Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

052bc3aa4f...8.html

windows7-x64

3

052bc3aa4f...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    72s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 09:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    052bc3aa4f06cbe34de06f8ebf8d25a7_JaffaCakes118.html

  • Size

    6KB

  • MD5

    052bc3aa4f06cbe34de06f8ebf8d25a7

  • SHA1

    dcfad8199144cad46cfea1264de6037d7e6dba51

  • SHA256

    660919e32df4d318347f71bdebe9f1f82003fffe36b392d84049dd7199bacb71

  • SHA512

    c261f1a9096816d956a1a0274c9c116100a9f68d3fa9ed935de1efe4bf7998d66e1ebb53bd5252091edf91e5c910f91736625272612eee7a9e5f4213f6a7bf68

  • SSDEEP

    96:uzVs+ux7r5LLY1k9o84d12ef7CSTU7J/6/NcEZ7ru7f:csz7r5AYS/+4Nb76f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\052bc3aa4f06cbe34de06f8ebf8d25a7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1968

Network

  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    membres.multimania.fr
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    membres.multimania.fr
    IN A
    Response
    membres.multimania.fr
    IN A
    213.131.252.251
  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    52.13.151.103
    fc01.deviantart.net
    IN A
    35.165.150.26
    fc01.deviantart.net
    IN A
    35.86.47.99
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    52.13.151.103:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 01 Oct 2024 09:03:25 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    52.10.164.18
    orig01.deviantart.net
    IN A
    52.33.77.108
    orig01.deviantart.net
    IN A
    52.26.23.167
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    52.10.164.18:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 01 Oct 2024 09:03:25 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 213.131.252.251:80
    membres.multimania.fr
    IEXPLORE.EXE
    152 B
     3
  • 213.131.252.251:80
    membres.multimania.fr
    IEXPLORE.EXE
    152 B
     3
  • 52.13.151.103:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    606 B
     634 B
     6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 52.13.151.103:80
    fc01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 52.10.164.18:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
     387 B
     6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 52.10.164.18:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
     132 B
     4
    3
  • 213.131.252.251:80
    membres.multimania.fr
    IEXPLORE.EXE
    152 B
     3
  • 213.131.252.251:80
    membres.multimania.fr
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.9kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
     129 B
     1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    membres.multimania.fr
    dns
    IEXPLORE.EXE
    67 B
     83 B
     1
    1

    DNS Request

    membres.multimania.fr

    DNS Response

    213.131.252.251

  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
     124 B
     1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
     113 B
     1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    52.13.151.103
    35.165.150.26
    35.86.47.99

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
     115 B
     1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    52.10.164.18
    52.33.77.108
    52.26.23.167

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db43d88f499684017ae34f8d487bdf73

    SHA1

    9f2aae2b65506d69ddc677262395994f7fda6874

    SHA256

    a7e6ae7addcb5812d0083ee31b700fb0e93e07b97a9296d0c2c638104f9d1b7c

    SHA512

    10ef209daa12d278e45e21b4b5600aeaf9ef09ce350fcd76fc81c53c219289427e0146b6920c136511c463a69f8b7a20390c77f1647d82b4e8e38a7f0d5bddd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df7ab9b1fdecea0efbd18377fe9971b8

    SHA1

    7ab446c03de55649057493c539a967f5f61f5df6

    SHA256

    dca6344109b6d2f2f3e4618406cf23a312c475b0e948e3a81f4a022ccc5a42f5

    SHA512

    5b87fb7bf56d8bc4644a2cd1eb5d203714c7d7b325cb5f4a7ccba16def9811e47aa65fd544bb915bff6f9a6453fa1c9ca26cdade361f5ee73b7fd0072dbdddfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07f549677a18ce32f1f194a9fef073bf

    SHA1

    e425fb77bd1922d893e6fbdfd5e2491baacde2f3

    SHA256

    81bbe3f0c986800128461d47ae85df07341632806d52b879954c610a3511e75a

    SHA512

    14ad2852c2f719ff8ab0bc9ae08f861dc9c7dcd535c7a33bee45292aa63a876522afe1e8bea4435fb79762d0d5a838e9348a29dfce0860dddc118a5bd65bc990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45bfa3d2792f95983b80f4a1d199f61a

    SHA1

    3202ced759862a1f892a2a9904edb9f02ef91963

    SHA256

    d0fbf1de712b85e9028fad64aba642207d8d3468b6162a1e5dcff5671922534d

    SHA512

    7cd281cf6ebd4f508082073c92f05cd2b5ff7ca038e3025ee9914a36bd43e135c305627c3577447ab158c336e74d4624136b153002253d6dab00d069a2705638

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3decb1b6bcd5347f3c55634e3c2e6db6

    SHA1

    90e8aa8da4dbc2138667811320f611bbf9a2c2d4

    SHA256

    fce4178d071cda073bc925a398a8c3cb03e33dd02ef5519132cee0b3563d5602

    SHA512

    62caf17d4eff90905d3d740c2dc47b142a385f21cd6599c41375f1c6862a8547df3d3dfcf119160256793b0b2395a14b03ddffac39689c307bb7ad8eaa97e471

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3ba9ef7b788e484647886cb1f3957fa

    SHA1

    68bbad374d6161eee77c2d7f877d234b6099133b

    SHA256

    0f68b6553c5cb08a9a63d67c37cd3eb8ef65965c02dc456cad77201d615417c1

    SHA512

    713921341f6bab6530f5c2f538cfd7e6fd146bd60723acc01f9adcc048e62349696634927c0c2df26772c1740490894c0b87bff5d69a82d896f8166acd20b02a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f2ab8dd4a00f0b5951ee5c50cd7b8c8

    SHA1

    1986df4c6cbbbd0a19ad3babe3df29628b472871

    SHA256

    d216febba51ac4d30627ff08997cc45acb0f1bcbebb554cf8cc3373a7a16bafd

    SHA512

    62fafe973a1add08f17095c3fbae3d4c8907fd333aeabdd302146332edd489fc0943a067be1341db68e0796abd6992c44e38b909bfd739cb414b37b6043cad2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61e15399a747ecce7302696a2ac76d24

    SHA1

    cbdd9739ad03ca2d5b4b6011622b7a52b55d92a9

    SHA256

    814294adbcce9bab3c3fdd97eb4af1be1c451db22258ee9aada3cbd3159450ee

    SHA512

    be8bca3baeba35e4c625d94387abb1370282ff968b58d0cecb6f94a9b8290407923fa655de60bc0df93131352510bb4d2c6e2c82f4c0052ac05403d06f1ae1b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1db5197e565266c6f1d694e8d10f80d3

    SHA1

    a288504240221c0b091f8775e95a756ba68950f5

    SHA256

    d391dd718607c61a232bc1ac6437543b4fdf5f6d2844e98721af016f72cabfff

    SHA512

    7ccb6411ced47834f4f87352f78a59c77d837df691f38d26f39924d89197ce6795fd099025de4a673de0c0cd214eb2e26a1a5f676d1eaef818753dba6da95647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47353df91c78b97aa2ee616cc187ee1f

    SHA1

    edc024f671ee8802755e931fea02da66a1c1f843

    SHA256

    3bf8b80e26d6a44d310d9c230bcf92e3102cd04fc4065d8bc5afb798eb0ad699

    SHA512

    c826885dbbc59f1fdb844fcc63b226c9c93d0747728320da6f5b8efe993843d5191e4b8daaf3b43fb7963bb5299004bb88939ed221e2326035bed90e0f404d2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11901b70e9e7fa0ef6105441c9d120e2

    SHA1

    e9dff6440573253af77d13367b580a83084000ca

    SHA256

    7162bbfe42b6ea9a221d7d5be3f9216829f4ca75d700af0c7331f7cbaff00d7f

    SHA512

    ce76b60e414494fdade2c9e0f9c5a258405f2bd197cf396d875eaa3c8ab25a0988df988c0aa867c0a2df7e234262a4765369eda8e9020790f81ca55a1b0a46ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7737aa5d61e9fbfc37637b8be12beeb8

    SHA1

    fda8c21d2a3febd43d931774d1f42f29df4a6d2e

    SHA256

    213d6669f83cf09fe9ddb2733c180440b595bd798e40cbb4cde244009cc4bdfb

    SHA512

    28ec5bb44622dc3fa717dc1710997d0a80a9ce4842ae015c66f1e0bbdeefe5444be6fed1b0130179b2c971ade301f66a0f5f3b0767900b4f8362f95a43ad7249

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98353e8a86f098b33df4cfbb817509e0

    SHA1

    730e33e23a0488b794c572a25e8e569f80b9e056

    SHA256

    1020087cbbbaa3b59f58242a6a880d2e3794d531e7cd807979f3907444a7a37f

    SHA512

    88fb5db2e6ef3fc370c07757a4f27df89d79ea41bd1d022e14bcc084ff47236487ccb27f42716656d2cd391db98d5e2d08e3e0bcbf13631b461be5f444fe5c7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10cd2f0c1774718e196a484318182709

    SHA1

    9cef323ce2b077c8aff661a10ffccaf3716309a3

    SHA256

    8bc1784b8ba1e55ff7b4261a4b1a3f47c8d897ec6b758dc342c3ce6674c308de

    SHA512

    7deb6a0ece0af65f458c70e9620d881d776bdd8b3b15ba1c37226e7f0c3ef4015c5bcd9ee6c6e5ad2f999b5627f8ae0bbf47d4a1c817f5339d342dcb0f7af664

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1fcc69c535ed9e6c74fb9e254a3bcd5

    SHA1

    fd789e628029c2c52eea3c1e606998a605da87c1

    SHA256

    56dd222edaf890028ac562b026fada5001dbb3f5c414e6e9baac0173ea5febfc

    SHA512

    2c3c4b242025a864a725a8517e7daf4eef95dad62fadabb89185ca5b12a9ec1bf63b8148fa5e47c62413ea0ed8fe6e64f8cb898146dcce8c299585b2d393fd95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfd77161877acf8099743eee6d2424af

    SHA1

    d74ebc2075b3dc6ea9c0ff17532ae8b03fca86f7

    SHA256

    a0c923ed12a18a1e4860b1088350cfb706441469c0954cdf919b62f4653a6b55

    SHA512

    997427b4238153c7c3bee59a79ba37687a8473108dd9328bfb9d6735f0ac09c7ab5f09adfc609680bcebff80012be3a250aff8f50b28548738e7d15e1d36a84c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c9c04b8cae0556e650dce68c9cfdc7e

    SHA1

    1feaa41a27944886fc411020d1f614fb377ea263

    SHA256

    ef80a6f7700ffdbc30e24c0d2f9bd02e9d0235f0bf2d81a4f74384aa54d3f6d9

    SHA512

    47f89c0c7fe95cbb4910190750a152563b53b2a9f9a4c464f9d63ab3ee9a1c892b56da7dc0205b796b97bd6b12939a1ea249d145660ebafd7ac9e255411222cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a3f781cd59ef5783fe3635b83d32907

    SHA1

    3cf234636455e1205b684e5a840d5181438e5c94

    SHA256

    beb54a71af76a9badd7c152d325d1f308ff7b7f123d0fcffd2dbf12fe95e1a96

    SHA512

    1a475ed845ac1845e520164fc9ede0a360e93cdab44e2a5c1b8c2ab232b231ff0c507f4b531ef661a0fa8913230f89f28478602fd1822a6e549d82834331f73a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f66893ce53f757bc2d10fb9b011cc67e

    SHA1

    c250df5dd89c06972839ec98d8f9c936dabd9af2

    SHA256

    e9c78db7b4b87891cba1266527f16e45115495838fcc28db9f95a645a6a58ab0

    SHA512

    11d98f8c1e578cb9f97b9a4971bc46d2a944ac962e6ec24367ff2c53056f85063b0039d82185478541c9618e775aa0a0fa6cb31025a31450e4df715e6074eaea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5F61.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5FC3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.