Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

e01309776e...8.html

windows7-x64

3

e01309776e...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 11:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e01309776e43b4fab091bef422bc3942_JaffaCakes118.html

  • Size

    9KB

  • MD5

    e01309776e43b4fab091bef422bc3942

  • SHA1

    6d7324503d0019351a4c0041925c2ef490726c90

  • SHA256

    6256e44695efb44ff03ea2333347c60ddf735e3824df20de4ddd887f6a204783

  • SHA512

    5be9b436fccfa6095e6155f582dc37879d23395a5ed99a853438f4cc676f0bdcfb2bff33f6d7583dffe2c08aa0ea742cad26647ecd0bfc6fc0c755f19776bf7d

  • SSDEEP

    192:Z5++UL2DDjb73d1vg++UUamO/Qx8RVISwOaBOEJErpEZo:ZpE2DDjbjd1vgbaVnwOaBOEJErpE2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e01309776e43b4fab091bef422bc3942_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

  • flag-us
    DNS
    tds81.4mydomain.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    tds81.4mydomain.com
    IN A
    Response
    tds81.4mydomain.com
    IN A
    76.223.54.146
    tds81.4mydomain.com
    IN A
    13.248.169.48
  • flag-us
    GET
    http://tds81.4mydomain.com/stds/go.php?sid=1
    IEXPLORE.EXE
    Remote address:
    76.223.54.146:80
    Request
    GET /stds/go.php?sid=1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tds81.4mydomain.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 14 Sep 2024 11:19:02 GMT
    Content-Type: text/html
    Content-Length: 120
    Connection: keep-alive
  • flag-us
    GET
    http://tds81.4mydomain.com/lander?sid=1
    IEXPLORE.EXE
    Remote address:
    76.223.54.146:80
    Request
    GET /lander?sid=1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://tds81.4mydomain.com/stds/go.php?sid=1
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tds81.4mydomain.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 307 Temporary Redirect
    Server: openresty
    Date: Sat, 14 Sep 2024 11:19:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 240
    Connection: keep-alive
    Location: https://www.afternic.com/forsale/tds81.4mydomain.com?utm_source=TDFS_DASLNC&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-daslnc_base&traffic_type=TDFS_DASLNC&traffic_id=daslnc&sid=1
    Set-Cookie: fb_sessiontraffic=S_TOUCH=&pathway=5414dade-2a12-40a3-9c60-07eb418f1f57&V_DATE=&pc=0; Path=/; Domain=afternic.com; Expires=Sat, 14 Sep 2024 11:39:02 GMT
    Set-Cookie: pathway=5414dade-2a12-40a3-9c60-07eb418f1f57; Path=/; Domain=afternic.com; Expires=Sat, 14 Sep 2024 11:39:02 GMT
    Set-Cookie: visitor=vid=5414dade-2a12-40a3-9c60-07eb418f1f57; Path=/; Domain=afternic.com; Expires=Sat, 13 Sep 2025 11:19:02 GMT
    Set-Cookie: market=en-US; Path=/; Domain=afternic.com; Expires=Sun, 14 Sep 2025 11:19:02 GMT
  • flag-us
    DNS
    www.afternic.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.afternic.com
    IN A
    Response
    www.afternic.com
    IN CNAME
    afternic.com.sni-only.edgekey.net
    afternic.com.sni-only.edgekey.net
    IN CNAME
    e126871.dsca.akamaiedge.net
    e126871.dsca.akamaiedge.net
    IN A
    95.101.143.96
    e126871.dsca.akamaiedge.net
    IN A
    92.122.54.117
    e126871.dsca.akamaiedge.net
    IN A
    92.122.54.88
  • 76.223.54.146:80
    tds81.4mydomain.com
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 76.223.54.146:80
    http://tds81.4mydomain.com/lander?sid=1
    http
    IEXPLORE.EXE
    960 B
     2.9kB
     8
    8

    HTTP Request

    GET http://tds81.4mydomain.com/stds/go.php?sid=1

    HTTP Response

    200

    HTTP Request

    GET http://tds81.4mydomain.com/lander?sid=1

    HTTP Response

    307
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    397 B
     219 B
     5
    5
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    397 B
     179 B
     5
    4
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    359 B
     179 B
     5
    4
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    359 B
     179 B
     5
    4
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 95.101.143.96:443
    www.afternic.com
    tls
    IEXPLORE.EXE
    288 B
     219 B
     5
    5
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.9kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.9kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    tds81.4mydomain.com
    dns
    IEXPLORE.EXE
    65 B
     97 B
     1
    1

    DNS Request

    tds81.4mydomain.com

    DNS Response

    76.223.54.146
    13.248.169.48

  • 8.8.8.8:53
    www.afternic.com
    dns
    IEXPLORE.EXE
    62 B
     195 B
     1
    1

    DNS Request

    www.afternic.com

    DNS Response

    95.101.143.96
    92.122.54.117
    92.122.54.88

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37beb269f03124cb44cc0c356289b444

    SHA1

    c7bbb509c39acbcbbfb2a2e33d1df5619006138b

    SHA256

    5f7a97c6f5ec775a8c723d0e72059ef081849efc6ece4aaa44bf5f9ec2d4e1f8

    SHA512

    c605c991ddb17099498c687a13089c1f3422a306d7b0b4145bc7c5f2c3bcc231d6669ebb933c97aabbff1ecc49c3495f26f995a76ec3c6a33197cfc49735dec3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0679500e636613038dd8e89cde9eb467

    SHA1

    10b9463983dd6648861769b9a7b469cb2f8ce461

    SHA256

    9731198c29a03f022467e7fe37b3ea69059ec25f552bbfcdaea6cfafc5e796d2

    SHA512

    7aa717c0e17a967ddaaf51fd057f38dac3e5a6544d233ee5b50d4b2a02a5cc8760d47d036c05aafb0ae489f7e6bae02b72b8135621a8123e1ef57eded11c8a74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    297258f64272a505992cb7869d682759

    SHA1

    b51c903bae508339e3f143f401c05471c3fd4077

    SHA256

    92347f3a5ff17ab2fe0ce493946f1adc077da42b1c4251953b7b5de22a623bc8

    SHA512

    ea37bd785b34cf3e1e658203ef220102f309aa5aec87fa9fc4e1173db57f04d3e234912a4dc2ed73cfecf6abb09d6e073abb83027fb803a6217127cd08041cfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4bd71be3f4d6301f93e289789e24b07

    SHA1

    b12f5d4ab4ca4d5bb6bd053d91620fa964daf905

    SHA256

    292ecf08338ef6332c4988de33075dffac66c11da5bf185afbe4fdda7b80954a

    SHA512

    0cd5f6c318086d66ebe8e88bf00f83ff42559b7b27777231f18df8dffc83541c76e8755bce727fb1bc309f662cf29534912acd2ea9a8fe0063c7628a91ad1a35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d228e167d66819c62e89a03e9888f21

    SHA1

    4bceb64ae6c425a418c85e78b15d92de68c06063

    SHA256

    637c182f77deda4ced388af6a59c82f8289ef9ce091d111b8a21636039635c60

    SHA512

    1393c7ee5a5d687c6701b7f6d4d1b99cc7b10640de9a990fbd2edf48495c850fcd1a1222cb38dc53fbd9d727bd882650a954e6f335fc489162cce43c898a4f3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9e3f998f99eae8b347c2eee81c99706

    SHA1

    e1d3821015f8b540ca929f01b9b15b70991b2613

    SHA256

    186ca1043bf7db1feb1d056f2aee796b84959780a1536525fbac1639a113affc

    SHA512

    64d0affc90816f2e7e80ae7d753b749d44bfee9634fa7a489657dc2ca043f6ff1ea7264ab3b45d1dd654ebb51941c8d4e681625021dfb79120328e321f50a774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d8f6865533477b55e7c2bb726a15bd9

    SHA1

    d8ef94dd47ca0f4603d14373d5ae7746f44dd51f

    SHA256

    641142be1fb7b7090f9f5122859c39817131e4eaa5c5c0f1476d1fa6a810a8fd

    SHA512

    8ca7669a69034cffd8d29459d5775195f9f9de1cf2209b131bb3cbafae5f487ccfa7f9cbcd4710696beaa67d1f70d47938fcf4c04a19a00f3b5f03017b573e33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9d2047fa00d773fd783c029969f8026

    SHA1

    25d9e495ea43257072e2dbc30ec7e2f5c98f52dd

    SHA256

    a561b4a3653f2b63e96d8640e223bdca5d7c606c026b4f85dfba1c19e2276898

    SHA512

    972c084ccc4a3db9495f141dc14238279ded1116032b3824071f188f14287ec5852d1740873a8899ec0a5634fe2aae36d606b12fbd3a95c9dbbe6fe7990ab792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30614d5ce3488f63fb2f967c5b8fe77c

    SHA1

    0fe4024f89c4e613ff97ebee8c8cc0b6b4449e0e

    SHA256

    a4508aea26da1e6b514bdad3c12be0e6014081372b18e139a306e3fbad78d4a7

    SHA512

    72ab63ce728611673513cda42434935c394c0832a9d8901ee9758c6129d287c2b492f1b2b02a2b48e3dc3a6b1cdec4be65c42d4c7825efe0262df253905acf1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bb626b509fd38d073acdf59b5bddd73

    SHA1

    20fc2269cf0a1525b51e8820b59b77daf5a53305

    SHA256

    bd1a6ee7ba44d7491cef51ba633d4e61218bf767cbfa0ebc0c930a52b18a836e

    SHA512

    2b472273058e77298cb31273874887953c45adec84958b128f53800cf072d8776023044cc472f324c7a2a9a8a6158913a43682fccf1840309d9f87e53e7eedb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef1fb618600bc7bd214fa116b902a93f

    SHA1

    dd6e58d65feeda7d4f407bb3502770fbcc63ae02

    SHA256

    7a9164b3bb683ff5c2a0932dc10012863c9f06d90d54284c832c6f152619cc4b

    SHA512

    df637ee8bbd6af54da0adf38498354c1c5df590c6443bdd236b98ce3be55d0cc705b65a86480a5c89afd0d0cae9305b39c6010a527b953b3fa84b987b23d9814

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7c0b34df06af871e4d2bc1e017a9d14

    SHA1

    b2da2177d7d789d6bfe5dfd17c5d7c23fdfd4872

    SHA256

    ba0936a1b71549b6f00f204265de8d21f9e9623677df7ce5506689357f0610fa

    SHA512

    1a841309bd81597c42f14633a30b4e7836854ad8c6d353341d2a574c7435900e1c72bd736c5a6b5d47b706e685d2d283c13d6916be5d0dbb386bf40e3a751905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd660ffa22bd5fd306c5694937bdd2ca

    SHA1

    7fd992052f0f315fa34cd9d49bed580054e4e26e

    SHA256

    3b9cacb17f6c492e620f65f65e6d9ce3f67ff852d3d00062e0bfccf231994755

    SHA512

    aab3b35fce9273bf61cb3ddab085e70c80f689c44912124162610f0203381754b5860e7256bc454bf6a071fdd411aefa3f6b6e9a4f5047c61789d5ff9472836f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0792c12ada807f1a8a187c3461ddaee5

    SHA1

    b3f1eabf2b56b90bd31516c490a66eb16818aac9

    SHA256

    b2bea6d33bfbe4945c944dd3d7fad888856c44f4d6897e131452592871402607

    SHA512

    a846be521168d562582d646a3d58e2ad122b51c114a40548c87bbe738581d66bdf46d4482f4cabec2d240968f94a9f4175102e69cd9b20bc5d5d8494b54a4fd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d125b8bca0aecb5d44c709d087dc090

    SHA1

    fad4f9bc3af93bcca634d1ab7c6ca37f4255c124

    SHA256

    eebbd04e322342a0329ede48eb77c1c74790743cb86fa7a661fe7bb86e027291

    SHA512

    bcfbe8341d4f103ec3c67ea0329eb00375a1ad5d6a1faae9b4c29cf918467ab312e87f58c8a330254bcdebeca9ef14262b32de607dfff2692956a001ebd2f537

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53af44460f87ba201acf625860d9da68

    SHA1

    a40bb59e651ce5f42777ce9dfdc5ef397dc357b9

    SHA256

    e892d708d60443f17863adf17e8e638dfd2eeee7201b102220ecfb83ccc06641

    SHA512

    4935016bd017c4076c5a64ed42d7f69ce689ad39330ebafe42101eb1d7d9d845485b51d961f0c8d45bc08d112af6adb03f0cc32429d7c7ac39e20032d1249e1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2006ae0af9d5085c9a7e8222a966b72

    SHA1

    7ab526cae10cdae321a63fa41e29a85eecbfc141

    SHA256

    91b20d87eeed3da48fc69813caf1bef5c27fe42c87a8d5b648b3554b53e86241

    SHA512

    f8df584df9a27825eb45b25a2bb859cbe1d2d68bf9d4986a679fbefcb05b1c5917ad1843acad3d4ece5e763a2b998dc46eb1d2d7ed628eacddc2839c97959afb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd4b39d53be0e19776bf25a9f20dcc70

    SHA1

    8d44d0e773c075fecd3bb11f5a60ea256f775517

    SHA256

    67b949de3b0a536c99374bbde66649cea30d6ca913a5718e1786ee9210c7bfed

    SHA512

    92cb0949b2167c2a8ffa89908b2b8c12760bf02fe6105e5fac6ad9cd93dc9862cd7ac47570204492fc277f625e2df6bfbff238ca57526b7abc475ffdb505ae6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4637395511b4a643245a4f30ee11ee1c

    SHA1

    89d2a33725b5a41dc12d1e2829774098092a9616

    SHA256

    badb54ec5b3ce92fec7bff935ec33e609f2b9a0759690654b97ea3b4c0b4d311

    SHA512

    a0095f61decbb443e8f1e9f859e27392da9e77e7e20f4b3e44549efd0bad8085848bd84c49a96d0f3f902431eab7a0e49235c834594b13576ada34478b4aed04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA89F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA911.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.