Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 08:07
General
-
Target
2e2698ddd1ce9024c0067db3d1f0daef_JaffaCakes118.html
-
Size
28KB
-
MD5
2e2698ddd1ce9024c0067db3d1f0daef
-
SHA1
30cf7c38cd84e26656e3bcb006325bf6e98d65bf
-
SHA256
f907fc40c8486ffcce729fdda84022a0b9daf7dac228b3de8af2366dee68bf23
-
SHA512
d88d8ef801f647faa7c2cc7ce7c8991c2dc2be7c4c4b476cc556e1c3b5ccdf4b41fe34c3927100a7368b10dabbaa2edbf6fd7603d0670b3fca4b2fdca4cb8938
-
SSDEEP
384:UyBAK4uuk5JnlaQQeks2IUBIlwI0bIOiI0NIzcI4XIeCJl0hBWBMiz8:UyBAK4uX5JnlaJe32BxJ4vXfql0hwtQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e2698ddd1ce9024c0067db3d1f0daef_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa5fea46f8,0x7ffa5fea4708,0x7ffa5fea47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4507727377003275652,12346405825628466106,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD558c1bb3d329644dad63965a170abbf84
SHA1f417ddbe1bdd8ec0d7390cf267092d1680a33c0a
SHA256ecb044b8269e738c9b9e755ebb5a32589897f40bc601e4d2328f9f3cded32d83
SHA512d6788c4b7279032d7bf90e3a3c6a294db2e436e0c3eef5cf36746fc68ce47cf95981da2029948ae44d7dec75692c077fb102205b10c8b1809d30476933946538
-
Filesize
6KB
MD55bd69faf9732f9c4e4f7167a1e6c8741
SHA1bb23e9a1027d2748660179345da66c60c87d14d0
SHA256c2f5102033e1d9346a940cb4b19701aa2b3d7ee43a023c6b1d223126861391b4
SHA51291b9278908ee6abcc4feecaa810a321f010dbb4e7f665c0f979c75db082e935c9227cc7bdf87c21c13305de315b38898f0183ef85809ec7cc582f6b03dbd771b
-
Filesize
6KB
MD51b8b33aac114a79edc5a64f93930a3a4
SHA1111e3a6d8e3db5f06ad5655682e6ca0a758051b3
SHA2569c59c7b3efe0e41887b06453111dee004141ef55fde7dcae3400b75c543bc2b0
SHA5120d59a869d914017a25eb0bafd218165734576257cf4bfac9329e997b9119338366302448191643c38488ea2a4814776ad87503a7db0086d309fdf40e983c1ccd
-
Filesize
11KB
MD5ab7e384efef94e129c24729c0ed6be70
SHA1d7575a5b262c02ded93e8f20e19b822302c45d04
SHA25696d00b9577c8e1e8d9ed20181ae6166f33368754bedc3b328377507f974c0cf0
SHA5120b2715f1d87dd636d0e7d7a0ec7a2638d7b6707399e8cacc615a266bcb7e72ff3e0a6801546c3550c8ff75a93e16aae46aa729ad60f3ea13281e6741fc09a3a0