Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

0db9164529...8.html

windows7-x64

3

0db9164529...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 03:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0db916452902d06348a1bdb3d460e70d_JaffaCakes118.html

  • Size

    138KB

  • MD5

    0db916452902d06348a1bdb3d460e70d

  • SHA1

    3d2e5258220a7b5b4900f9ae2f1f7617db1d2957

  • SHA256

    adfe9259a02a9ae51144821457ceb28805499bd9f30b870c08f3d7c54868acd1

  • SHA512

    afcf0960c1c4f699d9857b05e4e12ae719a3ece7ac20471dbd3e697cc1420833db46842cb50606a022b5f479acc8d23627293e78a9635cf2497b02f2fa5bfb96

  • SSDEEP

    1536:SO1+AlYFvjyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SOwryfkMY+BES09JXAnyrZalI+YQ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0db916452902d06348a1bdb3d460e70d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

  • flag-us
    DNS
    chainh.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    chainh.cn
    IN A
    Response
    chainh.cn
    IN CNAME
    overdue.aliyun.com
    overdue.aliyun.com
    IN A
    170.33.13.246
  • flag-sg
    GET
    http://chainh.cn/js/jquery.min.js
    IEXPLORE.EXE
    Remote address:
    170.33.13.246:80
    Request
    GET /js/jquery.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: chainh.cn
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 03 Oct 2024 03:34:06 GMT
    Content-Type: text/html
    Content-Length: 419
    Connection: keep-alive
    ETag: "6642ecf7-1a3"
  • flag-sg
    GET
    http://chainh.cn/css/nr.css
    IEXPLORE.EXE
    Remote address:
    170.33.13.246:80
    Request
    GET /css/nr.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: chainh.cn
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 03 Oct 2024 03:34:06 GMT
    Content-Type: text/html
    Content-Length: 419
    Connection: keep-alive
    ETag: "6642ed07-1a3"
  • flag-us
    DNS
    bdimg.share.baidu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    bdimg.share.baidu.com
    IN A
    Response
    bdimg.share.baidu.com
    IN CNAME
    share.jomodns.com
    share.jomodns.com
    IN CNAME
    share.n.shifen.com
    share.n.shifen.com
    IN A
    163.177.17.97
    share.n.shifen.com
    IN A
    182.61.201.93
    share.n.shifen.com
    IN A
    182.61.244.229
    share.n.shifen.com
    IN A
    182.61.201.94
    share.n.shifen.com
    IN A
    180.101.212.103
    share.n.shifen.com
    IN A
    14.215.182.161
    share.n.shifen.com
    IN A
    39.156.68.163
    share.n.shifen.com
    IN A
    112.34.113.148
  • 170.33.13.246:80
    http://chainh.cn/js/jquery.min.js
    http
    IEXPLORE.EXE
    920 B
     838 B
     9
    6

    HTTP Request

    GET http://chainh.cn/js/jquery.min.js

    HTTP Response

    404
  • 170.33.13.246:80
    http://chainh.cn/css/nr.css
    http
    IEXPLORE.EXE
    868 B
     838 B
     9
    6

    HTTP Request

    GET http://chainh.cn/css/nr.css

    HTTP Response

    404
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.244.229:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.244.229:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 182.61.201.94:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.94:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 8.8.8.8:53
    chainh.cn
    dns
    IEXPLORE.EXE
    55 B
     103 B
     1
    1

    DNS Request

    chainh.cn

    DNS Response

    170.33.13.246

  • 8.8.8.8:53
    bdimg.share.baidu.com
    dns
    IEXPLORE.EXE
    67 B
     252 B
     1
    1

    DNS Request

    bdimg.share.baidu.com

    DNS Response

    163.177.17.97
    182.61.201.93
    182.61.244.229
    182.61.201.94
    180.101.212.103
    14.215.182.161
    39.156.68.163
    112.34.113.148

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c5e644431e09ddc7e6e296d174e8823

    SHA1

    f19dc0c005c79394baaa09cd7e52ccce0aa7b52c

    SHA256

    d354fa4645f0ac8bfb4860b62ba6b944a19b95026391dc2591ad3c096f71818b

    SHA512

    d6ca61bcace186c8d70b9ce199f93cd821c6eb8386825285e2ed9440957424a5e791a96d56be8a9db1d1c596aa13de6fe0c2584b01153f66df8cba968a76e8fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64e72dfcc3d864e48c7929c1587bb9b0

    SHA1

    aaa6f8e1b0930f82c9676aa9973b1bee599d0a11

    SHA256

    560b5f93bc623a2d7c3b814109abb76b58054cfec908cbff11b09f6dce2c4a5f

    SHA512

    9a6bd94a38b1a525d235f454480a8e19441d33be3ce68803f03cc17d45a2ba469bab86cb63baefd4893889fb49dba43dd402aad5f9e5eeafb718c8ee5bac842d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6941802cf4c6e2c54e634d64ec00cbfd

    SHA1

    67b7c4bfdf16678773555272a32a53446602c504

    SHA256

    b779ddef5456effbb368dd440d3912976ef842b835d92cbf0df4754efc7943ce

    SHA512

    15c6b9a643c656624eb3b1b16db69aff0f1129661ae6bcff6487f7904a7a346d25fa2bd36a14a807ab607605a96a10319ae8ff2cefb34396f6c2697c68e063e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fee62224ce1697e53ebed87f726ae9b3

    SHA1

    b84b691428f8d01e52d32eb2f1cbc4c8060e6c59

    SHA256

    823e6984b087ea7118d7b5c49913c8d2dec488c4ab7228bd07a1cdf7c9578f58

    SHA512

    5117a21f66debf4a4aec6e1e43d23a6009fac3586beead486f3c6de379c368da5a31b153968d49c1fe2a0bdff26af5e7ec6e2edb949d0a259d676359da2d4bc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5ae50002f8c953e3c2a90e64a4c8f2d

    SHA1

    6216c36ed363c5f4208e6518ed232de5fdabed62

    SHA256

    94a5cc284968ce4010b4d67f37deed4c6bfce7195ad23ea0fc9e633e3147de1c

    SHA512

    8c3c6e957b6c1e11d8a249f5145f0a3c3d36ba795dc83f9231cc7230b8af7301bac38e81489909539ec59839563fa00b96bdb9e6b0b067d7c49041d3b3648f8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61547e8f1de830358f8dca4f735d57bf

    SHA1

    0e32c31f95293c579965fa97bb05652110de9f89

    SHA256

    eb4ba54401ae76ad9043514b34f703f20bcf8c434842e7c4acc4fb4a59cca3e4

    SHA512

    e1f675a4ddb0e74b31c63bb825048dd84569a390a4451594322bc810693746d335f4ec518f97df64a8e1070aa96d679273245c25604983f4780dbde2a9307a93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd0b1af58b1481ad97a8b6ab40f347ba

    SHA1

    7a4933f43d1a62b1f9c6c80250c0f8e944a78de3

    SHA256

    c4dd0434fc210e8b41b0527e1bc8f6f6486f001a0edbc5ea754c0b4c07ed59d8

    SHA512

    662d3972e178cf9608f83dea5fc29e11ed4ddda2127dc745a0a241eaf42dae0a4c2ac0258a6a55bd4e206b111b09476a60fcf6f15559c6a586a50651e01ac99d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecd9eb3377d43c7e3bbdfad6da365cfc

    SHA1

    75f5cc6dec47708e5b5b511a05926e9d0203ac10

    SHA256

    0eeed2d5bd34ba39a8e3da0c879b2cf3872877e656740596a5e867dd637a2c37

    SHA512

    0d55d92ec74f04842b83eb845b95e9668f40cc0d3a3391e611b2ec628bf52c139fc32c581984b8595664e7c17ba7aa14444372e7505b1f6d61888377a4dfe19b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab35f6b162fb6d3a03e5bd735d57e060

    SHA1

    cea66c796ecc8ab469c53a31fc57eb2ac4251c15

    SHA256

    94546033380eba6bdf44a731aaa404bca2c544ea100de9aeff324ec3136839b0

    SHA512

    b184640347d6ba56676bd38204fd65ff8f8ce9fa245f6c4b12435806339c6f7bae82a3b3e5965641077a59feeae152ed3bc944537c4281ad72953617370229a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0d001234d9cd23f8fdbffd8b5965ea6

    SHA1

    09e63767273911fbaf25d0b5efe021d4084efffc

    SHA256

    d3863704742db2552bfc92fdc9f5d1e61d47ba33564831fd76d56aa41dc96d61

    SHA512

    fe51287cb67e832b22037005906f6e960144f2384585ed3548e6133809918f599c2bff9d18a923644d9749d4ef8938f71bc8c581e8f99939a8c6561b25ec4bfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c889cdba6f3631361b44e6e3f3f58bf

    SHA1

    0271fced00895b7604ebda6d0a8e900cd18c82a5

    SHA256

    a103182da1e0a7c4225feec5f43af9a60a5948d903ea2cf555fd3e6aaf8b2a5f

    SHA512

    a0460e5fb8d8d01a023f3eeeddb880a07e5a795dd5e7d5cd9908280f90b408dc5fa13676cfeeace8c768c807b11e6ada1c0408997f8a0ce02f49aae5c8a889b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    845ca63e757619006ceebcad3746c180

    SHA1

    4c2d43d45bbf95af2386b1e76cc5c6f1dec267ab

    SHA256

    131445c31f94eb62d0bc95ddbea525ae2b3601b5a20369308fbb19b78584f915

    SHA512

    eaa684e51de761d2681da25e362532af08b91efc8285ee3282c72da10efc808b0ef86bf4ea73d61039b65fe18d97b0b843bc4bde8ee8b56138062d37a6d25c67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a743a524a5a54125d0d99ec7d6a7496

    SHA1

    b1d2702ce6e7c97d0cd08dda7f5f3b409dd6b91f

    SHA256

    f9471d8dec3c3398491847d942c3ce574a3b53478ce87f26779e67d49ca3f2e4

    SHA512

    1d7373c49fd7841e75f931976acfe3d87f91c046ca38cd76a4a7d1dc2e4da3c16706b0934cf0929659930a75d5f6bcca9714736c1bd4e1f984390ecf2a4d5410

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9a0cbf1a9b852119000a8de571cf7e4

    SHA1

    9e68400aa5730905f2e9f0c02d9c7b1b4fa0847a

    SHA256

    92afcca32c3b73a857a02ba9e1c0dad19270ee11fc871a7eebe0c5564f269df4

    SHA512

    86e6a1850644e2e59b538aeb3c6291a03a7fe202aeae829136ceb5450395d5e511370554a1aceb021859d8129e0fe8c08f492ed673dcb047eb4ad32e3f3b8ba8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9609cb20ac862577e569228faf79cca2

    SHA1

    d494ddc5713184874c26068c3042659abcdbb09b

    SHA256

    ff88076debac85278491225d8ba5f3675cfe26ca0346d7e44e26985ae304e2c0

    SHA512

    5e5b7aa6cf9cfc4fad7b5d69b5e654b8c21fd5c6501e56ac9d2dbf895b9ce3da0a611ead27a61a092b5837d8ae6d02d68806fa45e8a53185d7b1cf65a7bacbb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c93dbc33d11f3beb0410be9e3397ee5e

    SHA1

    8f4e8eecc2628469199841e6edac9404d196b72b

    SHA256

    6921cdbb78d81ea2a70fbfe12e0ddad96b3371be2274590b50ffa6072ebb0005

    SHA512

    dea3db2af23cb7f0d20c303f25aba889c88e4b83fb308dc1f3d3fb5d22af78ec4a98bae3db8c3d371c8799d93d8008adefc02142ee2bafa7481e50f06039a5f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    690dbd3a758b8bb15c4bcb5a3af82b2c

    SHA1

    efbcdd70791b2213c1fcbb739ff94fea7571c7df

    SHA256

    2a7280e9b38611266117957c3d68b914574b3e3579e915a532684a1c30fb62c2

    SHA512

    49a69c413b6f1241f14b66fc7d3991f3a5caf17cee19c3fdd70594908974b6e693d03b0ed8155f634c3f5ae0ec6ae3b2824c2a7a227c7823569493b99c5e51c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c3151b7645f6d7ce7c18a368ca0e682

    SHA1

    3ce574c653ddc68d2ea749961caaa0a1b57f6a0c

    SHA256

    84e52512542a86daf9d49b363eef7693f847a899ea4ee57c9a2fa3fb7a16f6f2

    SHA512

    9cb7a9fb5284cc178c1602d35d4bef9cb29ea46e79473e278f4aa92b43ceb457dba9c7b835e0f4ca6b8e38ba018ee4fb6ee4026a013a8ffe40f0f4aafd75ac6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e23585fd5779d4e29ff300a66cc8eff

    SHA1

    7d0d38542b7c72fb797594b0962281cc34dbac9d

    SHA256

    cca48d3437e7560c8003275cef7cc583cad4d36635cdffb9ad5a695b2ce6dcc7

    SHA512

    5f8001334c2094b81f0223cc26f3ba523d673e9329700bb693e1b4e7abb9e0178db0d7da18e33493eb20a28b61b507bf9f783cb0e7682adfd90af3a5860d676b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7467.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar74F6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.