Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

ad9c9685e8...8.html

windows7-x64

1

ad9c9685e8...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html

  • Size

    56KB

  • MD5

    ad9c9685e850d85fdeba0a3b99005035

  • SHA1

    93d776559c688dea10bbf13348994d4ab684b4c6

  • SHA256

    cf3aa842a19fa30dbcbc21ba758daa365e659051bde272c668fb4250531a7b7d

  • SHA512

    b8c48999a4eafac8b91870a144808ad8ff66d0d74cd269baf820ca35b5c6b9b4f8a28b76d3166507a97bce1189f35d54814353b7059cbb41a446a21954b926c9

  • SSDEEP

    1536:YRRT9rCX7CeHAKsPbQJ1CPMeBrVjTRvRb8vFtNU02zArQJt:YRx9rCX7CeTsPbQJMPMQRZMFtaara

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad9c9685e850d85fdeba0a3b99005035_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8e346f8,0x7ffec8e34708,0x7ffec8e34718
      2⤵
        PID:1204
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:4992
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:752
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:1000
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:4604
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
              2⤵
                PID:1996
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                2⤵
                  PID:2276
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
                  2⤵
                    PID:3448
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
                    2⤵
                      PID:2256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2852
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
                      2⤵
                        PID:2032
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                        2⤵
                          PID:3628
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                          2⤵
                            PID:1300
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
                            2⤵
                              PID:2348
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11659956130130616515,7646106012077060614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2020
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2464
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2232

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                477462b6ad8eaaf8d38f5e3a4daf17b0

                                SHA1

                                86174e670c44767c08a39cc2a53c09c318326201

                                SHA256

                                e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

                                SHA512

                                a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                b704c9ca0493bd4548ac9c69dc4a4f27

                                SHA1

                                a3e5e54e630dabe55ca18a798d9f5681e0620ba7

                                SHA256

                                2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

                                SHA512

                                69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                Filesize

                                23KB

                                MD5

                                e1c71f7c04be834f5587230db2ad24b3

                                SHA1

                                f3bab9cb99d9f343bf7ed3981aaa7450515d2424

                                SHA256

                                9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

                                SHA512

                                205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                144B

                                MD5

                                e1af660aa1521b0520c17ebbe957d906

                                SHA1

                                a7766640ec91b79fea5884e027f5e9fe0bdb2039

                                SHA256

                                73df6db7e6bc489537b9e327a3ee5d703ea3b4127e74a25aeb2d96b3dd1d30e8

                                SHA512

                                05e51321e93a18804a35f6508ec125d559baf831df33d80ad1bc8bab39bc5841f6af31d013b2ee192c97e494bc14d78a32e9530c4405ae66d0016be73dc5b7c4

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                120B

                                MD5

                                3ac099b3f8010d3285c4612a1b9cd91f

                                SHA1

                                d418774d59962d08ac074fdeff4eb4c20c9535e5

                                SHA256

                                bd6179522212267b2197355a6a05fd834b48501ed354a7e5d362cc2f69bba0bf

                                SHA512

                                cdb455d75c366b9a13cf59d4467ba6e683ee12a31040088578468519c65d9040a85f606f15233961126b46a40ba00c7dfece7477c8db60f18ea711bb66bf510c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                0d9d46e9042cdd5b8b1bea150f82c3e1

                                SHA1

                                76ccf9768cbab4cfa1556ae3d07fadce538ed1a0

                                SHA256

                                a2da6c01cd8cbcc6b8df02ce6c440e1b0d7574ec41e50501b952815c696833bb

                                SHA512

                                9437488573f29b5da9a3ae7a3da59578630c9c66940f69fb8aee486d8299f90ec0b644c0d675101c0995bbd63f7cc7632b196ce07622c9233f87d053bb32b0f4

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                70c47a1f70de85d11ba8adee70bdaddb

                                SHA1

                                45acf5350991f7f235d77a8f974483ee9820739b

                                SHA256

                                d15c8b5b7161c91b20113e5acdcb246242265f2608c8115c38549195fea3a125

                                SHA512

                                ae5c0f7b328ec5190f66bd5b310f7f8a5066018c4a03f41589a12c3f6afec8999299ce6ea1ff09791f50de455e997223afa09471df65b702a99b902704f23845

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                697ce31ddf18cf2fa3b5634035f33ecd

                                SHA1

                                ff07a41584d24242014d35a7dd5b4ee9cbb92c86

                                SHA256

                                8ab3a6626ac63ccf8c17cd1ef8668f1f75bb744bf5ce15a0b30de4db76aaa17a

                                SHA512

                                f381e44e27261fb25088363a4d12b2b930368e7528546c61290ab7ecf6dd4b5556040762a9bceadfcb202df67d390dbc6554cd6ecfa8d1f2e6667fca9a7d6930

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                d2889b7c3c182f093fe3128aff753bc5

                                SHA1

                                137bfed5928b287c6724b50da90d1be616559160

                                SHA256

                                3d6b10d2aeac6a3e285b343739f0197c916858176faffb7b3609a2083ef4de2e

                                SHA512

                                b1e5a08f86ac513d38c0246503891dce2a835f4a36efe2191c7442635884ac9c5b4bbf030d10f2516919a16ec841056ee9ec7924083b3bf4cfe18489908ef221

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                4b7607bfb7ab520bd2b229ba4950f6d4

                                SHA1

                                145013adffb7f30886858d6397058fb46a3f1caa

                                SHA256

                                88b91d6a1418ec3fb49a546f52094b3e99bac0ac595fc60afc294eae26518801

                                SHA512

                                c1e1cf8f6afc49069152e60f51186fa846b96746d18ed8326aee6618acdad0c0800d7b9b0571eabd0219b9183580ca7448a790644afcf1e9d1a52c0d65fdc1f4

                                Download Submit