Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/06/2024, 09:11 UTC
General
-
Target
b2b8b085882fca5135102bad520fab87_JaffaCakes118.html
-
Size
26KB
-
MD5
b2b8b085882fca5135102bad520fab87
-
SHA1
2376dc58799a3525cd3cf41cec29c01d18015f63
-
SHA256
54c71e4c3bb40ae25346761728a822bba6f18dd4d8142b53e67214bea250f279
-
SHA512
df9ceb0ff209ac73ced1dbd2aba721ffe1cc4ecbfec0eb9cba9a237a824344b3aa36da05fb68764683c5d21a77f5fe818f14d5ac2e63f2dce92c3c5e393af6b5
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAILOaKMc4YE08SIP6p1zUnjBhwZI782qDB8:SIMd0I5nvHNsvsVxDB8
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2b8b085882fca5135102bad520fab87_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb846f8,0x7ff80fb84708,0x7ff80fb847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11678091836898044720,11166214834270152557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR -
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNSt.cnRemote address:8.8.8.8:53Requestt.cnIN A
-
DNSt.cnRemote address:8.8.8.8:53Requestt.cnIN A
-
DNSt.cnRemote address:8.8.8.8:53Requestt.cnIN A
-
DNSt.cnRemote address:8.8.8.8:53Requestt.cnIN A
-
DNSt.cnRemote address:8.8.8.8:53Requestt.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSwww.googleadsl.comRemote address:8.8.8.8:53Requestwww.googleadsl.comIN A
-
DNSwww.googleadsl.comRemote address:8.8.8.8:53Requestwww.googleadsl.comIN A
-
DNSwww.googleadsl.comRemote address:8.8.8.8:53Requestwww.googleadsl.comIN A
-
DNSwww.googleadsl.comRemote address:8.8.8.8:53Requestwww.googleadsl.comIN A
-
DNSwww.googleadsl.comRemote address:8.8.8.8:53Requestwww.googleadsl.comIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNSimg1.jiehun.cnRemote address:8.8.8.8:53Requestimg1.jiehun.cnIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN A
-
DNSwww.jiehun.cnRemote address:8.8.8.8:53Requestwww.jiehun.cnIN A
-
DNSwww.jiehun.cnRemote address:8.8.8.8:53Requestwww.jiehun.cnIN A
-
DNSwww.jiehun.cnRemote address:8.8.8.8:53Requestwww.jiehun.cnIN A
-
DNSwww.jiehun.cnRemote address:8.8.8.8:53Requestwww.jiehun.cnIN A
-
DNSwww.jiehun.cnRemote address:8.8.8.8:53Requestwww.jiehun.cnIN A
No results found
-
8.8.8.8:538.8.8.8.in-addr.arpadns
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
-
8.8.8.8:53t.cndns
DNS Request
t.cn
DNS Request
t.cn
DNS Request
t.cn
DNS Request
t.cn
DNS Request
t.cn
-
8.8.8.8:53img1.jiehun.cndns
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
-
8.8.8.8:53www.googleadsl.comdns
DNS Request
www.googleadsl.com
DNS Request
www.googleadsl.com
DNS Request
www.googleadsl.com
DNS Request
www.googleadsl.com
DNS Request
www.googleadsl.com
-
224.0.0.251:5353 -
8.8.8.8:53img1.jiehun.cndns
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
DNS Request
img1.jiehun.cn
-
8.8.8.8:53hm.baidu.comdns
DNS Request
hm.baidu.com
DNS Request
hm.baidu.com
DNS Request
hm.baidu.com
DNS Request
hm.baidu.com
DNS Request
hm.baidu.com
-
8.8.8.8:53www.jiehun.cndns
DNS Request
www.jiehun.cn
DNS Request
www.jiehun.cn
DNS Request
www.jiehun.cn
DNS Request
www.jiehun.cn
DNS Request
www.jiehun.cn
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5020c40066e9992d7550aab215847ca79
SHA12df9ff4e3b912200c42bc22964e17fe37d77157a
SHA25609245f57c3c37c0836eeac0c98bbdd1f37d293ef0a596d2c513b744d481d6cb6
SHA51253cea8041e920324f18589b1328247667f906c67aca5cb25bebc436df3e431275d7d094a0b4448ee0bfde4753dbce7ec356fc87cb0fcb659307fef101fdc5c19
-
Filesize
5KB
MD5cff6f0af20c0d5b058e7c5dadbe26637
SHA188b5b07c27652d0100e969efd3519e51ebf374c7
SHA256e9dc5de474110819049f9c2750f76c5ee74a05285b78dc1bdf5746345044eac1
SHA51277e75222621c6a43dd682a76815693d624250a8b7bc22f3aa1962de93235b00dda6000ded0906ed3b4bbb26e192f0f676abf2233933f38504ccfdd0c0e6fd5b1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5a43966ffcc0d20809020a21a6cc334d0
SHA1e856f23162ef0bd84a823af69a7cd81ef3c1a81c
SHA256619123b1fd77bebc0606e450bb40afd200fa46d5ac62ae4c32bb9f811e00ca00
SHA5129abdb13109af79b703fadcbf0a7d983a1355a2e89665da633ba91a94012f0e8b3c818212e2e10c1f52204745182f263aa6329fdea074df02f8ad12fe431a49bd