Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

a7e20f5077...8.html

windows7-x64

1

a7e20f5077...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 03:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7e20f5077dccf2de7815f3c846c48dc_JaffaCakes118.html

  • Size

    38KB

  • MD5

    a7e20f5077dccf2de7815f3c846c48dc

  • SHA1

    d0ec53c4bf6560fd2bf68102ae8ee092a8579e8c

  • SHA256

    a3908f88d2e742d540189081fbab224594fe389f633680d920bfdb6ead906792

  • SHA512

    7dfa9998a82b26bb0c7bc0f11556630d5980e78839bd6747414c62ad00e22aec7dc85b4620296ce0b7af8f53a4eee1d3c543b735760c08331aead8732d422f77

  • SSDEEP

    768:Y49IN632SBca+Khy90rwhjfqozTAmRsUKz4v7COhhimIdFOTXPz:19063N80rwhjfqmzz

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7e20f5077dccf2de7815f3c846c48dc_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
      2⤵
        PID:32
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:4100
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2752
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
          2⤵
            PID:1820
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:5024
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:4248
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
                2⤵
                  PID:4380
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                  2⤵
                    PID:3956
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4580
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
                    2⤵
                      PID:1088
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                      2⤵
                        PID:3932
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
                        2⤵
                          PID:1396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
                          2⤵
                            PID:2740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4788
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1240
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4088

                            Network

                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              8.8.8.8.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              8.8.8.8.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              www.youtube.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.youtube.com
                              IN A
                            • flag-us
                              DNS
                              www.youtube.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.youtube.com
                              IN A
                            • flag-us
                              DNS
                              www.youtube.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.youtube.com
                              IN A
                            • flag-us
                              DNS
                              www.youtube.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.youtube.com
                              IN A
                            • flag-us
                              DNS
                              www.youtube.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.youtube.com
                              IN A
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            No results found
                            • 8.8.8.8:53
                              8.8.8.8.in-addr.arpa
                              dns
                              330 B
                               5

                              DNS Request

                              8.8.8.8.in-addr.arpa

                              DNS Request

                              8.8.8.8.in-addr.arpa

                              DNS Request

                              8.8.8.8.in-addr.arpa

                              DNS Request

                              8.8.8.8.in-addr.arpa

                              DNS Request

                              8.8.8.8.in-addr.arpa

                            • 8.8.8.8:53
                              www.youtube.com
                              dns
                              msedge.exe
                              305 B
                               5

                              DNS Request

                              www.youtube.com

                              DNS Request

                              www.youtube.com

                              DNS Request

                              www.youtube.com

                              DNS Request

                              www.youtube.com

                              DNS Request

                              www.youtube.com

                            • 8.8.8.8:53
                              cdnjs.cloudflare.com
                              dns
                              msedge.exe
                              330 B
                               5

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Request

                              cdnjs.cloudflare.com

                            • 224.0.0.251:5353
                              msedge.exe
                              449 B
                               7

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ce4c898f8fc7601e2fbc252fdadb5115

                              SHA1

                              01bf06badc5da353e539c7c07527d30dccc55a91

                              SHA256

                              bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                              SHA512

                              80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              4158365912175436289496136e7912c2

                              SHA1

                              813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                              SHA256

                              354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                              SHA512

                              74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              ba5ef24b9fa606c735564ee0b6159f45

                              SHA1

                              6e409b5447621a895ac4f75e19acbe6744a43e44

                              SHA256

                              16f25848f27591a039cc88b243abd0732ea4b14ad894d15a29f0f2df94db241f

                              SHA512

                              514685c24abbf2089413fbd206589fc9ddcd5e9ab3d687d82f2f070382b8c13795124631e50e620026aad3a3860ab155ba2873eeed52a4d56218d5f5ad9be633

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              418ccf92938dd4c65b3a2a9b3868389d

                              SHA1

                              fc8e59f8cc8f2f1b7f333baf8ae138aaa1379cbd

                              SHA256

                              820eb7f2af0ff0355597c776f43b06d391bd1e31162eef7f5c49d08d87cc5db5

                              SHA512

                              496cbcd0c487ab699fe60d5f1474c6d9716959b1803784fdb00dcefd72e82b15b9b11faa750513516a1c29190b85eda54ae840710ec73b73b09df40fe1accd53

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              8KB

                              MD5

                              eb8cf636819cffea6f54a5edcbf4f4ba

                              SHA1

                              5565a90ef389e83ea763c2b81204188a80650191

                              SHA256

                              2c541b921a682d63ad818e50ac97ac1aa44ce5d08553e0a6720a0d2ceabec863

                              SHA512

                              ca45f3f2e938a06d9b24072d61e84970c637c0e02a57ccc5d232c36afce749d13b537eedc37f8d5af275d928398e1f3093e5a2a82e2e209672918ff1a02a5a12

                              Download Submit

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.