Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 16:39

General

  • Target

    f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe

  • Size

    620KB

  • MD5

    f66d602223d4890829fc6378a05dc6e1

  • SHA1

    9999c0b4769ebcf41cc7fbc1c2079039436a5afe

  • SHA256

    372369b79b9794b38982ff451100276e201aefec954407e9f59b63888b821dc1

  • SHA512

    7b49c83ec0262ea428897f5cd9490bf13aaa52250e6498c65ca03b6bb18eba9c1246c77ba972938fca72ea38dc8042e314d45cfc7e54f6d0f643f96737949f27

  • SSDEEP

    12288:Wnl59wFrMA6dG+m7JYDClJb5Np1XT0ceu5bQb8zvMp4Y:WnNwFrMA6dG+IJYDubDXT0cHb68zPY

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wisedownloads.com/Installer/Complete?source=google_dm-display-gb-336x280_v1&reason=complete&user_id=7ecca051-f811-4b25-879f-6996b7be32e0&ask=False
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffb2e46f8,0x7ffffb2e4708,0x7ffffb2e4718
        3⤵
          PID:4868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
          3⤵
            PID:4632
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2060
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
            3⤵
              PID:1096
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              3⤵
                PID:4812
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                3⤵
                  PID:2112
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                  3⤵
                    PID:392
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                    3⤵
                      PID:2076
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4952
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                      3⤵
                        PID:3104
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                        3⤵
                          PID:2388
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                          3⤵
                            PID:2428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                            3⤵
                              PID:2136
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2964 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3440
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2488
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1216

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

                              Filesize

                              1KB

                              MD5

                              7fb5fa1534dcf77f2125b2403b30a0ee

                              SHA1

                              365d96812a69ac0a4611ea4b70a3f306576cc3ea

                              SHA256

                              33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

                              SHA512

                              a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

                              Filesize

                              436B

                              MD5

                              971c514f84bba0785f80aa1c23edfd79

                              SHA1

                              732acea710a87530c6b08ecdf32a110d254a54c8

                              SHA256

                              f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

                              SHA512

                              43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

                              Filesize

                              174B

                              MD5

                              39c6697e7e12f6ca27f5e3f6a6e756ad

                              SHA1

                              4376b0d5cfe19248de7f0e5787a8dd53f83bdc26

                              SHA256

                              1676f8c5512c111f5de726a672a25afc4bc3e22730b2e235186247b87f8b3c61

                              SHA512

                              10c21acdd74cf78f905faa9d86a1248fc1f9b391ed38e5b8d73540f1a37b40cced31dff22fad6a8b94d523421c7456ebf54e425527b959a5c17bb1a246341523

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

                              Filesize

                              170B

                              MD5

                              9bbfc5d4bd0436eb57f7d76ea8b6f573

                              SHA1

                              ebd8af748d27d725aeb522275b0030d168f57625

                              SHA256

                              11d08f8a8a3f6c0b2d8af09d93c95524671e98845fd94aaa9e6f698f2dcbec21

                              SHA512

                              e3115516bc270f4524bc5c703b957539d6ec870abb1f5320727c8ed44e1910fd2bb5c351c26ab6dbd2b434be0aa6b55c636910438a23a8cda1e8ae69a7f7913f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              2dc1a9f2f3f8c3cfe51bb29b078166c5

                              SHA1

                              eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                              SHA256

                              dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                              SHA512

                              682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              e4f80e7950cbd3bb11257d2000cb885e

                              SHA1

                              10ac643904d539042d8f7aa4a312b13ec2106035

                              SHA256

                              1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                              SHA512

                              2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              192B

                              MD5

                              8d538dfd8e6f471d1783d375a2a21690

                              SHA1

                              6d8dece6cd37d9586a99efd2793f0207abf16f4b

                              SHA256

                              d555607ce458e737652161848042f929d0510f04e8fd19823456964e4a6e2be7

                              SHA512

                              306e8e381b2efdfd66eccb340ea14a10696d7b088971d60c7fba56397864a5a004eed85f2d00f84aed7d2af3c5065c830f4ab3ee3102080f7555ac1cedc09f78

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              5fd11d056830a793bc986f5db9c49430

                              SHA1

                              5dd355b56d49a0c16844370ba705e24e320f8c49

                              SHA256

                              841d21eeb9cebda003cd30c1ada94c751ea1b9b6893e3709af6f17afce4fefcf

                              SHA512

                              927f5d5b39e9d8c94f1597072efb5ade92efb63ff6e4f6c6b48aebc2f4db7ab73a4c0d17c8eaa161aebf15c0f632fe75b5101464b98c2e311c1649e06592560f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              765b10c363e78d2fceb04f55c740a242

                              SHA1

                              f91a4892416ed450781c09e6f6b9ee1ce1c7a8e3

                              SHA256

                              c636b8b4f4495a8e9d5146ff3c65f0818c791e37f93b96298f176352904aabf9

                              SHA512

                              6d582eff849f375ea8b61706e316bdce4fbbca0fe1bca8ef38c5007215b0bf0633e26453394506102501dc09bdd823f70d7676d51b44aca79608d665df64344e

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              f94e2b3cf1809143e4343296901a315d

                              SHA1

                              10075b594ed7fa1dfa3dc432ab6e036e0efcf91d

                              SHA256

                              61a2e672297ba7fe03cb5cc7ffa648690770e23e19f02e0da3d8c119f816ac29

                              SHA512

                              d4f4c798d762fbdeea2241695b8ce2bda1d8660e90b9a9d43dea67e045b5698ecf8a6177d00dd3901e71de53fae917c45164e1d5c8e7a882d882399be274d274

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              e6c57e8e2c3081e1e03b923b3f7cf02c

                              SHA1

                              1df37a76a9c5b8b61dd78548ec301a58472855f8

                              SHA256

                              a940bb2dbc883c783f7960e7d7f1a047cf82e6b11f68a04a1373c68eff5e7fba

                              SHA512

                              5cb80ad8ce3075a8fe81b1720bfe62cba8ce04019cf626922d2f7278a611b112938db04244049ea1b22b646ea164563b57ff86bcf6a698be5af83cbc338268e2

                            • C:\Users\Admin\AppData\Local\Temp\offconfig.temp

                              Filesize

                              6KB

                              MD5

                              135aa39705cf8e92a5ad36d4e4cbfa49

                              SHA1

                              d3653c7fe4a49d408c98f4d4e05a21deda0bb36b

                              SHA256

                              ce49f626b2523b86668ae815a2374229e839c5adb694894f2da382bffdbf219d

                              SHA512

                              0fc6fce761908c66d3d10a144c2b96d7c4ca59ca53b837b3314f9245dd02f605fadf088163d709810c34942e06a6031003c939d2be342d8a8b5452e02ad490aa