Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

b89e59ae3c...8.html

windows7-x64

3

b89e59ae3c...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 18:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b89e59ae3c0b0db6d8554aa2d81ee386_JaffaCakes118.html

  • Size

    11KB

  • MD5

    b89e59ae3c0b0db6d8554aa2d81ee386

  • SHA1

    4a29f5e59aa19a5880c7b545ddc224936e37d3b1

  • SHA256

    212557caf52dcba56217f7f35d08c7dc728724a21483874bec22d930670f1c7b

  • SHA512

    1901172ab348b4cf49e54bf9bbfc2b66c7cd9c905aed180838debcc0195818d8234a54a8df898dc3203e98fc341e28e69d2e13edf7f1a967c09eca233989cd68

  • SSDEEP

    96:uzVs+ux7HLtLLY1k9o84d12ef7CSTUaGT/kG5pJ47XTu8BdF1lxw7XLjlVHcEZ76:csz7HLtAYS/rSJuXTBPyXLjPHb76f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b89e59ae3c0b0db6d8554aa2d81ee386_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2752

Network

  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    52.41.230.189
    fc01.deviantart.net
    IN A
    54.191.56.108
    fc01.deviantart.net
    IN A
    52.26.33.90
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    52.41.230.189:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 22 Aug 2024 18:12:06 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    35.80.167.12
    orig01.deviantart.net
    IN A
    35.164.23.224
    orig01.deviantart.net
    IN A
    52.32.112.157
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    35.80.167.12:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 22 Aug 2024 18:12:06 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 52.41.230.189:80
    fc01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 52.41.230.189:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    606 B
     634 B
     6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 35.80.167.12:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
     387 B
     6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 35.80.167.12:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.8kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.7kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.7kB
     9
    12
  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
     129 B
     1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
     124 B
     1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
     113 B
     1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    52.41.230.189
    54.191.56.108
    52.26.33.90

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
     115 B
     1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    35.80.167.12
    35.164.23.224
    52.32.112.157

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c0663904781ab1e7344722dcac34059

    SHA1

    831e0291460651a67cbbd81511e5a29dacdf59fd

    SHA256

    ac0c37d7b492547fe23d4e09f41388784c9d5ca509a5650b86f4b95c43b69182

    SHA512

    914d88d71e488efa9b5bf33ae1057e7bfca1ac7c7d039d722c43271dd0293a2491af381558192a8ded5e1b436e6f2241e81048e8e858d7cb380707461d4e2a6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cd5e4fe9a92da71daac9eb00ce19487

    SHA1

    2748298d3e95ee7f209f52e95c1cb6c8dd94a6dd

    SHA256

    048119c51eb01f7b4bebcef7d22e225de0db5a502b94438967029e4cf3940618

    SHA512

    b8cb72a30fa9fad2390f650bb8e6b45ddc7b05c8867183fc66bb1520306b3a8648d1c9e0ca59992c9d76e4974c20cb918430935a23e4dd45eb6274a086b9700e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1671b68234690c5d9b7c55c1b6c282fa

    SHA1

    54a4867e96518bb02f9e02bc9abec7735ae2b490

    SHA256

    82827a83c6b9797d9174fa44922e5541f0e58dd632b8c30229c0fa91be6d9ae7

    SHA512

    18c51651f6bd0cf05624e5c6492e6f523b521261824842ffc9ef6be04fa75e2645a275dff68128a3ed012c0185af0c2bec46748d69e6185a354d63959ef6b07c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c3e4322e78bfcff45d9c5915b73509a

    SHA1

    2ad190742f7ae624ae1d190b88f40b5983cb3c26

    SHA256

    e6dff51aac664cdb405523d87edb7e0f916a34734a72319a515c1693b9b8e11c

    SHA512

    0720696c7044b21340c2d46c8aa85fa4bdef62a0a3bc13f085718dac20e28cb07a7c07c3a591b24830d83dabe36d081baeead776b025cef489c273c33130a262

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e567cf73f8a627b1d54a79e11d25656d

    SHA1

    4aaf0242295d67a4a66235891da4df49c46d6cc5

    SHA256

    48c90ba68244735be13f955de061b07cff378caaa3c7a35ed3d588a6787c87bb

    SHA512

    a20f9bf5e84262a1b3091c66a3aad89e718d838dd3347d08bb3cbf92f8eb037b08f8b7d8e0cc79c1151a9d8ef8780a436cb6bbad7a89589b4a74d2c66c24f46d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d224ac7364385456f8e0c8cbcf8cc3f

    SHA1

    41ae7d5bb46418931cd8ae52d6a2c3a621f75eb9

    SHA256

    ce582e8222fa9b02f72f03d1559aa4d4496dc21ac7234c851b33b5cef6b788ee

    SHA512

    a14706defc00f70a9d37cdcff117391bdd263463293d5de07930bf55baca2982489139cfe1ffe4c66ee6a1a630939f9dad9909c6576429e30616901d41a6dcc4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab67CB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar87FB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.