Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
02/10/2024, 14:07 UTC
General
-
Target
0b0a2731eef31ed0c6ab0b6c253a6fce_JaffaCakes118.html
-
Size
101KB
-
MD5
0b0a2731eef31ed0c6ab0b6c253a6fce
-
SHA1
3368c4437dabdb68bbda18568f5d9a0c8fc1458b
-
SHA256
788b033f4d8e891eb4e5731a4284a5bc3ba2d79a9e51aae5fc01f4595138dbf2
-
SHA512
352f61208d3f1104d2f9a670d3fb9e5b6b53c88eb073b4647d50535b3eb4e40e523f58c35343abff85c980e9b70036a6910347f1793ce1c7a59d5292ac369a8c
-
SSDEEP
3072:SfI3so9bz+wbPl9ILwbi69WhFkax0T/EVTHxEcaVTAF:S6RTAF
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b0a2731eef31ed0c6ab0b6c253a6fce_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
-
DNScpro.baidu.comRemote address:8.8.8.8:53Requestcpro.baidu.comIN AResponsecpro.baidu.comIN CNAMEcpro.e.shifen.comcpro.e.shifen.comIN A180.101.49.201 -
DNSgg.a.5d6d.comRemote address:8.8.8.8:53Requestgg.a.5d6d.comIN AResponse
-
DNSbbs.vc52.cnRemote address:8.8.8.8:53Requestbbs.vc52.cnIN AResponsebbs.vc52.cnIN A119.98.223.176
-
DNSmessenger.services.live.comRemote address:8.8.8.8:53Requestmessenger.services.live.comIN AResponse
-
DNSimages.5d6d.netRemote address:8.8.8.8:53Requestimages.5d6d.netIN AResponse
-
DNSshow.union.360buy.comRemote address:8.8.8.8:53Requestshow.union.360buy.comIN AResponseshow.union.360buy.comIN A58.83.220.26
-
DNSa.alimama.cnRemote address:8.8.8.8:53Requesta.alimama.cnIN AResponsea.alimama.cnIN CNAMEa.alimama.cn.danuoyi.tbcache.coma.alimama.cn.danuoyi.tbcache.comIN A79.133.176.243a.alimama.cn.danuoyi.tbcache.comIN A79.133.176.234
-
GEThttp://a.alimama.cn/inf.jsRemote address:79.133.176.243:80RequestGET /inf.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: a.alimama.cn
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 3691
Connection: keep-alive
Date: Wed, 02 Oct 2024 13:57:02 GMT
Vary: Accept-Encoding
x-oss-request-id: 66FD512E685CB035320AA83F
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15317270369186392877
x-oss-storage-class: Standard
Content-MD5: 0Jz2LYtM9hnrg0DmjiR0IA==
x-oss-server-time: 3
Cache-Control: max-age=2592000,s-maxage=3600
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: ens-cache10.l2de3[0,0,200-0,H], ens-cache11.l2de3[1,0], ens-cache2.gb6[0,0,200-0,H], ens-cache12.gb6[1,0]
Age: 656
Ali-Swift-Global-Savetime: 1727877422
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Wed, 02 Oct 2024 14:00:19 GMT
X-Swift-CacheTime: 3403
Timing-Allow-Origin: *
EagleId: 4f85b0a017278780787465446e
-
GEThttp://a.alimama.cn/inf/main.js?_t=20130530.jsRemote address:79.133.176.243:80RequestGET /inf/main.js?_t=20130530.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: a.alimama.cn
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 6684
Connection: keep-alive
Date: Wed, 02 Oct 2024 13:23:51 GMT
Vary: Accept-Encoding
x-oss-request-id: 66FD49674E29A530375ECF35
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14870770248734017902
x-oss-storage-class: Standard
Content-MD5: wsDRu5ZiPPQUdgF05C7N/A==
x-oss-server-time: 20
Cache-Control: max-age=2592000,s-maxage=3600
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: ens-cache4.l2de3[0,0,200-0,H], ens-cache14.l2de3[1,0], ens-cache10.gb6[0,0,200-0,H], ens-cache12.gb6[1,0]
Age: 2646
Ali-Swift-Global-Savetime: 1727875432
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Wed, 02 Oct 2024 13:26:26 GMT
X-Swift-CacheTime: 3446
Timing-Allow-Origin: *
EagleId: 4f85b0a017278780788035498e
-
GEThttp://a.alimama.cn/inf/type/f.js?_t=20130530.jsRemote address:79.133.176.243:80RequestGET /inf/type/f.js?_t=20130530.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: a.alimama.cn
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 832
Connection: keep-alive
Date: Wed, 02 Oct 2024 14:07:59 GMT
Vary: Accept-Encoding
x-oss-request-id: 66FD53BFE78282373020832F
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7426797296705371778
x-oss-storage-class: Standard
Content-MD5: hry7ZuM09h5mLEyon4rhCQ==
x-oss-server-time: 32
Cache-Control: max-age=2592000,s-maxage=3600
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: ens-cache10.l2de3[661,660,200-0,M], ens-cache14.l2de3[662,0], ens-cache1.gb6[1026,1191,200-0,M], ens-cache12.gb6[1192,0]
Ali-Swift-Global-Savetime: 1727878079
X-Cache: MISS TCP_REFRESH_MISS dirn:12:225176785
X-Swift-SaveTime: Wed, 02 Oct 2024 14:08:00 GMT
X-Swift-CacheTime: 3599
Timing-Allow-Origin: *
EagleId: 4f85b0a017278780788605539e
-
DNSst.5d6d.comRemote address:8.8.8.8:53Requestst.5d6d.comIN AResponse
-
DNSs6.cnzz.comRemote address:8.8.8.8:53Requests6.cnzz.comIN AResponses6.cnzz.comIN CNAMEc.cnzz.comc.cnzz.comIN CNAMEall.cnzz.com.danuoyi.tbcache.comall.cnzz.com.danuoyi.tbcache.comIN A122.225.212.209
-
DNSz.alimama.comRemote address:8.8.8.8:53Requestz.alimama.comIN AResponse
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN AResponsehm.baidu.comIN CNAMEhm.e.shifen.comhm.e.shifen.comIN A14.215.182.140hm.e.shifen.comIN A111.45.11.83hm.e.shifen.comIN A183.240.98.228hm.e.shifen.comIN A14.215.183.79hm.e.shifen.comIN A111.45.3.198
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
180.101.49.201:80cpro.baidu.com -
180.101.49.201:80cpro.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
180.101.49.201:80cpro.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
180.101.49.201:80cpro.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
79.133.176.243:80a.alimama.cn
-
79.133.176.243:80http://a.alimama.cn/inf/type/f.js?_t=20130530.jshttp
HTTP Request
GET http://a.alimama.cn/inf.jsHTTP Response
200HTTP Request
GET http://a.alimama.cn/inf/main.js?_t=20130530.jsHTTP Response
200HTTP Request
GET http://a.alimama.cn/inf/type/f.js?_t=20130530.jsHTTP Response
200 -
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
58.83.220.26:80show.union.360buy.com
-
58.83.220.26:80show.union.360buy.com
-
122.225.212.209:80s6.cnzz.com
-
122.225.212.209:80s6.cnzz.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
58.83.220.26:80show.union.360buy.com
-
58.83.220.26:80show.union.360buy.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
122.225.212.209:80s6.cnzz.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
204.79.197.200:443ieonline.microsoft.comtls
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
14.215.182.140:80hm.baidu.com
-
14.215.182.140:80hm.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
111.45.11.83:80hm.baidu.com
-
111.45.11.83:80hm.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
183.240.98.228:80hm.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
119.98.223.176:80bbs.vc52.cn
-
183.240.98.228:80hm.baidu.com
-
119.98.223.176:80bbs.vc52.cn
-
8.8.8.8:53cpro.baidu.comdns
DNS Request
cpro.baidu.com
DNS Response
180.101.49.201
-
8.8.8.8:53gg.a.5d6d.comdns
DNS Request
gg.a.5d6d.com
-
8.8.8.8:53bbs.vc52.cndns
DNS Request
bbs.vc52.cn
DNS Response
119.98.223.176
-
8.8.8.8:53messenger.services.live.comdns
DNS Request
messenger.services.live.com
-
8.8.8.8:53images.5d6d.netdns
DNS Request
images.5d6d.net
-
8.8.8.8:53show.union.360buy.comdns
DNS Request
show.union.360buy.com
DNS Response
58.83.220.26
-
8.8.8.8:53a.alimama.cndns
DNS Request
a.alimama.cn
DNS Response
79.133.176.24379.133.176.234
-
8.8.8.8:53st.5d6d.comdns
DNS Request
st.5d6d.com
-
8.8.8.8:53s6.cnzz.comdns
DNS Request
s6.cnzz.com
DNS Response
122.225.212.209
-
8.8.8.8:53z.alimama.comdns
DNS Request
z.alimama.com
-
8.8.8.8:53hm.baidu.comdns
DNS Request
hm.baidu.com
DNS Request
hm.baidu.com
DNS Response
14.215.182.140111.45.11.83183.240.98.22814.215.183.79111.45.3.198
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD52253d31e1ee423712b6abad6d8224eef
SHA10b7c4eea9c8b5b647e6506ac5f3b5357d2b73c09
SHA2563382f233609098895bf59cfb33087a092ca1582af71254bcba8b5e5b950b478d
SHA51273b48296c56245f82001f91935b4e4482ae6ff8688d42ab3eb4d674bb4da77cd27202e719971466f8de94857f9b5d1422afde88fbdb360f261451a607d618903
-
Filesize
342B
MD5f512bdb8c9e39a887bbfe5d8c427a58d
SHA18f86fe1f44a5d27669f2b0a2b0da16ef9bd1f6c3
SHA256907e352fb5afa8595797546387ee7a14db98015dc8fd2c9ab2c2830c2e44dd48
SHA512d2b6b115ca8af3e321cdd8c192336fd5fcec1da729c4a7812ac95c62f96fdafe52cbb936b7238a9eb36b8072a1ff37d454085351dde9cebfeb7066d394f00032
-
Filesize
342B
MD5f16b768b3d97c9fcf2b4555876619da0
SHA1c97009e65ffff0fd64df754edfcdb9a8993789e6
SHA256288585b81458e842e2436c80dbc844b233d997a0fd698c569047a052ed306c66
SHA5120f6ec1c674ec1569124adb83294877596f4b9cd04aed223820b596a07bebba49c3f6f55ae3f3fc4ed91f50e6a6df117510b7606d111a3875a75a85443b3f959b
-
Filesize
342B
MD5c55662cdfe0189bfed08af3534a71725
SHA19972c5c62c54592b9a2fe5b5c762a2279c7cf05e
SHA256e0ab8dafc58eeeb26cb1e4d9190f8643e2f9fc401e3a5cfd0f2b8b1fd0958d03
SHA512eb66795ffc9694f2c06fdf4b49efd157f251d59a8de3437e667159347242a88172916d5d247db23924cb950e5c1aab7995409e3e7cf4aa866ec0b062dc3122ed
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b