Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

f23cd2c65d...8.html

windows7-x64

6

f23cd2c65d...8.html

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f23cd2c65df5b04eea1a9a2f7d66bf1d_JaffaCakes118.html

  • Size

    42KB

  • MD5

    f23cd2c65df5b04eea1a9a2f7d66bf1d

  • SHA1

    6c21b175bcb9ff58131e940b1df3f2e9e8fde5f0

  • SHA256

    90d9d69c328712d271eacc7a8e8848a4b9a030ea5b79e5d85e06fcf1959c3855

  • SHA512

    df8e24ba24a00af99c6fc1c886468588b55f0d36b64eeb9fe0593eda054dafa6b35ab3581c3fdaef1d587f6ad161bab910e2cb20b5a9bd72ef2c287657b66d5c

  • SSDEEP

    768:zS25+ilpzpDxW+3oCyk0SCFCViRtye+QWihHSe56CgiBqobpADrFT:zS2LMC7CFCViOo/6CgiBBbpo

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f23cd2c65df5b04eea1a9a2f7d66bf1d_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8522546f8,0x7ff852254708,0x7ff852254718
      2⤵
        PID:4720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:1096
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:2980
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:4728
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:3172
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
                2⤵
                  PID:2188
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                  2⤵
                    PID:2236
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                    2⤵
                      PID:3528
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
                      2⤵
                        PID:4036
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 /prefetch:8
                        2⤵
                          PID:3140
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4780
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                          2⤵
                            PID:3584
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                            2⤵
                              PID:2356
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                              2⤵
                                PID:4660
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                                2⤵
                                  PID:1052
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16298020989826640116,16618066159091991642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5060
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2052
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:212

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7b56675b54840d86d49bde5a1ff8af6a

                                    SHA1

                                    fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

                                    SHA256

                                    86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

                                    SHA512

                                    11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    48cff1baabb24706967de3b0d6869906

                                    SHA1

                                    b0cd54f587cd4c88e60556347930cb76991e6734

                                    SHA256

                                    f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

                                    SHA512

                                    fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17bbcbba-1da4-45f0-af7d-55b4a376d2fb.tmp
                                    Filesize

                                    2KB

                                    MD5

                                    5ff02bf027d0ec65bf4e3eb865c2e7de

                                    SHA1

                                    173f58cfa70badf5afba3e8a2a31f3663b9c870a

                                    SHA256

                                    73f53ee41353a465faac7a60b1c4e7fdb008597291cb680fa9a474d2bd8b5231

                                    SHA512

                                    fe1b92788d4001c1ca1b02d2bb889b17efc696bdb1196daeba72d9bf329f8dc8a705270f8262b1d79f1cdef315e182b1dcb6dbcc81bbadf94fcf4b112a7d1f40

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                    Filesize

                                    19KB

                                    MD5

                                    504c509e7ccec111dcb2a0736c9a5ba8

                                    SHA1

                                    6af2353a0d05f0c7ba50f0f93d90c241cf89c146

                                    SHA256

                                    27129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a

                                    SHA512

                                    3ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    168B

                                    MD5

                                    bdb91a4cd133cb1a960da8813c501dd6

                                    SHA1

                                    db865e10fe63b5fa7ec46dce1af7670567b736cd

                                    SHA256

                                    62c9efb6f21fd698237f2848850af7f3b5f4b3058bda3ceaedcc48fd371505ed

                                    SHA512

                                    916b27930d8025d2b8bd00a60d801f3aeda37db3190de69c9e6426c348609bbc4e7425086c8d6a2084c6d4bbb306cf06cf6745ce9fb434cc14492eacbb894cde

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    96B

                                    MD5

                                    0e29a4a144df0e4f5d8f8411ef0c77f1

                                    SHA1

                                    21182358d8edd718237a740d7f46893ac1da05a6

                                    SHA256

                                    364763799da21f4c33b35b221d436a660eaf83d11186f0081b9d404b1e031c3c

                                    SHA512

                                    0fc8a3b8ae5774a54ca5044f284c72b0e4eb1b29161b37f3fa8b0dea0b0e0a1b2659f52a8c15f2bd05b1b672169ca91fd630f74b93fada5c117b0b4eb23dadbf

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    77f15387a16fb6664e38ddef4735c7c6

                                    SHA1

                                    b44c7743a08d1c5fc9c1818e85b6687d77e52bdd

                                    SHA256

                                    7dcbeb51b8df53d9b69c82893aca88a487469da0c287298a72061b5f08815ba4

                                    SHA512

                                    56a81a4a6e0b0486a5cdf79577d376e23a07df6ee7fa8bc4995d4f54c8d24c0cd77ab084fd2d4174f5e100e0bdaffde1684effae6915fd302f700abfa74ca12b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    d3a6feb73cef3fb60f526e04fdba92ba

                                    SHA1

                                    541615f2958f7488400d33312cc96a323d4d1425

                                    SHA256

                                    eb1cd856d90c0192db638ae0205d24ba4381af217831710fde489d9d0efe6f47

                                    SHA512

                                    9a576e09ba74de7787b2c4d8369e4251fb7502272d0b79bcdc64be252d0914d9aab5500f604caca38bafed4357038e57d52822ba9d1a24ce918919ba11c41a1a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    ac84fab99413fbb1ad9a3659f2d85aa3

                                    SHA1

                                    eb462c64093dc08bbc18d393988ebd0d843a81e7

                                    SHA256

                                    3f3b9b1a36e5e89cf4a7c4987db37cdffff1379caa7bbadd9b641647c453994d

                                    SHA512

                                    1f93a33611f7768d5017d652f59110b14cf5d7577738b9aff23f86ed3046eb549b256f9ac8b47e587b0129a6c01842a8964180533e10d94537cfcc37cf377849

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    532B

                                    MD5

                                    709f26c91c802d1b944a3340d19a0dd8

                                    SHA1

                                    d34f185af6abcab23b548672e52daf14f07f8f75

                                    SHA256

                                    882c60decf12a31915cd5c4c0bb14d9439a06a46eac1d50ba183c309d2db8877

                                    SHA512

                                    0b644701e08f4c4fe04465940626972491207d97fba03c3663e950b9ee7e34a85ffdd91217afe76e34909c4f7dd1c82bdb198f680669dfb8ab5e185a7702f3d3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5837f3.TMP
                                    Filesize

                                    201B

                                    MD5

                                    e8044edd82b98097cf03960d3b302d7e

                                    SHA1

                                    16fc5c6abd44b15a5d68d9812b1135b54601391a

                                    SHA256

                                    fa25b44ea53bc349e28323240ef1f873b349c252fdc242243a1dc5c1bcdbae7f

                                    SHA512

                                    2a110a34058072eadd3bf1bb2e3a44aaaae86a47592b504dbc9eb3f335c6126e048d02f506e87ac0148a0d4c24f89c33baa59302074f2383b17352122a231f5e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    0eb8cc5359b0f0267c585d84979634ee

                                    SHA1

                                    0ceb9e19dc8c572142c43a8da5abccc2481bc75d

                                    SHA256

                                    1685e489bc77ad299f2941a62939f8edf5469de687efeca924f61b2f3b5b07db

                                    SHA512

                                    af1bdc2da526ec817b8e3c6aee85e636bcafe7158e18d0e7dd69ed522a077c29b8de2b3299726af9d8a843eef2207741bed672c9d258c5687ad682180aba4b25

                                    Download Submit