Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

13/09/2024, 14:26

240913-rr5aesthra 7

13/09/2024, 14:25

240913-rrd38steql 8

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 14:26

General

  • Target

    JJSploit.exe

  • Size

    10.4MB

  • MD5

    cf1abbdf344fbd0d14934c620de5bb16

  • SHA1

    d6646330f3be032a8a16945bb94a412c7d2b29a0

  • SHA256

    d3178284048fd809f2cf63a96cca1af122722ab29768d71b6c1152a233490dad

  • SHA512

    194ebb98531dfc41b9777724d98d81980454c4cd1fb08219285de0c3c3ac36c358af9937f890751490ff1fc3ed41205e04aa8851509334e75d36b16f150e89d7

  • SSDEEP

    98304:vtxARZ0toLC0XbUMhemGs0ITIECwa99bUHpr8U7Y5T7RTGT8C4gCI3s7:vEEo/eGY9bUtP78RTC8ws7

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
    "C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\system32\cmd.exe
      "cmd" /C start https://www.youtube.com/@Omnidev_
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3208
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff305346f8,0x7fff30534708,0x7fff30534718
          4⤵
            PID:4196
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
            4⤵
              PID:5056
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
              4⤵
                PID:2636
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                4⤵
                  PID:2040
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                  4⤵
                    PID:2916
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
                    4⤵
                      PID:1000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                      4⤵
                        PID:4988
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                        4⤵
                          PID:2944
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
                          4⤵
                            PID:3792
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
                            4⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3280
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
                            4⤵
                              PID:5040
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
                              4⤵
                                PID:2908
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                                4⤵
                                  PID:1364
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                                  4⤵
                                    PID:3420
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
                                    4⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:916
                              • C:\Windows\system32\cmd.exe
                                "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
                                2⤵
                                • Suspicious use of WriteProcessMemory
                                PID:3708
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
                                  3⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:5084
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff30534718
                                    4⤵
                                      PID:2432
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                                      4⤵
                                        PID:2780
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
                                        4⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2920
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2068
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1880

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      ecf7ca53c80b5245e35839009d12f866

                                      SHA1

                                      a7af77cf31d410708ebd35a232a80bddfb0615bb

                                      SHA256

                                      882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                                      SHA512

                                      706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      4dd2754d1bea40445984d65abee82b21

                                      SHA1

                                      4b6a5658bae9a784a370a115fbb4a12e92bd3390

                                      SHA256

                                      183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                                      SHA512

                                      92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      336B

                                      MD5

                                      efd6dd52295dbe997d9d39b0b16be6c7

                                      SHA1

                                      8cc08e8fe1ede89e640afe34956623db49c64c55

                                      SHA256

                                      9a6b8fefb9eec21e2137f9040b0dd5c3aa5a7fc001b0bf32eb6b39273ed092c9

                                      SHA512

                                      616636fd7a1dee57ea05afe618bec27bab075a512d7682e7f71162be0bc17fea8a03a352e4b80008657023db2746c8947a0e449405b250d750c35e70c2ba17b0

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      b6b5340eefc6d1b28ea1c47509556875

                                      SHA1

                                      645e6d196f9cc41d8271ca0a53c6f3ca703ae5a7

                                      SHA256

                                      6b6977b56699b8aa1dbbad902e1907bf3c6a7b80202ac3a6f18324046ac05e59

                                      SHA512

                                      9ef7c40a5a0d91305e3753ca97d4db642b7f4aa0fec70b4e2c8c6018beabef2f884735fda6632634fa6b31d8b701d2f429f788849e4c41d6cef19b0b5493bf6c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      c478304d6174e49d5a766378a635546a

                                      SHA1

                                      7a67e4fbe9ff001979d01f7ea6d8f020b03899e1

                                      SHA256

                                      9c68fc219d0173b25bccf1b270228bee6a73cabf8b71d64a92f34929bb01877c

                                      SHA512

                                      3ee16be936ece2260944e8910a7f7941082fb40e9b8b334af1e88ebc2c01360cfbd2adac0586db4b0e3cfb3fc5c6f6d00ac5f546f6b56e3045c81cedbef09d0c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      2fc6a0772d69afa8eb191e0a88b3220d

                                      SHA1

                                      d046d8b3007104697f3a01aa7965549dd77d1f34

                                      SHA256

                                      0879e91a32f98bef99e500207f45de73a82fb65dc8493df3f658f46a86ee22d9

                                      SHA512

                                      1c4b8906633f6f2c5bb5eefcf3e45d34d472b948f7d9a1e7b58a6f41fa3ab8dfbc39a0b2919c3593168718f77cd93a76699483bb326207fbf870c92a3c3b25c8

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      c70a16f7e17e92e594fb8771853f3df5

                                      SHA1

                                      ca428d61f8f2fac3cc617bd81567be276d21ac1a

                                      SHA256

                                      691812fb749f3837a92a7310dc2c7ffef2b1e8e2eff93603bebefd3c8ac05ecd

                                      SHA512

                                      996ea79f4aa95596b841a75546f0906606db70c399c36a4c80515727a2eaf8d53ffffe8c476c7bc8a4b124b5f1163ff7040d2d6c2d63f269e2c8e6d2cf1cfd2c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      8KB

                                      MD5

                                      a544bb0ff9fce96b3c5a56798467af62

                                      SHA1

                                      3d5ee5384701861d1e34b6a8f408a4f800ca0de1

                                      SHA256

                                      ef1422d31ea9da95dcaec59a4d772873816a769694791b0a4498d50cba432a6f

                                      SHA512

                                      f41eb7e7d6d534ddc00ced1573c6983da9a8abc6a53fca02bf5d1b1302c9e223cdaedaf75e5c581a5b41d6ad6a0b47494c26eca1c54ca52140277d6eaedba935

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      9070c76b3a98f131c814f40d81df85a6

                                      SHA1

                                      f19d44b73c2730f50e50fefc2d622ecc4c641852

                                      SHA256

                                      1649747e53173d99db1dc56af87dd160f55a68dbb0c7bfa33de68f6d1b3c4336

                                      SHA512

                                      a93274dcf547c9b355859e87c46a5c14e93c82b5f6cf867d608c314ce85badc0aec7ba29456cd8e20cc46809f26ac73f74bda40a46ac9c7eb6724040fc12b68f