Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

257241a70c...18.exe

windows7-x64

1

257241a70c...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 09:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe

  • Size

    631KB

  • MD5

    257241a70c2ba26dcae023b5e690cbf8

  • SHA1

    fff30fc2414b818b81d0531914032ee29e871c31

  • SHA256

    eccba08fb580b8da4671f3ea80905e45fbdf8a3c7b0808e7c05ca33f3d983159

  • SHA512

    de2dcf4346ddc180cdf6f58fab56485187e21b599d9ec845de4f6889d1e6e90a9404b50dc9ccdf0f86b911f4dce36bfe41fafbf91451179f88f32689cde0e3f4

  • SSDEEP

    12288:/NoFmw6FvnRuzg/axX7JY+eSUSuuFi4A547+8pVpDckHxYfpWd:/Nlw8vnRuzg/axLJY+cSJFi4ACy8pVpd

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1888

Network

  • flag-us
    DNS
    imp.optimum-installer.com
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    imp.optimum-installer.com
    IN A
    Response
    imp.optimum-installer.com
    IN A
    209.126.123.13
  • flag-us
    GET
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=setup_run&spsource=&offer_id=clean
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    209.126.123.13:80
    Request
    GET /impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=setup_run&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
    Host: imp.optimum-installer.com
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 586
    content-type: text/html; charset=utf-8
    date: Thu, 04 Jul 2024 09:28:10 GMT
    server: nginx
    set-cookie: sid=bb192112-39e7-11ef-88f7-254fb7fe1b09; path=/; domain=.optimum-installer.com; expires=Tue, 22 Jul 2092 12:42:18 GMT; max-age=2147483647; HttpOnly
  • flag-us
    GET
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=dpi_1&spsource=&offer_id=clean
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    209.126.123.13:80
    Request
    GET /impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=dpi_1&spsource=&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
    Host: imp.optimum-installer.com
    Cookie: sid=bb192112-39e7-11ef-88f7-254fb7fe1b09
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 582
    content-type: text/html; charset=utf-8
    date: Thu, 04 Jul 2024 09:28:10 GMT
    server: nginx
  • flag-us
    DNS
    install.optimum-installer.com
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    install.optimum-installer.com
    IN A
    Response
    install.optimum-installer.com
    IN A
    78.41.204.35
  • flag-nl
    GET
    http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    78.41.204.35:80
    Request
    GET /config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: install.optimum-installer.com
    Connection: Keep-Alive
    Cookie: sid=bb192112-39e7-11ef-88f7-254fb7fe1b09
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 04 Jul 2024 09:28:18 GMT
    server: nginx
  • flag-us
    GET
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=install_bad_config&spsource=&referrer=http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z&offer_id=clean
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    Remote address:
    209.126.123.13:80
    Request
    GET /impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=install_bad_config&spsource=&referrer=http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z&offer_id=clean HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
    Host: imp.optimum-installer.com
    Cookie: sid=bb192112-39e7-11ef-88f7-254fb7fe1b09
    Response
    HTTP/1.1 200 OK
    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 744
    content-type: text/html; charset=utf-8
    date: Thu, 04 Jul 2024 09:28:11 GMT
    server: nginx
  • 209.126.123.13:80
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=setup_run&spsource=&offer_id=clean
    http
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    578 B
     1.2kB
     7
    5

    HTTP Request

    GET http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=setup_run&spsource=&offer_id=clean

    HTTP Response

    200
  • 209.126.123.13:80
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=dpi_1&spsource=&offer_id=clean
    http
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    532 B
     1.1kB
     5
    5

    HTTP Request

    GET http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=dpi_1&spsource=&offer_id=clean

    HTTP Response

    200
  • 78.41.204.35:80
    http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z
    http
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    690 B
     398 B
     5
    5

    HTTP Request

    GET http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z

    HTTP Response

    429
  • 209.126.123.13:80
    http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=install_bad_config&spsource=&referrer=http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z&offer_id=clean
    http
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    766 B
     1.2kB
     7
    5

    HTTP Request

    GET http://imp.optimum-installer.com/impression.do/?user_id=a72d6ece-2c06-487f-bc3a-dc609710368b&event=install_bad_config&spsource=&referrer=http://install.optimum-installer.com/config/clean/offers.json?version=1.0&pid=installer&ts=2012-04-24T16:50:02.0938011Z&offer_id=clean

    HTTP Response

    200
  • 8.8.8.8:53
    imp.optimum-installer.com
    dns
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    71 B
     87 B
     1
    1

    DNS Request

    imp.optimum-installer.com

    DNS Response

    209.126.123.13

  • 8.8.8.8:53
    install.optimum-installer.com
    dns
    257241a70c2ba26dcae023b5e690cbf8_JaffaCakes118.exe
    75 B
     91 B
     1
    1

    DNS Request

    install.optimum-installer.com

    DNS Response

    78.41.204.35

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.