Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10/07/2024, 00:32 UTC
General
-
Target
329d236ba6a9b6ead652f42e63c80e00_JaffaCakes118.exe
-
Size
635KB
-
MD5
329d236ba6a9b6ead652f42e63c80e00
-
SHA1
d9642cbd4757b3769e45b66952508ac9fcdf0384
-
SHA256
84e5f078a9feaec2360cf0a1e93f7752c680134bbb5ae48bad3e47d93a44731a
-
SHA512
b78887d5836bf19d2f4dbfeabf604e9917fac0c6e0e1f1fc8c75f27f9d7139e28eeb23d89926fd28359ce3c10e57647fd9fda9c52b08d4984bae471a3de2bd8c
-
SSDEEP
12288:sYGONjeuSAnRsICmgr17JY+Djg8ROFnIUvj/X+oVbyWDsK/H9zpl6x:LrNjYAnRsICmgrVJY+A8ROFnIUT+oV2r
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\329d236ba6a9b6ead652f42e63c80e00_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\329d236ba6a9b6ead652f42e63c80e00_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
-
DNSimpressions-proxy-1085035873.us-east-1.elb.amazonaws.comRemote address:8.8.8.8:53Requestimpressions-proxy-1085035873.us-east-1.elb.amazonaws.comIN AResponse -
DNSinstall2.optimum-installer.comRemote address:8.8.8.8:53Requestinstall2.optimum-installer.comIN AResponseinstall2.optimum-installer.comIN A78.41.204.29
-
GEThttp://install2.optimum-installer.com/config/alfaarts_superspeedup/offers.json?version=1.0&pid=installer&ts=2012-06-09T18:22:28.3247763ZRemote address:78.41.204.29:80RequestGET /config/alfaarts_superspeedup/offers.json?version=1.0&pid=installer&ts=2012-06-09T18:22:28.3247763Z HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: install2.optimum-installer.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 593
content-type: text/html; charset=utf-8
date: Wed, 10 Jul 2024 00:36:42 GMT
server: nginx
set-cookie: sid=7ac78e72-3e54-11ef-a6cf-cabfb5b130c8; path=/; domain=.optimum-installer.com; expires=Mon, 28 Jul 2092 03:50:49 GMT; max-age=2147483647; HttpOnly
-
78.41.204.29:80http://install2.optimum-installer.com/config/alfaarts_superspeedup/offers.json?version=1.0&pid=installer&ts=2012-06-09T18:22:28.3247763Zhttp
HTTP Request
GET http://install2.optimum-installer.com/config/alfaarts_superspeedup/offers.json?version=1.0&pid=installer&ts=2012-06-09T18:22:28.3247763ZHTTP Response
200
-
8.8.8.8:53impressions-proxy-1085035873.us-east-1.elb.amazonaws.comdns
DNS Request
impressions-proxy-1085035873.us-east-1.elb.amazonaws.com
-
8.8.8.8:53install2.optimum-installer.comdns
DNS Request
install2.optimum-installer.com
DNS Response
78.41.204.29
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
593B
MD5b5fb62a4b301b3633aafcbfb148934b5
SHA1a06a8d158bc52312742f20a417bf579ab967c221
SHA256b9b8ad442d16bcf7021d5e3df4d07386e019e9918b42b6be28ef0c2202230af3
SHA51269c58e6620a50d54cb19588af9a74a8b6fa36441b7afdf1a3d001b10d82b519273509a3c5faec56116cc1ab0d55a406dbdc49f904c731d1cd7aeeab0a4a69cef