Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

fe8728bf55...8.html

windows7-x64

3

fe8728bf55...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 12:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe8728bf5581de2b7b719fc0f2224f92_JaffaCakes118.html

  • Size

    22KB

  • MD5

    fe8728bf5581de2b7b719fc0f2224f92

  • SHA1

    6acf3a6f932ce76a1fdf1948e5e65460c01102d9

  • SHA256

    f10eb4fc1586e9547f47ef39d842cbd5d55bc36c9bfa117c1fb4d984bb618698

  • SHA512

    452553de5e5c73c577f23546b87b0f980a31159693d55a2cfae17e933494aad25962d6ef785a93a6ab6614feca259f615f54827875d96c83b792bf8aa94fdc46

  • SSDEEP

    384:JDQw6U0S93mh9Dog+/H2udYoY/N/b2FzJVD:JDQEmsg+u0Y7wv

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe8728bf5581de2b7b719fc0f2224f92_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2828

Network

  • flag-us
    DNS
    my.rtmark.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    my.rtmark.net
    IN A
    Response
    my.rtmark.net
    IN A
    139.45.195.8
  • flag-us
    DNS
    my.rtmark.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    my.rtmark.net
    IN A
  • flag-us
    DNS
    my.rtmark.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    my.rtmark.net
    IN A
  • flag-us
    DNS
    my.rtmark.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    my.rtmark.net
    IN A
  • flag-us
    DNS
    r11.o.lencr.org
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    r11.o.lencr.org
    IN A
    Response
    r11.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    2.23.210.82
    a1887.dscq.akamai.net
    IN A
    2.23.210.75
  • flag-gb
    GET
    http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgT6IftZlsIeH8NacbQaIqF40A%3D%3D
    IEXPLORE.EXE
    Remote address:
    2.23.210.82:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgT6IftZlsIeH8NacbQaIqF40A%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: r11.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "B5FD30F9437A47A89CE5D8F9D7946C1F0148B559ACFA3120664B463503BF987F"
    Last-Modified: Fri, 27 Sep 2024 23:21:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=9802
    Expires: Sun, 29 Sep 2024 15:13:39 GMT
    Date: Sun, 29 Sep 2024 12:30:17 GMT
    Connection: keep-alive
  • 139.45.195.8:443
    my.rtmark.net
    tls
    IEXPLORE.EXE
    1.2kB
     3.6kB
     13
    10
  • 139.45.195.8:443
    my.rtmark.net
    tls
    IEXPLORE.EXE
    1.6kB
     4.0kB
     17
    13
  • 2.23.210.82:80
    http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgT6IftZlsIeH8NacbQaIqF40A%3D%3D
    http
    IEXPLORE.EXE
    625 B
     3.8kB
     8
    6

    HTTP Request

    GET http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgT6IftZlsIeH8NacbQaIqF40A%3D%3D

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    839 B
     7.8kB
     11
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    883 B
     7.9kB
     11
    13
  • 8.8.8.8:53
    my.rtmark.net
    dns
    IEXPLORE.EXE
    236 B
     75 B
     4
    1

    DNS Request

    my.rtmark.net

    DNS Request

    my.rtmark.net

    DNS Request

    my.rtmark.net

    DNS Request

    my.rtmark.net

    DNS Response

    139.45.195.8

  • 8.8.8.8:53
    r11.o.lencr.org
    dns
    IEXPLORE.EXE
    61 B
     160 B
     1
    1

    DNS Request

    r11.o.lencr.org

    DNS Response

    2.23.210.82
    2.23.210.75

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b37a7289005087ef5447313047bc1fa

    SHA1

    c54fb127b3905a643ae42ef7f8548f665db93892

    SHA256

    0a4c1066131e65547e80360188015d51a66c970b17b72e66ee6dfbc720e26f3d

    SHA512

    f3d3f4f6026808396314064f168fcd2833c6a28d6651dd4b543d0a5eaaea2afa28387aad31e123ff85aae125e597d347af875fd73f9653b69a482820ec3dbb1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1475350c2a3a5a588c341231edda6ed

    SHA1

    cda3b84a4656dc2952655e46adbac47d32916a80

    SHA256

    1055f924724bbf02d2deac6e8e849076547ab713f623a3d60fe7c26e3c81d8ce

    SHA512

    2770b98979533341a326ed63cdfa2bc19f962dff83c2358ea37127299ed8675d6d01ddbba3078591cbc09b25726db9d619b599798c5d23060328735b45ea886f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a46bfdad31d1889bbe57f3a6c54abc2b

    SHA1

    f98b753f52872bf27b6b26c8d32c001756397441

    SHA256

    6683b392e95604fe135113e2212fabb74612b3df91b0ce2643622e55b9760615

    SHA512

    f05f94c2c6c10cf9799d2ee191b3b38305d6adefe634e909169e52cd36772b6f0e7a948dbf02d0edd1a51a85d9af098b341626721a5b9faec5719cdb821dd89b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3207e72634ae61ed4aaae02fdd84c4c

    SHA1

    f7d34d668abdb49f8ac53ec5bf73dfc92f4bb0a3

    SHA256

    543ff1ec24fc0dcd4d7cca7dcef4432fbdb59bf8f60cbe28104a883bb6bf5ca2

    SHA512

    7059bea4867defbf6b23893ef6bee83a557b34b1575203e60c74624857912d158587318b1534e4196112beaf8d15d2807932f07c97d9bcb2b4b9c49e033cf749

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    273f66c075337f9ce24b033ba35d7b5a

    SHA1

    ffde4ea834219551e50033b1718e656dda219010

    SHA256

    7ab24d8737b8fa505034e28b42bc513c52b7cc94d724f6fa99e51a42ee183d06

    SHA512

    66e7f096d1b70aee1067e198bad1f58ef3432e8e2895ba378bd3aa7008bd904629f9dfe56502d4b145194066ab824aacfc7321c87a9a205d3d98da0082f6e84b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c10076cf3cbf93026310424366566e5

    SHA1

    b087e1b09276e4d16d450cd0605639f5ad78136e

    SHA256

    aa78ae28e3b4318b635265d3aed3b22c392597069aceb482a0b300af4715c958

    SHA512

    9918344712361c701e4045e5fc47bda00a8adae1b7c20a94b844dfb44704d93fa8e6bd28018709675f1b310071b10cbfa32fe0d1d8fd03dea0bbc8f4ff0e1cca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6918e73c7740f2607a861b4b32018e9

    SHA1

    5844003c0403acee4b195709ba0f8cd80fc79e38

    SHA256

    e5acd35c394f6f9451da4df905460af44e129829f54e24aca702d79e0d39fdaf

    SHA512

    3873f7e70469ba84b6f5e8ae0f6af26e940db26a86b3c1027e7bdc887e915caa9d5c1cacee9e1a6e912970f6b47bba001645369006f67cc312528e0cf57edd8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    430d3a836a0d23c201dc549565ec2000

    SHA1

    aca08cfbaf6f3dceb46b21de1d326bfb6d8e6528

    SHA256

    a8adc347323a75a36e10e4bef408af17342fae77ea134118b47c41cbe75ac275

    SHA512

    49f0389eac3782d1ff452aea1eb3a2aa7641de938186742230d52953fcb8c13bdbb39b54a90177afbf3a20fcbf5e67e4dd9d90debc118941e2659c6487adf687

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89b53a60e7c27990c3912c2897c71d2d

    SHA1

    372fc392b043b4161f002d7708705d71ee95cf85

    SHA256

    7a0c900b677a9d84de17f7e8adc3f3c2f8a0115229cb3c6d63836376e7e6130f

    SHA512

    d18724cbc74b1376665797490e4e148b74fae5ec63e8072d4b0fe2df0c6db8ceb35af4e34431c6cfc8979ba589262c81e7be92bcdae02152553bb2b75ba6913e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88619058571531e5c8ac0db076b168ba

    SHA1

    7db1f8d302ef89a8eebbfd6f610f6474d9796e2f

    SHA256

    4bc2c6644e3bb47ff0a70a6eb3ea4030154f2a3dff06a4c02b7c88353cb12a34

    SHA512

    ca41e3d21a7f6864419167ec81056e3df6a5684647f30ab6de8cf67f15312c9d38357df094b4dae904bc1a9564e9e0393812cc501e84823b34eeb0d69f498f19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acbc0924d1d19f14e99f55ba80b809d1

    SHA1

    2bc07b4fbda60cd8b13b4ff514423f72ebe03be5

    SHA256

    00314b72fd725256fe610f26158c7a2431781122c60eaf12677455ab0092bf3c

    SHA512

    d22e36589c73438a8428ec906255705aad792c801eb215b5e3acb1c980bf6f70be39612aa955261b152631b198c6b5d9a6ca846b040bb050787921ff359f804c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c581fab8de50d59e3ce5db08eaea4a6

    SHA1

    2b5d26d63a541133647de34699cd33d63288b48b

    SHA256

    e8d66cc647cae86e12cf85245f5f5e2795b278e0fd2dc0ded8714c1ada450250

    SHA512

    c8c6e6d67dcc8ba37d1d42ddd9ff8fab99b9e4d3682161903005ddff6cfb6b595bee924a7c6afe1eff1f0d3e5448c87973957a073112c4acd94f52eb79f2aaf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5148b3f2bc012aecf8608ac5f8442e04

    SHA1

    d5b4a355f44f99a2ff76a2d40a5baab69753f4cd

    SHA256

    57f35243321a664b2e4eb6f6e80be7e743220cf4fab56e912dda6f52f1e61bf2

    SHA512

    16bf46f412bd272a7238ea93248bc859f0fc598d139084a27f8c01e3b36d0a87bdd94a0f73cdad85b5632eee047d27e314d570b515ddc8712157722f7d0272f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA0F4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA145.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.