Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

d21ed6c2da...8.html

windows7-x64

3

d21ed6c2da...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d21ed6c2da7a8441149f444797bd0d4d_JaffaCakes118.html

  • Size

    91KB

  • MD5

    d21ed6c2da7a8441149f444797bd0d4d

  • SHA1

    2281d8f67a860ae77ec1587e4e08d50da440b420

  • SHA256

    609cd1d9247702bda3a659d9638ec43851a7e40085c2a186484da253d3b22665

  • SHA512

    f5cbb6b1b88ccede2710a0679b07c340920326a043294de0ddd95ae5091fed07517bb4e131d5cc410dd2ccbc1ae52add898f3a64377e6192d29d2c5ca0d6a4ff

  • SSDEEP

    1536:GeJQfpB6Q14w0Su27Od6QY4t6ZbAagdmyb49M+3di5yp4X+OAyU4W8IMETymJ4d9:XA8g4Q7NF4YAV4Hd94A4e4bQ4lAgMrgD

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d21ed6c2da7a8441149f444797bd0d4d_JaffaCakes118.html
    1⤵
      PID:4600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=756,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:1
      1⤵
        PID:3960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:1
        1⤵
          PID:2404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5428,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
          1⤵
            PID:3260
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5464,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8
            1⤵
              PID:652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5628,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
              1⤵
                PID:3928
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                1⤵
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:3408
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff9c6eed198,0x7ff9c6eed1a4,0x7ff9c6eed1b0
                  2⤵
                    PID:5696
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2312,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:2
                    2⤵
                      PID:4084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1960,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
                      2⤵
                        PID:4092
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2448,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:8
                        2⤵
                          PID:4604
                        • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4468,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
                          2⤵
                            PID:2004
                          • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4468,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
                            2⤵
                              PID:1392
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4540,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:8
                              2⤵
                                PID:4356
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4484,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:8
                                2⤵
                                  PID:320
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2780,i,15091050282026841233,4326833845644229776,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
                                  2⤵
                                    PID:1828
                                • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                                  1⤵
                                    PID:2572

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    faa2e563dce173c2443fbe26deb12d68

                                    SHA1

                                    6ddacf08c23828205d045a4caee520da0921b50d

                                    SHA256

                                    08cf7740cc0264542d7842e3dcbcdc67f8b7f4ffb938b2245e895fcea4c1a692

                                    SHA512

                                    a19a2334d4c72d96a8f7785605607be7d818b510cb1db3a542b7fd694886baf4378f695be9b82c20974b693321fc5e877fea2a38edd8460b8159e963fd115afe

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    12a08fc965c3b4c83e4cadcc971c7dcc

                                    SHA1

                                    ab8bc413dab23db5bdeccc6b49e3c5d5bd058998

                                    SHA256

                                    8743f5a596fde86c4ca604db3bd39c34deeccb476c522502b7741d77ea1a8b38

                                    SHA512

                                    e59daa4ed41f9dc98e318c1a1dcf3c43bb41993f945667e800a39e184cc15d5d3813a34d68674dd4f5f458b336b9ed407e3766c7d67f034470255e39f141f8d8

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    53KB

                                    MD5

                                    4674d8d3019148f8f2f731b4ea75e93b

                                    SHA1

                                    1fdcf7cb97c69287eb69cbf40b925ab24a2e3c5d

                                    SHA256

                                    b7e1ee74410f49b131543dac3c10c233c3544120b5317f9f4c5faa7785cb5914

                                    SHA512

                                    aa41b2311811c96de9f5abe6b54c961a025f4e3835c06b1a52259b08f8f4bd17fc436efaa7c05c926f90a40fe9707fc4cb9da8006257658ec30ad90bbe713065

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    50KB

                                    MD5

                                    e20bbd392e128d71852255e796fa68c7

                                    SHA1

                                    1c03be746377e2a095944b138f672f38f450667a

                                    SHA256

                                    0269b89cc17c5f87e53c1872e00ac3fabecbe6238dfa64cace562a824ff343c1

                                    SHA512

                                    568d49a49b7e4688ba6f3394392ff6a208043f8d65ae6bbadc9950f34dbc534ef6619c7c82f54ae90a6bdc1cbee1d4727e7d90996f66c0d48841a5638ceae68c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    50KB

                                    MD5

                                    567c9835dd58e7660bd279c5db3b4b11

                                    SHA1

                                    f0e88d5e97e0c4cf9e0b0c59ebcb13240d4834e5

                                    SHA256

                                    857b550610c1eba8ce87603ddf0e3bf44a4b1a79501ce69614da48600ee170c1

                                    SHA512

                                    03f69bce2a8229b044dcaa210a87532b0314d6efe1142215b6b64ada21c96f82db6239c623ba6c88868e0670132b36dd7b85289d2238e20afb820d442abc5c8e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                    Filesize

                                    2KB

                                    MD5

                                    edd5e9618374fb92029d3bfae5411dd0

                                    SHA1

                                    612bd80bcfc9afa650d4185e046c76e57c5aff42

                                    SHA256

                                    502e05fa5e9e28570427330997c00e0940e42e4bc8d6922d5409164fd43619e2

                                    SHA512

                                    f5e7e15dd633057b2ce7692022143d3f8b0a7c06e3db8d9c3933d304ea139b545e66d5bf0922beab8384ac094e1611cf44539f933bb861c76ec9d22e11b3ac23

                                    Download Submit