Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 14:37 UTC

General

  • Target

    05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html

  • Size

    461KB

  • MD5

    05690ab6eb984214769fe3ac420d50ac

  • SHA1

    404aa146e2408bfe17888ac4bed740c6c2de5c05

  • SHA256

    22f37ea68c54451fa21dd0a5828ccb39279fd284f6355ddb83fa185975728a33

  • SHA512

    e04341b3eb794b7c767c31174e5985de33d6556f2b7f398b43d556980d93d7eb8463d1d9917478260b8e316838d8bd2b57fb6d17c34ad4cfcb372f78399debf0

  • SSDEEP

    6144:SusMYod+X3oI+YXQAsMYod+X3oI+Ym4sMYod+X3oI+YLsMYod+X3oI+YQ:55d+X3j5d+X3/5d+X315d+X3+

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf95b46f8,0x7ffdf95b4708,0x7ffdf95b4718
      2⤵
        PID:1916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:4236
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
          2⤵
            PID:3560
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:3724
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:1988
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
                2⤵
                  PID:4976
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:396
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                  2⤵
                    PID:2176
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                    2⤵
                      PID:4600
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
                      2⤵
                        PID:364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                        2⤵
                          PID:2264
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4332 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2840
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1004
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4452

                          Network

                          • flag-us
                            DNS
                            ag8aq.cn
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ag8aq.cn
                            IN A
                          • flag-us
                            DNS
                            ag8aq.cn
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ag8aq.cn
                            IN A
                          • flag-us
                            DNS
                            ag8aq.cn
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ag8aq.cn
                            IN A
                          • flag-us
                            DNS
                            ag8aq.cn
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ag8aq.cn
                            IN A
                          • flag-us
                            DNS
                            ag8aq.cn
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ag8aq.cn
                            IN A
                          No results found
                          • 8.8.8.8:53
                            ag8aq.cn
                            dns
                            msedge.exe
                            270 B
                            5

                            DNS Request

                            ag8aq.cn

                            DNS Request

                            ag8aq.cn

                            DNS Request

                            ag8aq.cn

                            DNS Request

                            ag8aq.cn

                            DNS Request

                            ag8aq.cn

                          • 224.0.0.251:5353
                            msedge.exe
                            511 B
                            8

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            4e96ed67859d0bafd47d805a71041f49

                            SHA1

                            7806c54ae29a6c8d01dcbc78e5525ddde321b16b

                            SHA256

                            bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

                            SHA512

                            432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            1cbd0e9a14155b7f5d4f542d09a83153

                            SHA1

                            27a442a921921d69743a8e4b76ff0b66016c4b76

                            SHA256

                            243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

                            SHA512

                            17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            dca4b6a9072223195020bcf21e53d0c6

                            SHA1

                            306081da9de1239faa461aa7df1d3e43bb41d59d

                            SHA256

                            a252e3a9c1c0f7d5d5bc4531a18c5b648eb2389e0c5282506ff61ceec6d91643

                            SHA512

                            7b02419bba2180eca09efe82c6f2a39d14a11804afb47ed8a969a4457f95b7aea0a59298780cbebe52f2a4aecdabc9b26014f2f5ca932e71bd2124ca045fb482

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            5cdac59a2e9a65ebb77b4a78f669aba1

                            SHA1

                            f84ab77f7f1d32aed25d0b933ab0554ba65ab268

                            SHA256

                            5162d0adb8cd97ac2bfe122a874a5ca9db8f27b135bfcd5a1519228f84b6252d

                            SHA512

                            a69b858e164fa38bbfcf17f976611b398dcbb8ef5ed05790b5a619b061c5e5c5be9749e89b7e28d1f5dc1809d5cad5a69c86a532b36740bc2c31500c6420be35

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            8KB

                            MD5

                            aa8e603494cf306ea101dda4a1c1e730

                            SHA1

                            cca27e8358c4ca42574462c8ccd831d519765355

                            SHA256

                            bfdd86e51dde2dc3deb87131ede10c753cf4b613b85a1a1c1b6d9ee77d303418

                            SHA512

                            73ba05abb446657f3f38943dc66abaccb6a38d9c71d127480f691b4f5176b36e0c40f29cb91d9d91c365334abcaca9921ec2a0c2d050a29cc59e8024c0c26c29

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.