Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

a11c1158f6...8.html

windows7-x64

3

a11c1158f6...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 03:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a11c1158f6109aaa6ab5174507236c08_JaffaCakes118.html

  • Size

    6KB

  • MD5

    a11c1158f6109aaa6ab5174507236c08

  • SHA1

    f5f4507fcce4af3e44cce0e5380541a77f92b744

  • SHA256

    444171e7848b6c52908e0830b674a3e15dea615704fdbfaa30e68e900bb8c75e

  • SHA512

    fdfa2639e879d5af43234130cee992999dc2ef440b610f8105f64954fc322a6cc431f004f21e834ad33111523cc39e365ee28aec58fb339e51f93fa999093213

  • SSDEEP

    96:uzVs+ux7hqLLY1k9o84d12ef7CSTUHqTcEZ7ru7f:csz7hqAYS/vb76f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11c1158f6109aaa6ab5174507236c08_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2396

Network

  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    52.41.230.189
    fc01.deviantart.net
    IN A
    52.26.33.90
    fc01.deviantart.net
    IN A
    44.240.114.121
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    52.41.230.189:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 17 Aug 2024 03:55:49 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    35.164.23.224
    orig01.deviantart.net
    IN A
    52.32.112.157
    orig01.deviantart.net
    IN A
    35.80.167.12
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    35.164.23.224:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 17 Aug 2024 03:55:49 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 52.41.230.189:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    606 B
     634 B
     6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 52.41.230.189:80
    fc01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 35.164.23.224:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 35.164.23.224:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
     387 B
     6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.7kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.7kB
     10
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    947 B
     7.7kB
     12
    12
  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
     129 B
     1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
     124 B
     1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
     113 B
     1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    52.41.230.189
    52.26.33.90
    44.240.114.121

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
     115 B
     1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    35.164.23.224
    52.32.112.157
    35.80.167.12

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3117e3645a8b3e3c1476ae6b03e8e149

    SHA1

    9b56efe4e2f8beb30df199c18d4ed76443d79840

    SHA256

    44e8cd2701b33e1471e4dc366097662d04a31beb6808058b068d2b9531faa1c1

    SHA512

    81b892a1d8ba1a1d305bc1c7e002c2236e786d51c28d4d2d1ff859500a5fa54f5cbea4b78091fac155886563d11d8abe395c7f8ceb7d7f303006bd32bf39358d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6dc7554c9c725f3736569483d12d152

    SHA1

    d2a28375349fcf895a293c7a2224a316226084ca

    SHA256

    c667bb32edaa114b1e61c20f170cbefeff91f705aff20aee9be73d72bbab62ce

    SHA512

    2e6825c0f57370113ffed2faecd901cd1157d46ab442668b372f546b84dfd473b606ec88673f81bbc2b777508509fb14428672d4d20893e881c72846bed5bfbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7077662f7756fd62152dc611ad0ce6fb

    SHA1

    7f82b1fc451ad94002424fc99e6fccd7a1373b41

    SHA256

    32136b1a0b8fe6ace1da4cf42da8a905541f679cd93e39e83070409011a9a733

    SHA512

    4d47d20173123672cd32a4b8ee36fb0caf15b4259f8335988b2a5d76d1e1a3dbe752ce3dcb8826d62b3a87872743e9fa114d8627d82eebdecd0afd4ea0efb367

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55a2084126a7387a3781082129b874b8

    SHA1

    b365bd6d60fe41730bac83f664ab632f17f4f4f2

    SHA256

    bf072d87101e39603684b7cf0b109688be1b719e194798c9fd9ac103b8b0224a

    SHA512

    f748b423ed3fe47c25c61eef9f2be40294b471b92aa002385119fc1b7d469ec8457f7cb86b86e791c964211c9e971aaa70fee94b0370563716dfbef292c41cb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    418b192ad647fe4dd431f37f48328985

    SHA1

    3044e7ef459cd91ebc0d007a794001419d295764

    SHA256

    0f007b071e747fbf981c40b8ea3503b9d192de6041e4b7196828e4e96153d704

    SHA512

    587d5c2849068b3e74b59331413b4c5e0e5f32c18a00ec6fdc93aa87164c456a7ed9af98ef30ab86fa669fdf43fef4ec75deb6c34024868c75a4009a326f7f47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d820e8e4ad38e2c21aede0b6e5341a7

    SHA1

    213bc1bf7b191eba0f3a5b82e6c6287e319d344f

    SHA256

    51ed6316e4a48687bf5008eb39b6e61023a5279f109ebb585a2af00d3e387eae

    SHA512

    c1449b505a2fe7a8eb8527892ffde55529fea79e917c55166a040454bf1a7ca9bf285d30b247e1e4770adeb2951079b2a843a5b7c7d80b9fd8ebc549c7782f11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e8062854530a79d88c048801e0ecd17

    SHA1

    37a74b46263cf28f1a7eb0409b19567cc674b65e

    SHA256

    a3951db2523971792b2cbfc96a6871a73779fdc0beabb829e8b923bff4f307c4

    SHA512

    be4c6df6b029af29b254a194f8762db8898cc4b3db8cdd0a454de4c592592319c7828362f8a31bc7065e38cfd89e5b129658ef6008fc430422ef964a8328cb53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bc50eecab67674bfed720ee1611b83e

    SHA1

    9d3148dc1c735ebef9803d0e5d374989056d663e

    SHA256

    d1e8ef599c204426badffe1253fa8bbecf7f67b6a680927194b092cba3540d10

    SHA512

    b7c8db8e6b2e6cfbf321786c85db716a6befcb6e34d75557727817a9f869b92b18df2f6d8ac8c7bae750ec8f2f280ee4bd82b5a42bcc567188bd5a1b68c23e98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fe09589229b66f72811c77b408cb8f4

    SHA1

    c00a3556ceac24da6632846f8ff33b9b5d35ce61

    SHA256

    ecc5b261df21b1aabb398945d1137f186b94986c77fc5b74b084efc8e14d79f6

    SHA512

    506b1e78c1335cefae71a4b7c6e86a6405aef3caf7114fc5dca43baff08ce919f86c508e848cc3fa5a465a78b831c1a28edb0a232075d08f6b751709a4378327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bee58353c498f1f5241ea16c99611dc

    SHA1

    638820e2fd2122cf50e5997a2586a42dce0bfa78

    SHA256

    5287489932ba9d35f04c6292de4fb2dccbb5c031bc9ad33ba195d5661923403f

    SHA512

    68b8e20633076d9301b569df9ebde3c723c5d5c3e47f4a74e973ae3817429e158168ed50d9815d02d87b179e026857174376cf02b37e5c22b1c9ca116127a83c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    123a67f246f35f9dfc947ac1622692c8

    SHA1

    03acb37e99218010f7a92d271826370b52aa0361

    SHA256

    c6ee7f49a0365bc9454d57c1a2e00823ca9e961ed1d32f8f428f2b4bdc6052df

    SHA512

    e5362870415fb9843a8915de49815d9706a53df0ded772fd96e516afb5aee6caedb3142a25056b4b83939657bf8cdebb155eb1b063a4202cc84fd1866943c9c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD911.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDADB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.