Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

df9229166e...8.html

windows7-x64

3

df9229166e...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 05:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df9229166e52febedfbcb600fc3aaf0f_JaffaCakes118.html

  • Size

    37KB

  • MD5

    df9229166e52febedfbcb600fc3aaf0f

  • SHA1

    85859b0cea71dfbcb45291b14699b8108aa662a8

  • SHA256

    1e19ec22652daa4da1be97fdfa7a77bc595746a9e82fd1b5f1b6d8d95bb99195

  • SHA512

    9220a056c1d65b9320b15e7786fc6e62cf0691df7e2e3945fbf2ec917ee75b3518cee53e2d9245bb2c01f779b0c1e04308d83e07040f2961aedda36e6cdb7494

  • SSDEEP

    384:SI4J8SjmsCyp4uGdR++TTip2yeHip2SXr9+isU8c:SL76I+T96Ngc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df9229166e52febedfbcb600fc3aaf0f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2500

Network

  • flag-us
    DNS
    www.wichsfotos-wichsfilme.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.wichsfotos-wichsfilme.com
    IN A
    Response
  • flag-us
    DNS
    www.countmyusers.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.countmyusers.com
    IN A
    Response
    www.countmyusers.com
    IN A
    104.21.86.83
    www.countmyusers.com
    IN A
    172.67.216.237
  • flag-us
    DNS
    bannerrotation.sexmoney.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    bannerrotation.sexmoney.com
    IN A
    Response
  • flag-us
    DNS
    affaire.sexmoney.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    affaire.sexmoney.com
    IN A
    Response
  • flag-us
    GET
    http://www.countmyusers.com/count.php?a=1279458281&layout=./buttons/b1.jpg
    IEXPLORE.EXE
    Remote address:
    104.21.86.83:80
    Request
    GET /count.php?a=1279458281&layout=./buttons/b1.jpg HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.countmyusers.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Date: Sat, 14 Sep 2024 05:25:02 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    X-Frame-Options: SAMEORIGIN
    Referrer-Policy: same-origin
    Cache-Control: max-age=15
    Expires: Sat, 14 Sep 2024 05:25:17 GMT
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7OKtwvaDstxkcjUjjOzCPqoH7fXwZVK0WGa5yIH6adJENRSbAd9nqXbcJhWTASVHwRSl%2FeKuicZlIQDzi3z8hg%2Blq5%2FbFeP%2BxX88midbD6YHsF9DV1cj7uJgOcW9Bm5pBQ9ct0kcbg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 8c2df443bb60beda-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    www.wichsbilder-wichsvorlagen.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.wichsbilder-wichsvorlagen.net
    IN A
    Response
  • flag-us
    DNS
    www.einfachgeiler.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.einfachgeiler.com
    IN A
    Response
    www.einfachgeiler.com
    IN CNAME
    einfachgeiler.com
    einfachgeiler.com
    IN A
    62.138.185.13
  • flag-us
    DNS
    mhost.servemp3.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mhost.servemp3.com
    IN A
    Response
  • 104.21.86.83:80
    http://www.countmyusers.com/count.php?a=1279458281&layout=./buttons/b1.jpg
    http
    IEXPLORE.EXE
    573 B
     2.7kB
     6
    5

    HTTP Request

    GET http://www.countmyusers.com/count.php?a=1279458281&layout=./buttons/b1.jpg

    HTTP Response

    403
  • 104.21.86.83:80
    www.countmyusers.com
    IEXPLORE.EXE
    466 B
     92 B
     10
    2
  • 62.138.185.13:80
    www.einfachgeiler.com
    IEXPLORE.EXE
    152 B
     3
  • 62.138.185.13:80
    www.einfachgeiler.com
    IEXPLORE.EXE
    152 B
     3
  • 62.138.185.13:80
    www.einfachgeiler.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    www.wichsfotos-wichsfilme.com
    dns
    IEXPLORE.EXE
    75 B
     148 B
     1
    1

    DNS Request

    www.wichsfotos-wichsfilme.com

  • 8.8.8.8:53
    www.countmyusers.com
    dns
    IEXPLORE.EXE
    66 B
     98 B
     1
    1

    DNS Request

    www.countmyusers.com

    DNS Response

    104.21.86.83
    172.67.216.237

  • 8.8.8.8:53
    bannerrotation.sexmoney.com
    dns
    IEXPLORE.EXE
    73 B
     130 B
     1
    1

    DNS Request

    bannerrotation.sexmoney.com

  • 8.8.8.8:53
    affaire.sexmoney.com
    dns
    IEXPLORE.EXE
    66 B
     123 B
     1
    1

    DNS Request

    affaire.sexmoney.com

  • 8.8.8.8:53
    www.wichsbilder-wichsvorlagen.net
    dns
    IEXPLORE.EXE
    79 B
     152 B
     1
    1

    DNS Request

    www.wichsbilder-wichsvorlagen.net

  • 8.8.8.8:53
    www.einfachgeiler.com
    dns
    IEXPLORE.EXE
    67 B
     97 B
     1
    1

    DNS Request

    www.einfachgeiler.com

    DNS Response

    62.138.185.13

  • 8.8.8.8:53
    mhost.servemp3.com
    dns
    IEXPLORE.EXE
    64 B
     121 B
     1
    1

    DNS Request

    mhost.servemp3.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8254ea56fef56b7d966c5dbdc18cff1

    SHA1

    b02ff19a0af61d3ae5d697b2c1bc86fa431a5e8c

    SHA256

    cf2b9161c19011557caee127a02c2778ed3048f2ec0337e6f7274828e9bb0151

    SHA512

    4cb44196d878b981119bcadd32da303762f152f69cba99f28bbcb04eddddea29dd1247244886a66882d58370e2da503a54b16563874df4493730c05f1ee017a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d05931c8521a6c45b495058461205810

    SHA1

    6e86d37128faa07377e92b0fed9d706448c342a6

    SHA256

    24113554b2c30024a50dbf1b7a7bfac6a58b09c5cf698accdad35188f7019e5e

    SHA512

    dc36ac4f2cc377f52ac1ec51ca5b24eca334ed1f735eda80ef2bc389fb6cdfc9d70f2f9a95fcf685eff88533f286089cecc048e7853b6ffc8b4e81f7c3ed15b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    668efa4ce25195f624df7d374d0032ab

    SHA1

    891ed79bb643274b4caff9840d7f6119e2b4bee2

    SHA256

    8d989dca3fe4b24d0738341367dc7f68e7805d0f359354ef177cadd27348d21a

    SHA512

    e741e0a498c3aca1177682dc53ad605c08eaeb2213d055fa387637299de974dae05840cce4d81da3f4d51ab46a0f3871f32bc49af7144d247302916034c9b458

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d68de9290cab40f7b83d7ed15cd8a49b

    SHA1

    6597a35824ac154dc92ee132e45f9a528e3ce567

    SHA256

    b3c8bfb9fa344e37d56aad1d4a0e6e648d54e58812cbbb992cb3c79ab7296530

    SHA512

    76c5b6d1728d3142b05b4c1e2fc0241648476835f7bf1ba05d8ba5f75c8fb28fd7ba4988dcdc991ad6b624e590784d87f4bce65c43dc16d41dd3fb13886d07f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95b752f960aa4faa2885b191ed5507af

    SHA1

    870f1056f27e59e386940a17b29b9d2fe858c2aa

    SHA256

    35c89e6208eeb270a6221adb51062691e6df6e81bb4113b420a015bac66ce12b

    SHA512

    97dbfb523ae008b7de198192d081977cb56185f1f25f6391b5fb4d64e5b514d1cd982f0b59e9083299b3e0666beddfad562f190d133369c425dc1198a7cc2218

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28348ab3e089e9e6dd4d93ee13a8e2d8

    SHA1

    6fb3ef16660127e463726030ab1911177da7942c

    SHA256

    3171b4765d6a512e8630c7c63754d57eefb2196fc3dc5798c6c775c91361b294

    SHA512

    86eb6d2d7ff7ae48308099ea32e8af797f0a0d4ee6c2e18708d639ffde8aca2dbde8ea9cda04796a9482a0d43bdf4cccc1251c3d79bc34361c8285117d8a5b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    171b9b58374cde792c359a3709fc1783

    SHA1

    0ed2df5431a2a83668bacbb2b9ce551cf9c3c37c

    SHA256

    40994a0efddd89185619fb74a63d21dcdec4b8c8d6adef0d4a3390f0af295788

    SHA512

    21d031e7a627322dccf3936de6af7dae90debafcdff3ee76d6283a1ffbcf96d1ed843005f3b554fb160bf8d9931d6fcce000001494b45f89819b580d93299695

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    858c18ea96d5f2bcb8a94427d95749ad

    SHA1

    e2d2783161f2e2bba17f5982979ae534a44b3d76

    SHA256

    bdb36ca863497c5898f5f56a7fe30d0bf292fd02ba96739aadf2d8a5d49b13eb

    SHA512

    5194477a9bddb984d8e941df3fa95ba33fa9c1de2be5f7fb0850fd1434973e1de2517234c632c242b50324fcea0231201e913d36d750610d7b2b83e81c2025a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccf4b0b63ee58f0c36e673378795d62e

    SHA1

    18c6a718139f758e42d08be2aa2d824330f6de41

    SHA256

    3c274d538f73e35bedb527efd6c01160711235f6e1cd1b14ed639bc0bf35056e

    SHA512

    a54b92364ea7a92beb8c67975d2a829b11b5c878fcd3c838e66607b0a3c667a3abc8c931aa61fe4c866b88c0367c9a299725c88e4ceb646b886550ae0b9a7c05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    045accceb101415c92b7de0cdb24d8e7

    SHA1

    e4f790508c9836e7c982fa0a64d2b63184084d12

    SHA256

    b6274809586dddee2d263a6de66eb8df2a334f7b165190448c78cb22be11d905

    SHA512

    834f86bd3d220c9359df23c5e99a18e9abdee030c778d1efed82b9e10dffb63e09ba458374c9e035171a91deae2e78d152ef6cf9d5aa99a1ed55849753f60d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c49e4b08c01ceb14df83029f496f6c33

    SHA1

    121c6291ece2cdaa3c7dacf416d2ad18f3a79a80

    SHA256

    88200a44eab7c424b5787ee91db8f66127fdd256951ac857571db3f034505b35

    SHA512

    bd49f2e5200c94bf1799780f334620a4859429af4b0ae3b56bcda626076048051d5e6da6a2c74b50112880298b48832e930943a7abe29dd49077e359870afbb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7255db55af26de0c89980a92d25159eb

    SHA1

    f1131e69cb9f775b4ac920934d78ed9a5ddfeeb6

    SHA256

    d864bdac74a259586ad75a3ba6b8014bea4eeb6ec147d63fed177b72a1945bc0

    SHA512

    ddd4a481d4c8d2170827817f206f715ab3abf6ccc86bc4ee99cff5fd9d61ecd25e257258def9f4895417b553e0faee68af160f1eee003decd1526be6787b0e56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6da8eae171f430fd5cd739493d00a32

    SHA1

    30b95750d84a84624e980ef8d8bd6f90dfed6247

    SHA256

    d29c4ab4415dc15d0d416aa6a9118561cd40a3e91450f965716c613f03eb48a4

    SHA512

    59a3673183d408295584c423a273b5ca33a7675590a7d524b04536176fa085133e6f7d3576b290359af669a597490b45d4532447a599c2b74c45c7f13a39e001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7238e2773c9c09cf2fa6e6a4534efc13

    SHA1

    a2e613aa8f1cbb5fceb107f673fd74deacd21646

    SHA256

    4d696c18468ab31d025f1d96ec7ac7c70b29df6484f31ff6910a2b56055610de

    SHA512

    aa9857e612dbbec9cf1450cb35a5fc1c9fca451b728e3685687b5051d6d82f40a28def7cd4b70d35d68494e8fa2b74328b1a34143a6025026d541a8329c22646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cb5d0ace69c94aad509225d52566f14

    SHA1

    16360b8cfb302d3232ad31f0bb54016833f6839f

    SHA256

    6b5611f9c50e7d6ffccfad684486dba7b10d9e53ae1f7b4ff1a73a6bb2d01e69

    SHA512

    b0141f866aa2977c9c6608257037b1bbd3652d72947a79a1092238b340b4d3c6ec51cfb242fdd54f1e55b1e3df725b859a0b7c80ceb31b698f0aacfa55c48041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b85f9492582ef13b0648c752967357e

    SHA1

    be4708f6be434a11a2370e327fe3dd06343b1aca

    SHA256

    6c156420bead7bcbec759505422db3d8fae1d32a952ca912f3052672e799d4ff

    SHA512

    986b24b7640bef94f2cb87c49e9cbc293f8d9afb564ed1f2c529e541c16221a435e7d4954d8b765415f7d2c588922e9313ed22862b2090bea777c1ef989cf6e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40f927af31a01d7929901baeff9f3ff0

    SHA1

    e929f673ee178c35067ae90573f036720e9c9ace

    SHA256

    a477e6c86a93ff90238d41a1d852d2418778e6eb324fd46a8e917cd22ad8482e

    SHA512

    ec6e99b8194e504075dc6e443f4208ea32e6675f61e169451ec857ead002e45a0096d14ab964a1eb8b2df3bc8e66ea31703c83ddb764e9885d73cad582e3491e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0c6a4745e8b8faa896c042ac9cc0a4e

    SHA1

    3de1197ec778ea8d7de0318e0bf43c36ff180836

    SHA256

    2e8a44215b5536746e2b0fec9bf04f7f1d04dce1761da347f7b337ee2e537eee

    SHA512

    ac7390c3c249a87d84314bb9a55e14d10ea98730a0253c7a129c152645ac597bf48e366710390f69aec6a2fa41de14cc8aa5a31d8b08e77bbe33184d2c0f817a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afb641050d264e10682da4250bdf3eeb

    SHA1

    a361773e2f34ad675edaf38a95da45146b6f498a

    SHA256

    d2326414c3ed2065ccb0d3403e8693815a70800a30902e6842128e6b06a78efc

    SHA512

    86ea8e829593db04f56951e29070228e92348ea45dca271c07d0a3d2c09959d6a2b3948041ceeb7cfe5325d9d8708d063227b915afa15ace057f0c82b8b7bac8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6E5F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6EFF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.