Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 14:25

General

  • Target

    c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html

  • Size

    75KB

  • MD5

    c900b724da3c8ddbc6a810b3c012661e

  • SHA1

    c64f92aeabc04426f663ba31b8ee1a522fb3a2d9

  • SHA256

    f9c39e8df004cde4b5dc174437b76aefbf577d4d80e5c0d20b7af31ea74d52af

  • SHA512

    f7f913afb214a89cb464bb69f6629f1057ffc9094bd1422b78ba2b0a01c40f1e0fe2148e050ac51def5df26f3f704a0742cf00b88da66acea63eb7dedd998c4e

  • SSDEEP

    768:h9+uuuLs9OG/J8mxZhcRCzA7iLrIb0BgB+enXki:h9+uuuLskWnxZhcRCzWWNBgB+enXki

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c694718
      2⤵
        PID:4252
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:1556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1064
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:2616
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:4224
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:4292
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                2⤵
                  PID:3084
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4680 /prefetch:8
                  2⤵
                    PID:4396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                    2⤵
                      PID:4056
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1516
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
                      2⤵
                        PID:4020
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4912
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                        2⤵
                          PID:368
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                          2⤵
                            PID:3212
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                            2⤵
                              PID:4492
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                              2⤵
                                PID:1576
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4264
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2356
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2512

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  e4f80e7950cbd3bb11257d2000cb885e

                                  SHA1

                                  10ac643904d539042d8f7aa4a312b13ec2106035

                                  SHA256

                                  1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                  SHA512

                                  2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  2dc1a9f2f3f8c3cfe51bb29b078166c5

                                  SHA1

                                  eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                  SHA256

                                  dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                  SHA512

                                  682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  497B

                                  MD5

                                  2ce123c1e02205b496b9b1955b17c69b

                                  SHA1

                                  22d7a616ad955eb404eac6ca5ff27319f3406fc1

                                  SHA256

                                  11f000dea7040c56c66d2b95ffe47b1b00a3a3ee246307abdca321f9998ed0b7

                                  SHA512

                                  844e8af24b3ed02d8555225a055d396c3ac4a0bd43a57db84b6a717b1b76241f84add1ad8d80d99f2780c6acdce5de710088ecf313f316ce5983816ec849d044

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  326bb3ed3972087724ca71e2d50ce09b

                                  SHA1

                                  f17373170ee52c3ab4ee5cb776aaf918bb796ba5

                                  SHA256

                                  a78d3a22be7e522d33f99df44332d1a66e197c7b56fabe7a34cf6903ccc2207d

                                  SHA512

                                  10bf84da8551a5d488c4415c18bcbff4871a29b35f0092ce05ce968979d98d781ce03d4890e176037958981af565b066e10ffbdb3023c8fee3e418aea723c690

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  ca7ce7ae93eff3e97fdcdc3ce15db098

                                  SHA1

                                  be7808df1266b09a022ade748265b3f33a071918

                                  SHA256

                                  8bdd8b7da6414d1eb803c7e6d6fe9204754b80a72c05a397c590f562dbf22616

                                  SHA512

                                  c6ec46923dc28812f4cd48e5fc9239e5fe2a8d77431f8f59c0e203a0e5566769a67a731cb9937bc7a29efc09a03d224ae0fde9ccd4b338e220584683ae36a58e

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  11KB

                                  MD5

                                  c51b35eefd59acdc93b09e9808cc1c97

                                  SHA1

                                  21e50fdcd668d27ebfbdcc2f21c8d8ea115bc4a2

                                  SHA256

                                  1fb048771bd0329526f5a9e1be21d1f26708e72a4244c4e00e71a5ffc1f08839

                                  SHA512

                                  ef558a4411f8d231d9ae1849a670e051b30a56667010dd15fbd93de295fd76093a7e733133fb8fb7cec7c2d763f6cf473b28f243a1887a9bb6bd238878d354a6