Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

48e43eefb3...8.html

windows7-x64

1

48e43eefb3...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48e43eefb3647ea5e40dd9e21f472673_JaffaCakes118.html

  • Size

    39KB

  • MD5

    48e43eefb3647ea5e40dd9e21f472673

  • SHA1

    bf7e9bb76aa01ebc40debacf7aeb0ef485d3e7b4

  • SHA256

    ef2543a45505b5e507f4a4b12396b0c23ab88a69a72d73a791dbb80bd018922f

  • SHA512

    049bc92241b670022029e77fe83cb384b2a6e1293aeef28915daacb5be2359c32b2a5c7dd7b6899ca9e572c45b0b4b2fdd0ee2502e6405d9aab4448e4f0ac42b

  • SSDEEP

    384:Sye6CfiAW3Z6k0JebeYetede5eRezhedjRdYSctShqGq0snsx:SoCKPxDYBnsx

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\48e43eefb3647ea5e40dd9e21f472673_JaffaCakes118.html
    1⤵
      PID:4664
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2364 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
      1⤵
        PID:4440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4844 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
        1⤵
          PID:5060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4272 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:4660
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5704 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
            1⤵
              PID:2592
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5552 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
              1⤵
                PID:3732
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5540 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
                1⤵
                  PID:3940
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                  1⤵
                  • Enumerates system info in registry
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:2004
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffc9b282e98,0x7ffc9b282ea4,0x7ffc9b282eb0
                    2⤵
                      PID:2964
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2292 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:2
                      2⤵
                        PID:4428
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2468 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:3
                        2⤵
                          PID:1680
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2500 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                          2⤵
                            PID:2024
                          • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4296 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                            2⤵
                              PID:3916
                            • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4296 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                              2⤵
                                PID:1132
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                                2⤵
                                  PID:736
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4084 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                                  2⤵
                                    PID:4920
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=2296,i,3340143979943525074,18244143035413658960,262144 --variations-seed-version /prefetch:8
                                    2⤵
                                      PID:1516

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    280B

                                    MD5

                                    6832fe3c3ccf98765cc81b9106da6f3a

                                    SHA1

                                    77eb21d5755326736e9635634d73813d2e65e8e9

                                    SHA256

                                    55ec1107d1bec0835cef30247aa286dd962be57ff7f2747bf0e1b7106716fce4

                                    SHA512

                                    c62ed2ff60760a2da416792013ce51bddb7ddf5086f415f75b291e98b39d76658ce1b96433568053ad3c386ba6c3def190cf4c8bd00116bc2a6d2ee6e67c13a4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    250727005b2dd5202795a575a5503c01

                                    SHA1

                                    ad3d112eba4e0dfff0541864cf84358ba1cabe71

                                    SHA256

                                    44c15474db74e63434f560223667624609067d132e21e446a882266f211ea97f

                                    SHA512

                                    f819875236e9ce621dbdf8123da7dd32a88eab2c89296f79cf906687a8611f4c1f342b49828e82a0c9dd391f56fd7ca4503fa485aa65d6ad8b2a7ac97b9b8082

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    3c929e4ef5f4c83fae1b94aaabe7e9d2

                                    SHA1

                                    e512412c3b88d20b52b3bf71f506048762a2179f

                                    SHA256

                                    93e2c8efbad94e85bc8ffb73e2a448e4a78678643678af1e57d9a3e9bbb9d718

                                    SHA512

                                    3598a8b91a9cccaab43ee3af5c113c86fa1889d8f628899c92fe68753317a986bf8810f3a2d69bdd2e0398a6ce5bb76c2bb1541d1eaf0daed081b18c1d50c24c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    59KB

                                    MD5

                                    a5bfad9a3f6a3dc0de9f1898fc808989

                                    SHA1

                                    8b4fcb23a0fd244efa8be123cb157813434393fd

                                    SHA256

                                    2d669e514c6858af9d713e9cca7993ce5735c3e6577ce8174f32fb27231df2ed

                                    SHA512

                                    1005fc2270feb02be1793c63b56c24cc78ae092209b61ad46fba0602ee849ea3b111582eac18a7ac295f412acfb966874d931c232e31e8c4b6a188bc6c562f68

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    69KB

                                    MD5

                                    47a878e53f3a1f113b2293f416366a29

                                    SHA1

                                    c5f4408f2f643ed630d42041d304f6fa5dd54397

                                    SHA256

                                    efdaf9d4f5bca7ae0e3c2ce7f5bc888079766c684ed61e729b12015219f68212

                                    SHA512

                                    b92a9a917a937396bf9528fcc180687619445d33fa7a2fcca4feae1c9582f0d2537cf1fb07aa3174f2b8da0d2cd64afbfb6555bdedcc709a08e6d230ce0abd38

                                    Download Submit