Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:44

General

  • Target

    61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html

  • Size

    14KB

  • MD5

    61b68da5b476edc11886ae0a0e72833a

  • SHA1

    dfd9f50534fe361967c7570376a2d35d038d56a7

  • SHA256

    f27704a1153d2f9fb11e2024e3778c1c863620379035513d67f84bbd4bb5dcd3

  • SHA512

    87f4c9dea8a36c6949a21e0f07c919eed55378f9ecdcb01b18a97a82443f29b5d7304e01dfb5d41e2ad0f453d311979a48bfe8b56fe8f88af14e41b5ebf12fa6

  • SSDEEP

    192:EI1f83pIwjZBRfDYX97qRHma0n79/MGd9gmGRw5XnSQsW:EIf83pIGZBRfEN7GE9/MGjgmGCxSe

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f3a846f8,0x7ff9f3a84708,0x7ff9f3a84718
      2⤵
        PID:4212
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:2072
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4428
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
          2⤵
            PID:3940
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:4400
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:3788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                2⤵
                  PID:4612
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                  2⤵
                    PID:1064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                    2⤵
                      PID:1776
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4852
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
                      2⤵
                        PID:3924
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
                        2⤵
                          PID:2032
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3148
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4904
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2932

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            584971c8ba88c824fd51a05dddb45a98

                            SHA1

                            b7c9489b4427652a9cdd754d1c1b6ac4034be421

                            SHA256

                            e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

                            SHA512

                            5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            b28ef7d9f6d74f055cc49876767c886c

                            SHA1

                            d6b3267f36c340979f8fc3e012fdd02c468740bf

                            SHA256

                            fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

                            SHA512

                            491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            709B

                            MD5

                            1a27631ffc1c45d988ac6173a32e066e

                            SHA1

                            03e444d4d8a56c3b50e3a36d772dd95172370183

                            SHA256

                            8590f847341c534a82699265fa84c1cb66dad8af8bb7bb3fd3a312212a1e0b85

                            SHA512

                            028cd21c8cba2125778c008f98dce84e5f8edce320e2dbd54e71fe112b2de21f7f2304684048c2ff27591224f7ae9b05681cb35ae85e3d2ea40994417f2b72e1

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            b9e142fe565af8193b3e4afcb5192627

                            SHA1

                            9f61886db756c32771ff4d3e640df67ca175cdb4

                            SHA256

                            12cda18eb01caa3a941de43221052bb6f1f2e9f68aac83bbf90d8c6c78335c6f

                            SHA512

                            8eb432e9857243644cb822ce461a1034d29f16d077451083b98c543398202592396ab38949574531b4aecdb602fa3e5ba8404d6a534fd91c8b07fb3d7b636596

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            daec484eb29b63f79b813d64cc2663a8

                            SHA1

                            fc359cfcd16b2b3f6d39b4903a20ba52a9f71779

                            SHA256

                            3e1b2fa04ba4e631dbf3ac75a62ae7ee50866e337bb83906d460086abe298a19

                            SHA512

                            588c477b79c202be7d953837e64e8d65877ef4d0f13cc4205fb5e933359addbad8da8a66e69943398b21333f57fbbb7663e320bf9b0866e64752702745032d10

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            12725bed9fb317fd5d6e5e3f26fe675b

                            SHA1

                            e2c6a69ba75bacd4b59a6d84deb06eeac9b58d33

                            SHA256

                            3e458a0da23e0ccd7203311fb8cda1634dfc764fd181600ea0f1a725185f1577

                            SHA512

                            4ca63c30b3ee82db564d275f30a38e2d09b4cc10a26107439f213dbc425f6e9d20286031362b83e8e9dcc0dff65b94d0fd1da6c3595f190d9dd71401cb2afb4b