Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

efe84abcbd...8.html

windows7-x64

3

efe84abcbd...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 13:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efe84abcbd348a5f9f44ea7226872cb1_JaffaCakes118.html

  • Size

    3KB

  • MD5

    efe84abcbd348a5f9f44ea7226872cb1

  • SHA1

    94dc1d292310c88bd75e5d7430546adcc07977a8

  • SHA256

    701a1b9da09cc4332462bbe4fed3ba58e96c299c3c17e3ad5a2e554afeb46fed

  • SHA512

    196c295d0ce15e8005c24b083ccdb8c0193ce32a3b32bc92faaaa6a80ddea7e2850275668154c3f5347c759253beda8c8f52244d23ce11dab9bebc5ea675bd72

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\efe84abcbd348a5f9f44ea7226872cb1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1612

Network

  • flag-us
    DNS
    superbetfair.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    superbetfair.cn
    IN A
    Response
    superbetfair.cn
    IN A
    38.14.143.235
  • flag-us
    DNS
    superbetfair.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    superbetfair.cn
    IN A
  • flag-us
    DNS
    mixante.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mixante.cn
    IN A
    Response
    mixante.cn
    IN A
    45.194.204.187
  • flag-us
    DNS
    mixante.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mixante.cn
    IN A
  • flag-us
    GET
    http://superbetfair.cn/in.cgi?income45
    IEXPLORE.EXE
    Remote address:
    38.14.143.235:80
    Request
    GET /in.cgi?income45 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: superbetfair.cn
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Transfer-Encoding: chunked
    Server: Microsoft-HTTPAPI/2.0
    Date: Sat, 21 Sep 2024 13:37:24 GMT
  • flag-hk
    GET
    http://mixante.cn/in.cgi?income53
    IEXPLORE.EXE
    Remote address:
    45.194.204.187:80
    Request
    GET /in.cgi?income53 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mixante.cn
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Transfer-Encoding: chunked
    Server: Microsoft-HTTPAPI/2.0
    Date: Sat, 21 Sep 2024 13:37:33 GMT
  • 38.14.143.235:80
    http://superbetfair.cn/in.cgi?income45
    http
    IEXPLORE.EXE
    587 B
     299 B
     7
    4

    HTTP Request

    GET http://superbetfair.cn/in.cgi?income45

    HTTP Response

    403
  • 38.14.143.235:80
    superbetfair.cn
    IEXPLORE.EXE
    144 B
     92 B
     3
    2
  • 45.194.204.187:80
    http://mixante.cn/in.cgi?income53
    http
    IEXPLORE.EXE
    588 B
     259 B
     7
    3

    HTTP Request

    GET http://mixante.cn/in.cgi?income53

    HTTP Response

    403
  • 45.194.204.187:80
    mixante.cn
    IEXPLORE.EXE
    152 B
     3
  • 45.194.204.187:80
    mixante.cn
    IEXPLORE.EXE
    198 B
     88 B
     4
    2
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    superbetfair.cn
    dns
    IEXPLORE.EXE
    122 B
     77 B
     2
    1

    DNS Request

    superbetfair.cn

    DNS Request

    superbetfair.cn

    DNS Response

    38.14.143.235

  • 8.8.8.8:53
    mixante.cn
    dns
    IEXPLORE.EXE
    112 B
     72 B
     2
    1

    DNS Request

    mixante.cn

    DNS Request

    mixante.cn

    DNS Response

    45.194.204.187

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4957543dd5e598f1036c13d831f23821

    SHA1

    65e6239ec129e7ec4f0d4c6f7b2a5793c7846ede

    SHA256

    cf239fe1ae27f0cca22ce339e4f27c3cefe425e7b9f5d6f7236a274713ae9825

    SHA512

    c34868b70da6828794bf0e3d9a13beafad1953e8909b25a098e8622c957af66128586181ec5acbfb93cbe2af0f098ef8882d49aaa618e28a5494134edaae536c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d30b774d6911835ff09676d43994b874

    SHA1

    efc6668538644fd58490310ac8fc0f92b97bf80d

    SHA256

    60386120f73a18b21970166ba9439f3964bcbabeab405fe316344750aacc1b27

    SHA512

    88638677a6b8b2c52570fec37399c42ee80ce06d21a66d73252422a0290e16b1e488c698c697c8d6ff1fd440ec2b0719d7d9e1a74a3f361eaddf980f8495ea34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07ca5adf2cecbd35ed92e98590d0f43c

    SHA1

    94501003934da5c2af50fa92f36ee5fbfcd025a2

    SHA256

    650262f82dac2b6886503135d095970cfeeacb4e42aa0564a9e5fab4639c25f7

    SHA512

    17d38673efad467a3c62a9537a5ee10daac4744f6c1474d2e43bf1869b3e99ae599fe1558426a2c9a1b31e875824da27a79b7c26d76f1d34fe645d11b61b4dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    594351546db004435000a1c83787f574

    SHA1

    c4eab5ce587321bdb9fc943b936f0d4b9f39f0b1

    SHA256

    a2a069e7c846027132d2e0e8a634c90e126c4d44cb0075b607dfc4f720f35ad2

    SHA512

    04d561508fb338f16df68546de216ca54324b119574288f8f6641a5ad548e6d1b557cbb13bce909825e978dfe0a0e7b089d5436bfb8fb111afaaa130b478c2cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0236a9670e520a9355a152562245973

    SHA1

    d842aebe040d87d1c0ebe3c212019ba694321646

    SHA256

    77a1ace25d3d53bb40add3f8afb48a243ca2181528cbf33fe84263e9d346ada1

    SHA512

    0c45f3cc0a396cc38721346654cc3511a6801e0d2b493597a6997562861bb1754b355edb3cee1349949e6443959adf9b6be839a9a6f9f60f67381ad74d40f76f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01d56ca193c2312e55147db6131acfe8

    SHA1

    ee6ea360c7414286d3f1661aa6d190aa455135d4

    SHA256

    9921bfa52ee87e21432b6e9dabbfb9e2f9ac7ac322ebe1e8a74f2081cf1c5aed

    SHA512

    cf8f0fd7881f07265f185f6942fe39b4ea4dbb619a0460b6bf70de6f91d6fbc39b0df16d780c6fe49cb4e8aae718025e0546c4e8bd9b0930caa90ac87c2bef5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6a74d772e19bf56e3943d50d8c6eab0

    SHA1

    ce2f55a31cb0734f9f43146c583f9af90ae534b2

    SHA256

    5371def99bdab25dc95a03a91de28467d5b129acd1ce0049bfdbb3348adc0fa3

    SHA512

    c745b62eabdd6943c6554d265c75d3bc8c0e71e128cffcc7c35164f5944778e1e9932f0d490576a2a99d442a15f52cc36b4bac1cc6d6edb26e321f2e8e60ad09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33eb96fcfea3c68a3f00077eea26d8dc

    SHA1

    05068ac5ff1663afdbf559eaaec0ed642856cb3d

    SHA256

    a7795bf34800a97b8527495dd75f27aca983565b86ab7a4b2807c0fe2fa01cb7

    SHA512

    58ac70a63dd1756a7c9f2e014e70c6d6dc7bca9f8f29bd6c761af9d52a18ee24407e67414934e96df9c20ed25c92bafddc3c39eb954df7948ad62c3c3d9048eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71c72daf2949d7b3b06d90b2b97e1158

    SHA1

    509c5c5bf6c50b4980a136d62e8bddd9d915e19c

    SHA256

    96d368b75a53e694578466aa3b9fe2d96a96dda3bd6fec0f3c39df47d8c663f0

    SHA512

    9abbad5d340fa8b64e9875c17e4abcfb1d47636ce072a23b2b33baf33d0901db4504a8f9b8ee0f25952df466c9f359d7b0e8b64c9e749fc315e9282525887a25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    212c61ec4c4e134f1a6ff9427188edcc

    SHA1

    d8dedae80036eb9012ac48c25ee838268eb5f621

    SHA256

    3bfa7bddb9e190747b0b52dacf1a8716211ef077137cf9295bf19a798287afab

    SHA512

    a02c576c61d5f478e7e9beb645ae15890a86110ac56019122c78ecb4277db5cecc8e2345e1b26714265c2542a529ef0c65e038f3960a7e946b4016d90eeb48e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db88ec1b555ce5763145031f8f8946e5

    SHA1

    91c1d8c291c511c1c05dde4e9f9f451e180df040

    SHA256

    67738f2fca3072cb0fd2e473121023210941c1230a50d0f0fb6a4f45857ead58

    SHA512

    8419a7454ed26610b576cc19ade128ce9935dad196511b16c6d4d6a8df43093581c0fc0f62bf2f5ddb7e3718db797e6edc92c07161c2955c743b1977b0849b39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f864f371db5a854ee638731a5c88a87f

    SHA1

    6adc53d3d52f76f0ac1c9b58f36b2b2eb9cca856

    SHA256

    a15383d6291aef26f798f1af8e56cd8f1d35a3be4ff0f8492a93a04a9099c8e9

    SHA512

    dcdd8dddd4c22592cab0b03bb54a95564cb70409d0ac22664b4081c6df0e7288f5bd65f1afd12a02b45ef0307ceee34992ccd0710e588f0c84a825f31bc14d2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f39de4bbb9cb58edadbf8109f6f9a0d0

    SHA1

    2f11714424f11eda07a5403e944c757244902a6a

    SHA256

    262234b52110b980872e2c907f73d7e790a0b9eeca40ed057b8880475289a9a0

    SHA512

    884579faad3da6976c84ef11d268941e159cd937b5e5699ab1ded289c2368068fcfc57f962bc0a05f96ceee12b5e962b5a8d4b24a15a467f9d566cb733adc4ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eee501bbc450bb5eb19c01fd6956079

    SHA1

    43bf103c4d0a5d9fe03743737e0e554d9798a0e6

    SHA256

    b480f4976da18dd3af303fd118d6aac0fd1e28d5e064ef20331bf8d4de8c8b3e

    SHA512

    9c52192f0b8a35cb568b0a7bdfffce0117ed4599fbd1b239d67f500925de15b10b9356adf0ec4314abca896974fdf1cb0392d8fb4da9888ff3cb1b8b9f093012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5920ae06f552edc5682db5217ab7556

    SHA1

    d0b23cde2c9decbbed395ba3a3a018af2e0011aa

    SHA256

    a7309d41e62f0cc6d72cf0c5a5afb684d564e1d027ba45bd6702ada42d61f7ad

    SHA512

    3b5d31547e556c1b521c03daba4fb40da2f4a2ab4356b2deb344d39e5fbd3ccf074072890ffc8b0d6cf719e52196c510a84c4b324e839b2d3288f95647da9644

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21793755bb5b686487dfeca3266bdccf

    SHA1

    f0017c8d12e9ef6ef741d8782942e43ab670c6f5

    SHA256

    b72ef522bc7eca0039e452da0a35fd69dd6108cd3d3e17a1002db41632fa265a

    SHA512

    a893400f959409ccf112efaa783b84495408d25d12cea11b84688c0c2587f6bb9d32e6760374df88fd11d4372d36026a7784a696e6f663e327af68a48af5cf75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5A8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF5CA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.