Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
02/05/2024, 03:52
General
-
Target
0d6a0c69a3c67d34b3fb16ee542bb4cb_JaffaCakes118.html
-
Size
19KB
-
MD5
0d6a0c69a3c67d34b3fb16ee542bb4cb
-
SHA1
706b3ca84beaf825b210125db01b7a50ad0b461c
-
SHA256
2e449f3821a08de0109a1ccd77d2c53d431c2ce73cdea4288997d8735c273d49
-
SHA512
faa9647a343f9eca4a69dd44ef5f83423acf2f14660a00bffd8545a0e2d7ff6ad4b5a67745316c744f56791d5be191861e7274636166997c71d2acb7b2dab10e
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIv43zUnjBht382qDB8:SIMd0I5nvH5svtMxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d6a0c69a3c67d34b3fb16ee542bb4cb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72a446f8,0x7ffe72a44708,0x7ffe72a447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10781637871706393141,12472600161033268156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
6KB
MD52daefd8a891674d6139b70c1eff01827
SHA1641827df0665f1478b76129351542fbfd3d4337c
SHA2562e9c98938b8485b16e687400d97cbc6899573d6ec8b9bba391201b0f024dcd71
SHA51262da518ca1aa0c61753a359bd6bd9043c481e6190ea2d0f8e7b40fbe05b730a2961222c2e735b7f5f02fdd2a7eac61e5fa3d1a2010d4b37cc15d2c27e569fb1a
-
Filesize
5KB
MD5c0093ce5d027eb529fed580b7f7f1bff
SHA19448173622d3c4c0c60f05f0a30e5c7f6f76a8bd
SHA256de1e2d22f00da5692e3ecb9e99d5af5d6befea928f4415d3f18ac78a22ab5747
SHA5120b5cf5a1ea746266e2fb181a843fdac26208c751470435db8c6fb490478d140b3bcf297b03ac15cb77707322d2631d0e16750db4bd681bfc9eeef58ea139894d
-
Filesize
6KB
MD50719d837036bfa9b2f7bdce02aeaf7e5
SHA1732b3b2412f300f24292f5c5cea67426f634b72b
SHA256593cfbdd910c689888b1d8af3d12f3c7823c989282c6315425fa19b3feca57f6
SHA5120dd75fccfb2b0c0979ef612cd67dd8dea92f29ef031f1bcabb23035dd65ca87cb951905e61a145c23417ac83b7634aacc8aab188aedfbc15177eb997e5b36099
-
Filesize
11KB
MD5d3a95c6a5fc6d77822d35cfbf30cfcfa
SHA10040a9de1a99706043af0ae61b723bbd789af678
SHA256993b2365ea7a0aff801e30d6d4d13d0ecb5adb42807e796fef2b1a107afdf20f
SHA51264b48167fabcf36b816c7365f966d6f27fa6dea86b72da99701f311199a187ca6e545e92580ec9caf11e2bf74c8c835a2754b7031b3d655febe6e419738c02be