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2916

Network

  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    216.58.215.36
  • flag-us
    DNS
    parking.parklogic.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    parking.parklogic.com
    IN A
    Response
    parking.parklogic.com
    IN A
    67.225.218.50
  • flag-us
    DNS
    img.sedoparking.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img.sedoparking.com
    IN A
    Response
    img.sedoparking.com
    IN CNAME
    sedo.cachefly.net
    sedo.cachefly.net
    IN CNAME
    vip1.g5.cachefly.net
    vip1.g5.cachefly.net
    IN A
    205.234.175.175
  • flag-fr
    GET
    http://www.google.com/adsense/domains/caf.js
    IEXPLORE.EXE
    Remote address:
    216.58.215.36:80
    Request
    GET /adsense/domains/caf.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Type: text/javascript; charset=UTF-8
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
    Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
    Date: Mon, 27 May 2024 20:10:44 GMT
    Expires: Mon, 27 May 2024 20:10:44 GMT
    Cache-Control: private, max-age=3600
    ETag: "16665605870773892419"
    X-Content-Type-Options: nosniff
    Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: sffe
    X-XSS-Protection: 0
  • flag-us
    GET
    http://parking.parklogic.com/page/enhance.js?pcId=2&domain=patqut.com
    IEXPLORE.EXE
    Remote address:
    67.225.218.50:80
    Request
    GET /page/enhance.js?pcId=2&domain=patqut.com HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: parking.parklogic.com
    Connection: Keep-Alive
  • flag-us
    GET
    http://img.sedoparking.com/js/jquery-1.4.2.min.js
    IEXPLORE.EXE
    Remote address:
    205.234.175.175:80
    Request
    GET /js/jquery-1.4.2.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.sedoparking.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 27 May 2024 20:10:44 GMT
    Content-Type: application/x-javascript
    Content-Length: 26742
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=86400
    Expires: Tue, 28 May 2024 20:10:44 GMT
    X-CFHash: "0d658c3f0a7efaa05a6fcee9758231b3"
    X-CFF: B
    Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
    Vary: Accept-Encoding
    X-CF3: H
    CF4Age: 0
    x-cf-tsc: 1698243700
    CF4ttl: 31536000.000
    Content-Encoding: gzip
    X-CF2: H
    Accept-Ranges: bytes
    Server: CFS 0215
    X-CF-ReqID: 846fe8c578a020c37a45d6dce5818ce4
    X-CF1: 11696:fG.lon1:cf:nom:cacheN.lon1-01:M
  • flag-us
    GET
    http://img.sedoparking.com/templates/brick_gfx/common/logo_white.png
    IEXPLORE.EXE
    Remote address:
    205.234.175.175:80
    Request
    GET /templates/brick_gfx/common/logo_white.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.sedoparking.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 27 May 2024 20:10:44 GMT
    Content-Type: image/png
    Content-Length: 2237
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: max-age=604800
    Expires: Mon, 03 Jun 2024 20:10:44 GMT
    X-CFHash: "39b0a05252eea66e96c606ee3a957756"
    X-CFF: B
    Last-Modified: Thu, 28 Jun 2018 13:09:28 GMT
    X-CF3: M
    CF4Age: 0
    x-cf-tsc: 1685188529
    CF4ttl: 31536000.000
    X-CF2: H
    Accept-Ranges: bytes
    Server: CFS 0215
    X-CF-ReqID: a14e07bbf0b64d222f5b13f61710fc26
    X-CF1: 11696:fH.lon1:cf:nom:cacheN.lon1-01:M
  • flag-us
    DNS
    ww1.patqut.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ww1.patqut.com
    IN A
    Response
  • 216.58.215.36:80
    http://www.google.com/adsense/domains/caf.js
    http
    IEXPLORE.EXE
    3.3kB
     77.4kB
     55
    60

    HTTP Request

    GET http://www.google.com/adsense/domains/caf.js

    HTTP Response

    200
  • 67.225.218.50:80
    http://parking.parklogic.com/page/enhance.js?pcId=2&domain=patqut.com
    http
    IEXPLORE.EXE
    522 B
     172 B
     5
    4

    HTTP Request

    GET http://parking.parklogic.com/page/enhance.js?pcId=2&domain=patqut.com
  • 205.234.175.175:80
    http://img.sedoparking.com/js/jquery-1.4.2.min.js
    http
    IEXPLORE.EXE
    1.1kB
     28.4kB
     18
    25

    HTTP Request

    GET http://img.sedoparking.com/js/jquery-1.4.2.min.js

    HTTP Response

    200
  • 67.225.218.50:80
    parking.parklogic.com
    IEXPLORE.EXE
    282 B
     92 B
     6
    2
  • 216.58.215.36:80
    www.google.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 205.234.175.175:80
    http://img.sedoparking.com/templates/brick_gfx/common/logo_white.png
    http
    IEXPLORE.EXE
    906 B
     3.1kB
     13
    8

    HTTP Request

    GET http://img.sedoparking.com/templates/brick_gfx/common/logo_white.png

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    11
  • 8.8.8.8:53
    www.google.com
    dns
    IEXPLORE.EXE
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    216.58.215.36

  • 8.8.8.8:53
    parking.parklogic.com
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    parking.parklogic.com

    DNS Response

    67.225.218.50

  • 8.8.8.8:53
    img.sedoparking.com
    dns
    IEXPLORE.EXE
    65 B
     134 B
     1
    1

    DNS Request

    img.sedoparking.com

    DNS Response

    205.234.175.175

  • 8.8.8.8:53
    ww1.patqut.com
    dns
    IEXPLORE.EXE
    60 B
     133 B
     1
    1

    DNS Request

    ww1.patqut.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f8e34bf92991972d65841b937d7313f

    SHA1

    f31235129cd518a5486689037e04615f94f686ee

    SHA256

    6b543f13f8ee4268e68492fc9d43bf839f966b892dfb217391773d0d2662fec2

    SHA512

    c48ecd3a62e49636237db55109d602b6f7193dd62fa89c11870f8095ab9d980c9dfd77b2d7b8284889ac1e75c9422a0ee7e5c2be6f5f0ced7c1eb473396e6926

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6eaa73fbdaddd1378a71ebe3492a5904

    SHA1

    46f6357c092ee465b9257c002678177e07430dd8

    SHA256

    b1e466437642223122d26517495b543b44e718b7cac3ba6e9de758f689c321a7

    SHA512

    36f8103933f2cede651a14167910f214645a8aaf51b523d3e57b6f8cf6e1de575ff0f270428860598ff173c5b38355307edf74c30ad9e21010edb24bccbb6d62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9eb766c043c87315c78d2d310fb563d5

    SHA1

    d59db6f13bdb8599e439957222ecd2c27e786441

    SHA256

    86433035f926fb205c35a9c44f9ca9a6fc7f98e66976bce96a0828827444e4ea

    SHA512

    dab598bacfaa7dc02a7f6c7055e35250d6e62805876804c7972f927e09db1ba9f27a22228e99d058bf52f642f88202f92a4f31705f42adcc5aaceb80e869a349

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3c9037d9011af2aecfd1022d6bf5c7e

    SHA1

    85b9ffd98e377c93a65e00f0f5f2b1d55bf6d893

    SHA256

    6cb4c6b1287ffab9ec75f9f2ecc8189a46236b28154d7aff2ee2ba664ddf309d

    SHA512

    ebc8d5fd49b64f5198a065e7d6ccf0974195a69f24e909f903b4301be9a56658298ccadad3a2c3f187a1c529d39155167a40d3cd35b8e954d53107b4f15e15d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1431bc3afa5e7da18581e71b24748de

    SHA1

    77fab8916c5fe8391ce55fac94d7a6ea808b02be

    SHA256

    c9570a4cf43093113da81bd23160db0ad16d73b589c50c6031ec40b1cf26de00

    SHA512

    9d013b72fd89ea39908f8c22d5b65fd47ecbb0a9c845a1b1d8841a182b5f490f6a56a0773e63f0e70eff5e050e0534afd87d8cfca95988a9ef3a70bd5d5ca8aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87986f4bf866e0b27487eb0f41910227

    SHA1

    307e3bed67c110574c53e64a903f95559c00f904

    SHA256

    276d8385bcc4642a707ff4ce68abc89652d5054d949cb8045952a91ec1220a9a

    SHA512

    874dd726095873342f776ff99228e39699ebd82bcfdee9949324be21e8731d0be694ce0f7174bd13717702d746c0af0f2846dd04b9f54565fd185642aae78618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d87e2c580375120db3c688a627c3686f

    SHA1

    3f95e966bb03343adf546837e66ac694c22b4db2

    SHA256

    3888024317ecb3b4b53aab9f7d176279f21ba4d3115d07fe2d6db82cbce35640

    SHA512

    3e567d9f3c065d4cca40c4c0143d1478fd7a64dd4ee00029542b90ab2d6d2ae0433b962ed9a368dc5c703c897eb27b532bd86f997a8cbd9c71c2d24b6c5fc33b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7f6d036e323729f986c8621b11dba4d

    SHA1

    3fac2eec370f85563fa07233efabcc7fbe5211b2

    SHA256

    622a8d11f5ef3a67f28ef2a8660619dae4c6e012c3ef31d7f3c5f60d1c7ad564

    SHA512

    9569b3ea69906e46b2fa33a0e91a6c58a32a90c6837bfb105ebf8f32714a717272c1cac59ef5ed139430455ac15473e6d8d88045ceefb2ed3430a5d92dcfad3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ab8ee6c1bcb596ae2410c1dcda9d986

    SHA1

    9e5b215c4030fc3e1b2958cb6efb91ced6df3e03

    SHA256

    f87c74be04b102e3a62a79cebfe2c4617802f89922d2f18cc05bf214974e5713

    SHA512

    e853f99b49a4d566c984b48c54e838d23d68f9a08bcf507271838b8e982e328b982af9bd46802183c1d706aff08ae1f8157baa4725cc94736390c6c7fa1703f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    381bcf9f98724206ae7188649cb386da

    SHA1

    456ba521d74f8e2e6a640fda2823d34256b34864

    SHA256

    6f2f4b52c86a7a5e40f44abebb64dbfcb82a245af1ace95e820c0b92e9694046

    SHA512

    2df38a46bf2de037ae63785e15dc747e9c784e4dc0d471adb6535eeaba6ef0a4e7e911936078f69826343b7939899970929ba59d85be598afc90b5c678d482b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7de18208d6109a37f48dd5eb9021f7c1

    SHA1

    3a5a0b8444a10e42be278eb7716aa8bd93ef7e5b

    SHA256

    078a0e90ab980b83a565301da463e335fd8bfbb56715be9f7475a04feb7e315f

    SHA512

    a05669edd7dd0928e224cde830bcb477d736bd993d91ba4ce79d0f8062339652f188b849e873eadd4f8dff5f3fb456761d036eae572c20ec0682b6e5544d5cde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfff9b0aee759aa57ba4b9a1edece566

    SHA1

    3efb309f6d7ff32f7a16d97c1997ff46c91c7a9e

    SHA256

    57cd458c23bcede04ebc6d40ddba7b8ae7bfd45bd2d5fd1d1ccade692e63aea6

    SHA512

    636e8eb247a5251c787dd9127afeab768c031fc6e83fa70aec3f170c813f0569fdb154173fa2c87252e13c19b2f3772490dfcb989a3fa1a826c988300543abfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f61f94f61b22cc7ee74054bafae2b0cc

    SHA1

    399068ade3f539c883af93c63f0db1955587a8d0

    SHA256

    b63409ebc20d461efd52c4892738b6058f5e992b7a82038c250cf3729ff4acb0

    SHA512

    97ca80b77ccf09fe2c56256331f9694069396bd51937bdd7af8523a0d03997d0d308e226d636a805b990cca93dd6c91cb42b4c876aa100d28733f0c688dff2bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3390.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3666.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.