Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2209fd1723...8.html

windows7-x64

1

2209fd1723...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2209fd172360655037f74ef373acb4d5_JaffaCakes118.html

  • Size

    37KB

  • MD5

    2209fd172360655037f74ef373acb4d5

  • SHA1

    7e2829f053613c4a19a2609621c55f85973cb246

  • SHA256

    0ddf83957fb2c19e0a1debb7f27560b491d4a7d3716ff1261f5eda9c381f0e7b

  • SHA512

    d842e70422584c380eb4050744cfe5bf4a75b525c61b077650dcb95fb8730c04301766e209225c1ec04c8f8ea01703228ae7ea0027a6b2d390039cf591f88a0d

  • SSDEEP

    768:LjecSODRbUIov/xMedxcdVO4VXyx5Kyzfor0ZWu61tKmFEpYz/b1L0wYT:LjectRbUIovN6XO5Ffor0ZWu61tKmFEp

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2209fd172360655037f74ef373acb4d5_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
      2⤵
        PID:5008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:4696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3344
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
          2⤵
            PID:1040
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
            2⤵
              PID:1708
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:2612
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                2⤵
                  PID:4108
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                  2⤵
                    PID:3084
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
                    2⤵
                      PID:3888
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3452
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                      2⤵
                        PID:2136
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                        2⤵
                          PID:1112
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
                          2⤵
                            PID:772
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                            2⤵
                              PID:516
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2368
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4892
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1048

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                4e96ed67859d0bafd47d805a71041f49

                                SHA1

                                7806c54ae29a6c8d01dcbc78e5525ddde321b16b

                                SHA256

                                bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

                                SHA512

                                432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                1cbd0e9a14155b7f5d4f542d09a83153

                                SHA1

                                27a442a921921d69743a8e4b76ff0b66016c4b76

                                SHA256

                                243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

                                SHA512

                                17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b717389-a5c4-4155-ae67-93e5933852b0.tmp
                                Filesize

                                5KB

                                MD5

                                acd56b829f2f1e1d4fff4278bb71f6bd

                                SHA1

                                0caa28afd863f5b380e4184f4fc9fe6d896f4832

                                SHA256

                                183cc8c129c768c4c2bcd69d0613a35d3d773001bd2c0090335c26abee882791

                                SHA512

                                9518162355870e6716bda38d8387835bc141278aff2527f93d6e844abc94f9a55a412f62b38b9e23e02861941566a525894993d11a18fa668c69c5bd4aafb845

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                Filesize

                                22KB

                                MD5

                                5e74c6d871232d6fe5d88711ece1408b

                                SHA1

                                1a5d3ac31e833df4c091f14c94a2ecd1c6294875

                                SHA256

                                bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

                                SHA512

                                9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                144B

                                MD5

                                b072d147452dbf95f138baa9f603f1fe

                                SHA1

                                d35a5632b11cf94ca137addc7d470c0b108ea89b

                                SHA256

                                aa26491ad5de0f621bfcbb2a81824f0a5433729a039ea221b0e3d1484a09ffde

                                SHA512

                                da6efc7d3ee67e8449ad303eaac08d64db103561415298a15d3e6161536fe2b2fb58d6d931df512755affec97a6d1a6345fcc30514326eac9f79d71c33bd0c61

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                168B

                                MD5

                                52f7c06e8474dbc9a0ec05b9e0b258a6

                                SHA1

                                6cf04212bf63e15138699393f3eff475b3e7f8bb

                                SHA256

                                4b7549b0137b207ca5397de8d86196cffc281aff1607a2cf6978f8253d16ac2d

                                SHA512

                                10af12e4571583d93aa21d4a2fe8af39e53d289b1be8aced8959042d26ab6d6a2b9fe2f841e0e37896ba26ad6763315cd8fe198d41646f2862b69f7055d011d4

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                120B

                                MD5

                                aff5e0d6907f1a3c1249bcdfe9143972

                                SHA1

                                ce54838271777360368306d5e032b2fa5ea1bd40

                                SHA256

                                72e29e6e0ad89baef5c247f4f072777ef82893ca324c81935361a2ecba149fa9

                                SHA512

                                91a321fdec0358bd06e379e629030d3a4ba806921a6a8abc7ea7228661b3cafd4de35bc742d906a997f05ec08e4e5aab8605a7b2bbe06e5a1ac88e23f068d6f5

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                5424bba13f19115922e1291cdced0097

                                SHA1

                                e5c2d49f9b04993281900e378d4d1e076712f726

                                SHA256

                                3b3a04a4d226c347c043be34007f97090a9ebe81165c57465c028aa681ed1090

                                SHA512

                                46aabc59e229c7cb9bfc1f8f1eefba8ebfeb3cc42746d0e5268d97d12e544cd84d4159b743bc600c320b4b006c408b6b79d37c5724e1e9e5c0ced715321ee5ce

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                878fa98647213fa73b8c6e6550f52790

                                SHA1

                                d9bd7fe91646e3637daee2ae2ce42602cd79fe74

                                SHA256

                                93421ee0fa13849890d57be7fa036d9cb994bb7cc7af6cdc12b1d4dc124f3c22

                                SHA512

                                deecd595714b95b47b2cd3293cb719b8b702a5e9fb7888a274ed78bb7cf41f5ef6762004b733e13c800da8817a5c04b43d11b302800ff60cdaa30e922f8d68cf

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                7c8e97d5efab42d082b0632574953990

                                SHA1

                                4db8435f32006f8a10ba5cceac826d6603ea4a95

                                SHA256

                                b9c3b5035d01389cc0594fa33a8fac1a191bebe0f41a69ce9aef973033d92e2f

                                SHA512

                                a112c1fd6b3a29967ab9cb2ad296045314655b121dee07f0d7f64bc1d20ac7fad050cba4784fe900bbea330de43e05595611c0801601a14f5e1f2372ac7b03bb

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                fc42a7b0802b498c9f1a25a23b9c3bc7

                                SHA1

                                ae7de86c7680931e2e7b9e9d695d3b182363edbc

                                SHA256

                                18c85597ebc66a8a25265350118cf2ebc29e0e5eeb175e0dd783a02554866194

                                SHA512

                                225b025e4858607addf0bbdf26e45eaae51e5a09e1c594442023fabe204ecb3de16b9503a60b98cde1fc89829fa80cdc9d4b440984d46998ce5a363e94be94e5

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                7277348b3feef0e81df57c1b7825da6a

                                SHA1

                                65a17c2a42894bd04c7bd2fedeb36e74ec36dfb3

                                SHA256

                                68ce7154a1ca1e959de823b16d505c33ad18a115bb3bd6495f11eba3b3f625af

                                SHA512

                                caed45c563221566ff9269fa40c345f4fbcdbeeb12a3a9707434fa9d6738edd3dbaf04b68326fc42dbf9c0b46b4cc465ddcf078b11df05ba74b05da827d2efc7

                                Download Submit