Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

dbe60cc236...8.html

windows7-x64

3

dbe60cc236...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 05:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbe60cc2369490c4bb8efd5ab9aa3953_JaffaCakes118.html

  • Size

    12KB

  • MD5

    dbe60cc2369490c4bb8efd5ab9aa3953

  • SHA1

    61939dfd463906a2444642afad161a8aa239f61c

  • SHA256

    49f91594f5e58075e3e51c7bf4a8456bc768d7bec38c1c05f8825b52d3a08b45

  • SHA512

    1242faa9e92be4385b770a18858b1ce8f25f7222ab92fbfd3e76800f9268ec676eb0b1d6874b2c6c99c3776c1b541407c290979ad39d5a454cd3df8414521a05

  • SSDEEP

    384:k1fE66qLC5kxepDOFfyMtMiv4nqe2lfie2l9zB99SBXN:h02chl47NoN

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dbe60cc2369490c4bb8efd5ab9aa3953_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9931e46f8,0x7ff9931e4708,0x7ff9931e4718
      2⤵
        PID:3916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        2⤵
          PID:2036
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:1396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:5060
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:380
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
                2⤵
                  PID:3200
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4372
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                  2⤵
                    PID:1640
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                    2⤵
                      PID:4728
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                      2⤵
                        PID:1148
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                        2⤵
                          PID:3748
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,17989818240383793944,12600770845815459015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2488
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5008
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1076

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            232.168.11.51.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            232.168.11.51.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            25.140.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            25.140.123.92.in-addr.arpa
                            IN PTR
                            Response
                            25.140.123.92.in-addr.arpa
                            IN PTR
                            a92-123-140-25deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            vomglockkennel.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vomglockkennel.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            73.31.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            73.31.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            133.211.185.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            133.211.185.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            103.169.127.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            103.169.127.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            18.31.95.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            18.31.95.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            240.143.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            240.143.123.92.in-addr.arpa
                            IN PTR
                            Response
                            240.143.123.92.in-addr.arpa
                            IN PTR
                            a92-123-143-240deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            22.236.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            22.236.111.52.in-addr.arpa
                            IN PTR
                            Response
                          No results found
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                             90 B
                             1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            232.168.11.51.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            232.168.11.51.in-addr.arpa

                          • 8.8.8.8:53
                            25.140.123.92.in-addr.arpa
                            dns
                            72 B
                             137 B
                             1
                            1

                            DNS Request

                            25.140.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            vomglockkennel.com
                            dns
                            msedge.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            vomglockkennel.com

                          • 8.8.8.8:53
                            73.31.126.40.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            73.31.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 224.0.0.251:5353
                            517 B
                             8
                          • 8.8.8.8:53
                            133.211.185.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            133.211.185.52.in-addr.arpa

                          • 8.8.8.8:53
                            103.169.127.40.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            103.169.127.40.in-addr.arpa

                          • 8.8.8.8:53
                            18.31.95.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            18.31.95.13.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            240.143.123.92.in-addr.arpa
                            dns
                            73 B
                             139 B
                             1
                            1

                            DNS Request

                            240.143.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            22.236.111.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            22.236.111.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            f9664c896e19205022c094d725f820b6

                            SHA1

                            f8f1baf648df755ba64b412d512446baf88c0184

                            SHA256

                            7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

                            SHA512

                            3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            847d47008dbea51cb1732d54861ba9c9

                            SHA1

                            f2099242027dccb88d6f05760b57f7c89d926c0d

                            SHA256

                            10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

                            SHA512

                            bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f89e682-d35f-4bc6-87ef-16405365e99c.tmp
                            Filesize

                            5KB

                            MD5

                            d0f90fc21a5f595baf0657aaa4b51dc8

                            SHA1

                            78d03571deb8c753de398e0c4a0b0094505d7ee0

                            SHA256

                            9b3d4d88ae5224e7e5ecfbbb5e23b2fbb0aa7675287c71da2653ce0306b0c458

                            SHA512

                            99160c72aca4f8e2f24460deefbbd4e00e933fc01b59b4b5a6564973bcfbb5fb725a6855ec59c61b17f42621f268f6df951e3f2dd3692757ffe48138daa770d9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            122d11d6cf5e940029fe9cbfcd68bcdb

                            SHA1

                            31131d009a62b8a2f13579d026d1a4eb7fa592f6

                            SHA256

                            1547b8cce1505f8df93ab6c862c3d2fb3b5a887826cf08f7762b4562c0201d3a

                            SHA512

                            8449b6cbc197e5141627e9d57923adf56def1cd3bbaf62b7d568f1f8335efcdd5dc660fb26ef7f0d965df52281a3d7112f75485759553ca03e88e7cb14e2883a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            f1e53743165ae8bf0eebc530ced85575

                            SHA1

                            4b95e906d3b3ece1d4524ca87720810ae9aa16b9

                            SHA256

                            8c737e3ac03cd02f03edc9b9d28ab884040323bf72bb1d47a183148984660c2b

                            SHA512

                            ecfd0b58251dc3e4e942d768522882d852820e173ba7729435cfe11e6935b690c2bb8f753a588a3559dc6b536856dc2b9261e92230cbda92e427b40653b4eda9

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.