Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

832c9596a9...8.html

windows7-x64

3

832c9596a9...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    832c9596a9c07714c06646d89a83c4b2_JaffaCakes118.html

  • Size

    133KB

  • MD5

    832c9596a9c07714c06646d89a83c4b2

  • SHA1

    47942f1b2e6e36a90f316a06bb0a0bc0bf5420bc

  • SHA256

    ebe1f4d32cf7626c103805f9eb245d7cb1803c8bed3b4a6c758dcea0171a31f4

  • SHA512

    de3ac23d43305b7dbdf5bd4a2298ec8eadf25990e49ea91403bc66a8172721bd4ea372e034435005c957c4b2bd39b6bbe87b4f9b355a83123a8110d701247456

  • SSDEEP

    1536:pbMjw2fMk1D3O9Pj2fckAoHAJxNL3RROuuwcZwjPT9p:sRgrLbuwp

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\832c9596a9c07714c06646d89a83c4b2_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f5d46f8,0x7ffc4f5d4708,0x7ffc4f5d4718
      2⤵
        PID:4604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:2688
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:4608
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
            2⤵
              PID:4416
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:2104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9847823229631846453,14543388714706391105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:408
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:3588
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:5056

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  f424846d13eef75a8065348e647b5c3a

                  SHA1

                  be8a5c387e75f166f933402aca3f6e6f2129e4cf

                  SHA256

                  40be99629f284d8f3b43c24811b93d372757306f37adbaa90e785ff2604f52cf

                  SHA512

                  ffb2097c52a3baf18361348787dcb92cd10da54a25d85600184b0182d50f08420d91ac031141871868602ca788cd0eac66e302e8ecce220b2f707f8741e3d178

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  6c3a0da38ed31721bf66a6e7519f300a

                  SHA1

                  db05166b0c96c42e4f89402f1eecb0ce00c5ff7a

                  SHA256

                  e13bc70f7eee42221ce6f2ebe017538484dbc6ec1059450cae7c579dcb8e6199

                  SHA512

                  c38a4e591360ae323d9be207ce2af8375ce3797bd16c3da2b8ed96c480d64fd1fd3062b1cd178f7be2f01477b68fa3404c021903c51abaecc90881f96bec76f6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  c740bf877796c663e8938b97481d0e7d

                  SHA1

                  cbc1694fbc344338edb8eeff556994a55372b369

                  SHA256

                  231a94d8580e1aec522d738ab71a1bf1fd2d811cb03dcf134929702d32e2aaef

                  SHA512

                  a2d1578da8e6315f26447a3dd9e61d807a3e7fd3e2233a71134ba4d67f20426d2130f59c9ae499908a8793325864f320536abbfbba81c7b8b3af6add8f47695c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  3eff4abca78f8df864cdbd0632d28f60

                  SHA1

                  0f4c1a743e5a04ca6891661125f30e0b0975c9de

                  SHA256

                  388d89d53b9a2ea7d9322133b9a63c9f10b88c3c07e2719f65fd0cf845cf2c8d

                  SHA512

                  e5f90fd473225c86ee448abec7466f82c39ce15f631f6da475268bcdb65ca3af6ab3fc6624ed2a8750b7c3add0a0ab9f6e8eb7071615e7e6ec28352f33298ec6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  afb30e772718e0a7d410465aa2c0e3e3

                  SHA1

                  d8a17e655a503d2aaabaf1698489885e424faeed

                  SHA256

                  5d9f6fe57b702ab2c0185b99da051993fada3affcf0d229b328dce7fb7e3e041

                  SHA512

                  56bd5acb92ee8332be222f3a71ec3369a8e98ff44d5ae2106c85c24d57d0b01f79e37aa1d2b113c23f01ebfe0a8c214e5068bc640896c699416ff58857345d78

                  Download Submit