Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

d0dee45b6c...8.html

windows7-x64

3

d0dee45b6c...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html

  • Size

    445KB

  • MD5

    d0dee45b6c042c6a25c0fc21bd5fd13f

  • SHA1

    79aa40167c686eab0c1708db8ba1975500596df5

  • SHA256

    4f2feda2dd60e36933640992e9d0a65486958d701696a37da2fd0bbf53a2a73d

  • SHA512

    722c2019febb16413e628ff94ab5e0929363004c7de7a657a017567b7e0938dd464fcfa06d97629e22ce91b0a7f7bad1811bbe17002e6320220af487fe0347f2

  • SSDEEP

    3072:zTDfPTDuhbL4z+Mr9PkV9ncVHkQVZobD79tH9DH9WLCnKRgUzkEjqZFVgFYVkiBn:zPfPPuhbLHKRgl

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0dee45b6c042c6a25c0fc21bd5fd13f_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf4718
      2⤵
        PID:3592
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:3548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:4832
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:4116
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:4084
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                2⤵
                  PID:3212
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                  2⤵
                    PID:388
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                    2⤵
                      PID:4312
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
                      2⤵
                        PID:1820
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3196
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                        2⤵
                          PID:2744
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                          2⤵
                            PID:4368
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                            2⤵
                              PID:1804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                              2⤵
                                PID:4300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9932791747776075385,17455263236879136533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1544
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3420
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2024

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  e4f80e7950cbd3bb11257d2000cb885e

                                  SHA1

                                  10ac643904d539042d8f7aa4a312b13ec2106035

                                  SHA256

                                  1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                  SHA512

                                  2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  2dc1a9f2f3f8c3cfe51bb29b078166c5

                                  SHA1

                                  eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                  SHA256

                                  dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                  SHA512

                                  682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                  Filesize

                                  212KB

                                  MD5

                                  08ec57068db9971e917b9046f90d0e49

                                  SHA1

                                  28b80d73a861f88735d89e301fa98f2ae502e94b

                                  SHA256

                                  7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

                                  SHA512

                                  b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  144B

                                  MD5

                                  52967817e5f873235c247337d0818847

                                  SHA1

                                  6c84d39ca9b6f2373c0e6b53d1e5b7f6aaf76b8d

                                  SHA256

                                  0708237e05fb3efafd9567f25019d61a16bd00699358d6bf0f9231639d922533

                                  SHA512

                                  91f99032929ce72c1800ed1586ff563644c0a2ec22c91da3660a77f199adc003d7ee74aa497dda1efbe7202520416866867d736e61af282fc999a892068ccb71

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  567c742cdd538f89abbc7e4b0186e733

                                  SHA1

                                  e280278281ced0c38465c82f760f7e76c35fe379

                                  SHA256

                                  0216657e38459014c8aa2aa7f78816e7df717a218e53c7c8ac2037ec0a0c61a9

                                  SHA512

                                  387796eb9408b52c54c8c0981c05cd1d6dfc340a4daecf91ad89ef8944a078b85122dfad0fef07adde6ab0fbca397aac3b677a432a865ac5b17e527808794baf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  ed2021c796694f36f8c2e0a8ab74bb3a

                                  SHA1

                                  74734a06325b410135579c785bc77c9940f48899

                                  SHA256

                                  9bc4a54c42b4b07384c9fe425d8c11b7d86859bca5a67d08fec8d43af64327a5

                                  SHA512

                                  cc01e7f1a3c76332110982237be1442c674e19f38271ce88bff8bcb58d71854ca8019b59f966a0a719c3ffda1449213dc70089bd91932f8519824ac5c08e9ec2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfdffd4a-ba53-47e0-b2ad-77a9451a23b7.tmp
                                  Filesize

                                  5KB

                                  MD5

                                  edeb4eab31d58dfdaf8642bf584f4174

                                  SHA1

                                  2081f684e276122623dea3430bd98450a5fdbb22

                                  SHA256

                                  a7fc5688cbc9383f5d3fb70749720c52b6c9cf0a3128a4f51ebfde70cd2ce528

                                  SHA512

                                  f7ef5d164517806a66d2d3e7d2b40f45ea96f85365459d4e4a0644392f057eb7a664e8133ef91858835959818f60c8dbbbad45946bc9d1db73e66f2e60171636

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  a317874be6e7000d5ede1a01656a9d38

                                  SHA1

                                  5b6c8a81789c5d0be0fe9a53344fee987d344034

                                  SHA256

                                  ad543fbacb1e30bb7b03b8f9f014159dba814875bf2d07a2246689aa17fc0cd0

                                  SHA512

                                  fffb0d1a0527cb6b4ec3525a14fc7f2b6a7b311e410ef600cfc37868837e8f6e08fedb9fde67f6a2d8cef3deb1ae08695cf02e8d825bae5b7a51d787c272ea8f

                                  Download Submit