Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

82a0daf5c2...8.html

windows7-x64

3

82a0daf5c2...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82a0daf5c2f9235d3e760b89792b8c38_JaffaCakes118.html

  • Size

    2KB

  • MD5

    82a0daf5c2f9235d3e760b89792b8c38

  • SHA1

    a47cf6f613804f822f57a5ff892f1706d598d817

  • SHA256

    a26a9f4bbb8f428485d2457ba725f0f4de574af0e753820fe394afdc0c0b11be

  • SHA512

    aa11c28353af3a1acd78ccfdeed331f2e9521547e7a3e955f65aa4dabf5a6f8a2d310d2a3511303f679e868dc0e1925fe58c8377a91bdfbac4a2a3e85f614076

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82a0daf5c2f9235d3e760b89792b8c38_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaa1746f8,0x7ffaaa174708,0x7ffaaa174718
      2⤵
        PID:716
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
        2⤵
          PID:2360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2664
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:3156
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:1920
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
              2⤵
                PID:3232
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
                2⤵
                  PID:400
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
                  2⤵
                    PID:1424
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4004
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
                    2⤵
                      PID:1484
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                      2⤵
                        PID:3648
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
                        2⤵
                          PID:4516
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                          2⤵
                            PID:1048
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7386657220030569530,10752516361749466514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4920
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3220
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3224

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              8edf5aee848362b3fa4c7102382947c3

                              SHA1

                              0ca71672592fef3c37dbf92a155d747c927b433f

                              SHA256

                              16594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d

                              SHA512

                              a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              78d53c4ecb4f237a195804abc28ebb1e

                              SHA1

                              5b036abe11431d0c164cc5427aa7eaaa2d8d1580

                              SHA256

                              b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847

                              SHA512

                              90c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53ee1a7b-a816-4d49-8ec4-7a615eaa084f.tmp
                              Filesize

                              6KB

                              MD5

                              0f473b17d8ce5c2ad270245e8f5bb010

                              SHA1

                              26fec0d9c4778a0ab0a5f9d2b1d84ca893aade1e

                              SHA256

                              a496cc6d91777fa8565072fbab39ca008f2f2c0152d1b552657b852fb20b0d52

                              SHA512

                              0ad4deace759e24c40b17d6db0d3d90959655598e3aac30fd89d9dfffa3a45ace80a5601b280cba575ddecf5f6c21e9bc521f30f8a05266cb2883f5bee1a2bd3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              396af56cebd47c3a9e5ad0a570e1e0b4

                              SHA1

                              69d55c68f8d75bc1cb2713a6fcda73fc0b6ebc5a

                              SHA256

                              a61d4c587048dd32e97d1b8a891450f2eb7d828b49cae9c5dce03233dd9ab296

                              SHA512

                              dd7cf3fd5c8e9785e30291b1f6fe618acc263ffdf7ad09f5fa7dd83ba67e527208a0f138cb0a17eaa43386106c2399933b4d1ba7d61a52bf25418f75c095e61e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              787c11cd3199515ec6806f866451a871

                              SHA1

                              f85e1a6cd0024f89c78013ca72676cd8d47d4b30

                              SHA256

                              10ee8b5f3fc0a6ca42a145ad50fe64f43d6569f329995d02b1cc5c0e7672237b

                              SHA512

                              7bf77feec3e09d3f5018d4c73e64f9a3436adbb8c32282fbaa29dc82972c9193ff83fc38fc8e5bf4f0c12e9f95dc51fd86dd42dbc563b5fd6ef9e574b8f5c6ce

                              Download Submit