Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    66s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 16:37 UTC

General

  • Target

    fac27fbbda5324e93b2e5adfa31f5bbc_JaffaCakes118.html

  • Size

    11KB

  • MD5

    fac27fbbda5324e93b2e5adfa31f5bbc

  • SHA1

    9639c68253f325c615bc87d5f267c6e3684b8408

  • SHA256

    0cdb2069ad24f6758ab20f267c213d4150f1b84326cfd990adf1d685dcb07a3e

  • SHA512

    f7cc9b2d44009703a513001cfa2580959d4ba399692c77c67ff6e5a579f0e66f96d6da3780435f3a576b9ab9b1f31470f7bc2dbd8a3f2b60d5f9d6c69e2bca63

  • SSDEEP

    96:uzVs+ux7QjLLY1k9o84d12ef7CSTUOGT/kkXpPrxcIvSPxuOv8FitpWmRVDlVHcD:csz7QjAYS/TaP1gPfv7jWWPHb76f

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fac27fbbda5324e93b2e5adfa31f5bbc_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    35.162.52.220
    fc01.deviantart.net
    IN A
    35.165.150.26
    fc01.deviantart.net
    IN A
    52.27.105.196
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    35.162.52.220:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 27 Sep 2024 16:37:09 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    54.212.195.12
    orig01.deviantart.net
    IN A
    100.20.42.48
    orig01.deviantart.net
    IN A
    52.10.164.18
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    54.212.195.12:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Fri, 27 Sep 2024 16:37:10 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 35.162.52.220:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    606 B
    634 B
    6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 35.162.52.220:80
    fc01.deviantart.net
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 54.212.195.12:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 54.212.195.12:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
    387 B
    6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.9kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.9kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.8kB
    9
    12
  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
    124 B
    1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
    148 B
    1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
    113 B
    1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    35.162.52.220
    35.165.150.26
    52.27.105.196

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
    115 B
    1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    54.212.195.12
    100.20.42.48
    52.10.164.18

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7662fe724d5d167b25a0b1182c2b0fe8

    SHA1

    7a6048e89816048bc9b42bfb00e944b68ce7e6f0

    SHA256

    fe366f4eddbaf7513bcb636a4777d94a9e2d9b81f804144dec1eddd680303d88

    SHA512

    62ad026459c9360017dedaf7dc930dfe119ca71a8eb1c5d399fab56c564945cb6203fef75bc505d0713e6f03f4f160a69e3f9fd072a872f22e7c7deeb5d46e92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    60c6f8270ec385ce5d43287346c1fbc9

    SHA1

    17274eff60ca1847787313c6d349c62d97835d21

    SHA256

    49f8be5e89eede9871bf7fd9b665fc68e0fcf9aae4a16b443fbf53d46fe87efb

    SHA512

    6e71123464701a7b58032d41b2216b4c22debe8497e09a5f9517a133b81479ee1cd9d76cbba5f24049d2d7d553040e0ff4c19c014659c4dea57976cd7bb1405c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c25f5ee3264ade3321047d3612ee1248

    SHA1

    a5e9b5ef2fd825af199f631a43e0ed7cf6cbad37

    SHA256

    3b7c7f12c2f5ad8374fb9b12348e750febdcc8b43bd32b8b3b9350c824a33a5e

    SHA512

    8615ab850c29b9467e2bb9090880925024128c67e88b7de294f66c4ebd0dd66a9e6b97654ed57a41bdf60bd978f2454789236c9394bb936e6f3de95be6daae02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    641b8291f189cbc754987e8e319727b2

    SHA1

    f3b0b4f01a529eaac9e55b4b94b04e75b8cb8b33

    SHA256

    062becb80f57827751f2cc05f520aa024446d8477ce90c1dddaeae09da8e282f

    SHA512

    040d732b6d63d0e9edade9b4b1a3a1f6d33388dc30fba413dd55df4869fd84deeef9bee8781bcd6249e4115b6acdb05a93976c2bacf16016d484eb635a8d7536

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6abc0a49054c8ed91885347ed1615d15

    SHA1

    573ced9f66c7954d04b2cd69647eb64a19dc77c1

    SHA256

    72a15faf228f6c88e63fc6c165856e4636437bf636418fd6ab0eeee1adf7463a

    SHA512

    f2c4dac13a058b09fe2c7676173ae9a7abf3dc72982712c430a4e815051225ceaab9ffd11686d3af76c71c18093d04bf576440a3a90b11475a8d0413757a5497

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5809ede4b598f0c84a5632e03ca0692e

    SHA1

    4c9cca9a9fac9eb3d43ce2dd70a8c3fa8b20d84f

    SHA256

    7bd0f243b562a89c1ee63c13924110d66065fcbdf8c4eeb4055507925344851d

    SHA512

    73cbf8b93540f154898f13fb7b7913f9989af4acbff9e10d1016237fbba442e4af2e41f8e26b3c3658d18570256e2db131555c472bc138968dd27b5a43d27a19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a4500738291be7cf9315666e744311ec

    SHA1

    2310d761dbb68c9db5f4874b5c515906167f140e

    SHA256

    416a48fa21191e4152646ab3bafc74edaa6c00df6cba0dcd5af50200da0307f9

    SHA512

    b46ae25de1fc47bbf6f9a5c0bb77ee50bca249b20c75d12d41aec28514bbfe35585f852a7082f86a3d4742bc7516fab818dc06b9c208b8e237d51d127917842d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    17674c7a6e46b762785ae966985bfd05

    SHA1

    b878a90b8a340d9551e4de008ac369fa52c4b529

    SHA256

    abdf68147e8468d5e0b68aa5f43cadaa4a9f284a15424f42228c93883f79719b

    SHA512

    a745eeff4b1c107e408b7db1920bfa4c30caec11d981ae7148c69d9068367634442ddd34d689ba405120e0606bcb179fd32c7e15dd2e5a82320c9675bcb07056

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14d0d55c174f09f031eb82a01f9e3724

    SHA1

    2c9a9e711760d5162368298efff50779f297794f

    SHA256

    fc988ab97c9f78d4b491f52634d61ed74c39978d0e12131d844372dbc02345e4

    SHA512

    dcd15a0d3bd6a427f104589b3afe472dfc195d0bc85c346d9b0500784f3e46ac5830e8d3b6e7336d3af23c4ba4943281d48188c8fbd5dc086806dc477604b8e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c68ae0f88d394239880fbaf85384890

    SHA1

    9cadb121c98f09c54e8d778af1bf36c609dcf7f5

    SHA256

    b350ccc6b99ea04f8f7a6cb170ea4d705e08aed7ab08ecb391cd7761e23c950c

    SHA512

    f372003cd3d28b0b302710704952871f9c3802db38d3d3a9a0ecbcb48658654c572c1efbed9883c721edf913f0a27682e333d1e4500837cdec2e92f4eb9a8c6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    56a7dd02d7c4874bb37a85e2fb0bd947

    SHA1

    b99d2e8625f8c2e669ef9cc88697bd3965c25db9

    SHA256

    e2a080c9d8b989e168159e30119d5d1e28d525dbf4b1c072ae540999b352a2bf

    SHA512

    8b3d341dda37424cdcfce053acd62d49e07d206bc5e4add5566216c1abd1ac9902cad95384df6a33e7fc6f53db72d59fe0bec51b6c55cb9efe213c4293ccc976

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad34cf4817daa749a587fe45bdf0401b

    SHA1

    facf3b57b250d374a51b155ada7c1c1f81550018

    SHA256

    1b71061dd4702ea65d2647bffa990d55ded4f5f5126d0f948f8939ae714e4357

    SHA512

    e0184cd5d7da9cadd7d248817b43d64e6f4be076cc20716dc7c9aea8047824df7f4b6b71740d26d3bd983263f6f66894f3bf81862297bd82529e0cfd8518be18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd461ce275277a12c8464b9ff30d9dce

    SHA1

    53f360bd0f761f5e49e3626073d17e037bf11f60

    SHA256

    5e52a97a4f9933a909cfbf8bd89af427163f91c686221a32654803200771acb8

    SHA512

    842a0732051c6398b99efe2671ed2a0b1ea6d61bdfb740c87fe2dc990ed2cea38443033fd9e98b85dbfd479a9dd27cbf36efbccd0411e23077c850cbcc2ba680

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8650bdfdbea29a68d0701c68c9f02417

    SHA1

    95095839014bdada1e989aa7b24427b42b03f11d

    SHA256

    859611d8629e7a7cff9680f8d4f38e4fc7470099208f0cdc143c8cf6ffdaeba7

    SHA512

    ce34c59bfe378c8312429d09e3f4ece3a603a6f416ece00f40f3baf73511c87c86ea878df797af20cd4db2c399770e213d8289cdf5ef85bb88cad0e8d9d1335f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    55965a1032c429c35639666b89f72529

    SHA1

    1c868ab00dc1d58a59ae9b2c3cbe64e13487abb0

    SHA256

    f9876d07fbac1d7c6a394a7645a1abc81451a2f1558f70ef054d56988f4c9dae

    SHA512

    d1fb76ba3b14a26d680a6b73ed63faa2d133bc2ee916d2785aa73e2a742d1c2ba1b0d359d5d7bccb55aad653b7bfc1408afd8788051fe6889d23c43a702da250

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a76392319163cf0998085f9668658287

    SHA1

    563ccb8a0d76ec075a1dc9de7569be12dc6b9141

    SHA256

    3765a1707f7a3470dd82be398d8135b9a0c88472318be65cb0b20b23129600da

    SHA512

    0b12025d08bd6c7fd3d3d93e76c4ce475a9f1449ad78ae28b0da2af9d41a8be928d232273d201aa161960b2b854d5ba0eee7b65f415737888895706f3980c3f3

  • C:\Users\Admin\AppData\Local\Temp\CabCD7D.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarCDD0.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.