Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 14:38 UTC

General

  • Target

    b405b7e9e0444505c6a342f8940238a1_JaffaCakes118.html

  • Size

    37KB

  • MD5

    b405b7e9e0444505c6a342f8940238a1

  • SHA1

    0f0185244dcf815dd34329cdeb71a41984795878

  • SHA256

    aeaaad363bb5bd151edecbf0ddb4b7d286c7c3c4d2c1c96f45dbbc203461be99

  • SHA512

    725d3afd86d07e60c7194b66fe3dbaaedd7460a5b02fae3d98668ca43fff636ea0fcceecb75c0f0ac422dde4af02b323e441ea8e777a3f090e54f14a3a5e46ea

  • SSDEEP

    768:+/qmAs6LiypowQBa9cPSBeyM1ru1rf1MG1rpqO1rq1x:+/qmAnityQr6r9MirtrGx

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b405b7e9e0444505c6a342f8940238a1_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
      2⤵
        PID:812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
        2⤵
          PID:2116
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
          2⤵
            PID:2284
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:1516
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:4928
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
                2⤵
                  PID:3196
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4404
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                  2⤵
                    PID:4540
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                    2⤵
                      PID:4408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
                      2⤵
                        PID:112
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                        2⤵
                          PID:4764
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3913934720299613963,14523298756334585171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3220
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3200
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1548

                          Network

                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          • flag-us
                            DNS
                            www.altinbilek.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.altinbilek.org
                            IN A
                          No results found
                          • 8.8.8.8:53
                            www.altinbilek.org
                            dns
                            msedge.exe
                            320 B
                            5

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                          • 224.0.0.251:5353
                            msedge.exe
                            510 B
                            8
                          • 8.8.8.8:53
                            www.altinbilek.org
                            dns
                            msedge.exe
                            320 B
                            5

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                          • 8.8.8.8:53
                            www.altinbilek.org
                            dns
                            msedge.exe
                            320 B
                            5

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                            DNS Request

                            www.altinbilek.org

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            ce4c898f8fc7601e2fbc252fdadb5115

                            SHA1

                            01bf06badc5da353e539c7c07527d30dccc55a91

                            SHA256

                            bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                            SHA512

                            80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            4158365912175436289496136e7912c2

                            SHA1

                            813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                            SHA256

                            354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                            SHA512

                            74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            8e09a8e24a2b0dd1a60a08d011035fc0

                            SHA1

                            f1be9285848372d6834825ac9027b300241df526

                            SHA256

                            1ce5b633c5f1afcc742148842563ec0bfaaa9b0ed88cb8fa6ad1ae8f077a5cac

                            SHA512

                            5a4b6dd159d1319b1f1915d471018811c3195db173876a23d2e8e006107924d37b5799ae925f5a1c1250d38eb218674ed1d8cf72b0bbe9563474b68b8387d3c7

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            32ffaed4a14d478516aa1405812d23fe

                            SHA1

                            815158c92bf667fce6051595817e1c88e8b19596

                            SHA256

                            2d2125e9c736adbbb208a83660b65000a0ce05a61fe6e8dbd69ce437891eb0e0

                            SHA512

                            f8277cd4d759f34e62167018ddcd54b0c818a356b1da42df69594dde7bba115d742ff610cff04e770b577268882173dc6bd78af12e3783b4f1069c7b98e9bef4

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            8KB

                            MD5

                            9d5f4439d58802863d4de72982b308d0

                            SHA1

                            de22b00942dbc34ad903adaf2af382387550ce60

                            SHA256

                            9d33a40792f14033300386400e369d387e936dfdfb20d27d517e1ec169d796e7

                            SHA512

                            0787f5fe117ccad69b33878a1e3411fe74ac1b70e2925392367a7a9232f1b20a3f4fc63c502a1303a6e1e0ae78313a044b00967c3636c8fea2a37f557e292c23

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.