Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

4100e61ea2...8.html

windows7-x64

1

4100e61ea2...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 08:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4100e61ea25c8a9941fb582ff1cc1533_JaffaCakes118.html

  • Size

    140KB

  • MD5

    4100e61ea25c8a9941fb582ff1cc1533

  • SHA1

    856468f7b555f1f87fa1882eec92c8451e6828f8

  • SHA256

    c251ec4a64321c8dac417f76dd0476f3427171a99803d49323fd3e446592d391

  • SHA512

    b748dcf1023c9aecd53cfb3071aedb6676171ac49c3ba54d49c243e50c8dedb945d40aed0bd0e8807231210ef753d98a2514b51c7cbf38ffb334b364672a396e

  • SSDEEP

    1536:pbMjw2fMk1D3O9Pj2fc/riHA8cGLuyE+cZNMMK0p:s5xXLTg

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4100e61ea25c8a9941fb582ff1cc1533_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4264
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2bd446f8,0x7ffc2bd44708,0x7ffc2bd44718
      2⤵
        PID:2096
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3232
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:2952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:1960
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:2056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5531779624397178446,13662191664714002284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2900
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:3980
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4656

                Network

                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.dual-a-0034.a-msedge.net
                  g-bing-com.dual-a-0034.a-msedge.net
                  IN CNAME
                  dual-a-0034.a-msedge.net
                  dual-a-0034.a-msedge.net
                  IN A
                  13.107.21.237
                  dual-a-0034.a-msedge.net
                  IN A
                  204.79.197.237
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
                  Remote address:
                  13.107.21.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=1E422F0EEC9E668B28823BB5EDB9678D; domain=.bing.com; expires=Thu, 07-Aug-2025 08:51:59 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: E56A309C930B49559E884514C11B8063 Ref B: LON04EDGE0614 Ref C: 2024-07-13T08:51:59Z
                  date: Sat, 13 Jul 2024 08:51:58 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
                  Remote address:
                  13.107.21.237:443
                  Request
                  GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=1E422F0EEC9E668B28823BB5EDB9678D
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=-sNl1oYg8DLrC4ju33Vp6jFJXpjUWmdmkkcJz68Ws6g; domain=.bing.com; expires=Thu, 07-Aug-2025 08:51:59 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: C68520C1ED6B43A0B1F1EFA5E93BC05B Ref B: LON04EDGE0614 Ref C: 2024-07-13T08:51:59Z
                  date: Sat, 13 Jul 2024 08:51:58 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
                  Remote address:
                  13.107.21.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=1E422F0EEC9E668B28823BB5EDB9678D; MSPTC=-sNl1oYg8DLrC4ju33Vp6jFJXpjUWmdmkkcJz68Ws6g
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: A12D78BE05A2468BAC6FBAA26DDCD346 Ref B: LON04EDGE0614 Ref C: 2024-07-13T08:51:59Z
                  date: Sat, 13 Jul 2024 08:51:58 GMT
                • flag-us
                  DNS
                  74.32.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  74.32.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  237.21.107.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  237.21.107.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  83.210.23.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  83.210.23.2.in-addr.arpa
                  IN PTR
                  Response
                  83.210.23.2.in-addr.arpa
                  IN PTR
                  a2-23-210-83deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  86.23.85.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  86.23.85.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  206.23.85.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  206.23.85.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  99.58.20.217.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  99.58.20.217.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.214.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.214.232.199.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.210.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.210.232.199.in-addr.arpa
                  IN PTR
                  Response
                • 13.107.21.237:443
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=
                  tls, http2
                  2.0kB
                   9.3kB
                   22
                  19

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2b41e41c531246fdb49f2abc27fddca7&localId=w:B52E0A56-585D-D389-649B-CAF68352C2EB&deviceId=6966568319188347&anid=

                  HTTP Response

                  204
                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                   151 B
                   1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  13.107.21.237
                  204.79.197.237

                • 8.8.8.8:53
                  74.32.126.40.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  74.32.126.40.in-addr.arpa

                • 8.8.8.8:53
                  237.21.107.13.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  237.21.107.13.in-addr.arpa

                • 8.8.8.8:53
                  83.210.23.2.in-addr.arpa
                  dns
                  70 B
                   133 B
                   1
                  1

                  DNS Request

                  83.210.23.2.in-addr.arpa

                • 224.0.0.251:5353
                  378 B
                   6
                • 8.8.8.8:53
                  86.23.85.13.in-addr.arpa
                  dns
                  70 B
                   144 B
                   1
                  1

                  DNS Request

                  86.23.85.13.in-addr.arpa

                • 8.8.8.8:53
                  206.23.85.13.in-addr.arpa
                  dns
                  71 B
                   145 B
                   1
                  1

                  DNS Request

                  206.23.85.13.in-addr.arpa

                • 8.8.8.8:53
                  99.58.20.217.in-addr.arpa
                  dns
                  71 B
                   131 B
                   1
                  1

                  DNS Request

                  99.58.20.217.in-addr.arpa

                • 8.8.8.8:53
                  172.214.232.199.in-addr.arpa
                  dns
                  74 B
                   128 B
                   1
                  1

                  DNS Request

                  172.214.232.199.in-addr.arpa

                • 8.8.8.8:53
                  172.210.232.199.in-addr.arpa
                  dns
                  74 B
                   128 B
                   1
                  1

                  DNS Request

                  172.210.232.199.in-addr.arpa

                • 8.8.8.8:53

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  6c86c838cf1dc704d2be375f04e1e6c6

                  SHA1

                  ad2911a13a3addc86cc46d4329b2b1621cbe7e35

                  SHA256

                  dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

                  SHA512

                  a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  27f3335bf37563e4537db3624ee378da

                  SHA1

                  57543abc3d97c2a2b251b446820894f4b0111aeb

                  SHA256

                  494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

                  SHA512

                  2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  ffe3ea187a17c83425c7a58b63c1c967

                  SHA1

                  9bdfee91d563a146d4b990869bb1b08aa2f66880

                  SHA256

                  780dbaf071416ff1cc29291ae4beeb62ef2c9b91d350291bc629a293c2d81f60

                  SHA512

                  b33a3567c951eb5c386924182d973c8ffdc16d21a4d14caf17f51b67be5d87adb716fe7bca586ab3b55452f9723640f5602b3258feabfe47e6abe5d3cb529170

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  5fbe36cd771b853138a055dcb9de8537

                  SHA1

                  e7787878c79bbf5f585e5b59afcacc6bd4f79d83

                  SHA256

                  d28434ed33479d48704e68c48fdb1051216630675d12f63262aa88451114870d

                  SHA512

                  d0f1816541aa7a77e368010ddda28887999f08ee6d6062eda9560be324232d510996df05fe7d401f738e89983bd548545c1bf7eafcebd1797d151e2a9e856046

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  11KB

                  MD5

                  ab8cf95dd95748d34289656ba16bad0c

                  SHA1

                  96c29a9227e37b72024d3999f8e919eff86e9615

                  SHA256

                  17eb341630cde898afd9502ae0a0a078d2f443291d0303d386b449c1bceddb93

                  SHA512

                  976f5ba9155742d3e54540cf982370fe5b871196cd1b2d16bede2f5a881bd9dfec61a047ee91a30eb58770dd7755a2d9816a1f608a0510e6eaec793273079641

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.