Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

327f3af904...8.html

windows7-x64

1

327f3af904...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html

  • Size

    18KB

  • MD5

    327f3af904e53eea88e486265e81e4b8

  • SHA1

    14cc23b62d8cd54b9df2fa1f55c66a03817b1a7e

  • SHA256

    6d06f369d3046feea550dad9ba22d9adb76866fe9bc5c47d24c9c748a53806a9

  • SHA512

    0978ecc9b9ded1ff558add902074371b32b8eaff0bc0827ad04d4bc4fa118140ebb5193084ea41d265b4916c357d26cb372e499e32da7ff07c57910f15eda674

  • SSDEEP

    384:q2riISPUi/LHID222riI9jm4RHgN4Vg20BM:q2riIo/joF2riIRm4RHgN4Vg20i

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:264
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb428446f8,0x7ffb42844708,0x7ffb42844718
      2⤵
        PID:2396
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:3360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
          2⤵
            PID:2920
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:1652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
              2⤵
                PID:3356
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
                2⤵
                  PID:4540
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3132
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                  2⤵
                    PID:1936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                    2⤵
                      PID:4656
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
                      2⤵
                        PID:2508
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                        2⤵
                          PID:2336
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
                          2⤵
                            PID:3276
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                            2⤵
                              PID:2196
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1920
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3904

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                2daa93382bba07cbc40af372d30ec576

                                SHA1

                                c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                SHA256

                                1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                SHA512

                                65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                ecdc2754d7d2ae862272153aa9b9ca6e

                                SHA1

                                c19bed1c6e1c998b9fa93298639ad7961339147d

                                SHA256

                                a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                SHA512

                                cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                450B

                                MD5

                                c16b935f2b947140a46939e6397aa55f

                                SHA1

                                409d5e0f8a33fdb5bac4d7bbec60e33cd88d8ad9

                                SHA256

                                89cf41abdb407655ace834fdc063c6a49c700b3fd790429adc8c6bf983e457fe

                                SHA512

                                3a3259671f672cee859c3b135606d9c914710770a8894e408b037aba71fc4ba5be5a4bfe6c0ba4fbf6703412982a8c5c391b29e124ff52ea2df1c76a4cf018cc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                98672dc241d00efa0dd17780cf01fedf

                                SHA1

                                4be7e9ae5c6ba7140fc732cfc256e66ae12afcbd

                                SHA256

                                b474bd2423070ee9c54668c1aae15dabf8e95cb61a4c82e872d033d27739c50c

                                SHA512

                                b87847ba0cb9d1bd9ed1fde622f39244ce0c21c76232d4ad602270167b9af61f029980cb348cfd42bd204e2e3cc647b55d401f107e0a9ab47b9c2a30e86c6c4a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                926169a6580297383945b6f3c9dc3afd

                                SHA1

                                a5eaf707d18054ae08d964978dc45076aa536785

                                SHA256

                                e1146442c8198707954881db24611abe92d952204d24339604d3e5952940d039

                                SHA512

                                1325bba863b67b51ded99e28daca849814da9207cc593f8c532c5e51b12c28a68aef214cbae76aac16a39932e6f61ad5e85c0bcdd687dda0040c9af1fb6b0c23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                b131b193f07698830583cbae68ff306d

                                SHA1

                                1dfa53b88b784d04c8343ff2387d89178fe8a970

                                SHA256

                                9abc06ebd9976c1637c5d1670275462c6487e19b6219f515e992e6b215042818

                                SHA512

                                7623cdc0a1ecd055bfe20b77115367cb8d223ff03ce8e44c80d1cb531ccd12d4731b4c104f550568702147287bf604fac3084f755db08c20de5943c25a6b06f1

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                12KB

                                MD5

                                6946b150dac2578a4ba3ade56c3b9aca

                                SHA1

                                a87d3a41ced0f973a5a46b2a81718984298ee625

                                SHA256

                                4673d5a105c036b2044bca1a0718a6d341ee512408996f50a175cb5cd86b4f77

                                SHA512

                                f6e8bcd07666c770634af486f05984e0f7bec817c7a36533279dc6e5e143b12300e3d2a5d823df3412ef2b2c262d3428d89ed21627e320d1b2f1514c80a86d1f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                311e7775e88f95841b03e8a38843a312

                                SHA1

                                9785970f01e0b834901691ab25b955d59b7bf60e

                                SHA256

                                905bbd08cbf5432b7b883f12cdd504908fdca34d9c7e04178d5e41d4e05c552a

                                SHA512

                                863962a2f41c7810651430b78d7658e1ca2dfdd635f2d5954639981f0990f63d2ab43e19647c55caa777658427fb6b25315cba5d57ef7ec99851c2f1aff34c17

                                Download Submit