Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

fc5d75c341...8.html

windows7-x64

3

fc5d75c341...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc5d75c341532ec6b8391ca02066c479_JaffaCakes118.html

  • Size

    245KB

  • MD5

    fc5d75c341532ec6b8391ca02066c479

  • SHA1

    785c4469d4925e128bae75cafb2d6642c58869cf

  • SHA256

    1e75b253c0aa8839eae2fb9011a99a129919f98b4d0f3b9b11c86177f28f1c59

  • SHA512

    ac9729c7210c317ea67381867b70535e9d5b82afe5efb3f04264955b54ba8d30641b289a0db8775f51456675166cdf3e0eaf1ce936a0fc1b03668a053576102a

  • SSDEEP

    6144:SssDRCixVixc/sMYod+X3oI+Y9sMYod+X3oI+YQ:lsDYixVixcD5d+X3P5d+X3+

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc5d75c341532ec6b8391ca02066c479_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:716
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd39046f8,0x7ffdd3904708,0x7ffdd3904718
      2⤵
        PID:1040
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:2260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3628
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:3704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
            2⤵
              PID:3036
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:928
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15955583733283212542,4480702723347199538,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4344
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1972
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4652

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  d7114a6cd851f9bf56cf771c37d664a2

                  SHA1

                  769c5d04fd83e583f15ab1ef659de8f883ecab8a

                  SHA256

                  d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                  SHA512

                  33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  719923124ee00fb57378e0ebcbe894f7

                  SHA1

                  cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                  SHA256

                  aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                  SHA512

                  a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                  Filesize

                  255B

                  MD5

                  d65f1f26135e9d5798a6a8d6fe48c063

                  SHA1

                  5de9ccd65d7028a0d31d2165f159a403b949ea2b

                  SHA256

                  1222fd0abb84cfba47942406c6c464b8cd7f953e180b9d7e338d1be8fa29fb5f

                  SHA512

                  8b470e0cf29db6f065f785f478f5392c78ab3cf4261f2d922906652a0f134c54cf48905aa0077ec5d598631eb049d2ff2b228833a0c2ad50d5be6c80099c003a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  0939b1005c977675d3cecc18929f4878

                  SHA1

                  ac6efb50e44d497fdf74aa47b375f178f86c6f94

                  SHA256

                  e3ef9f72c2575452f600fa4f46b18c7ed4ec4cc82c1b45f651299e550f78bdfa

                  SHA512

                  00f61bc6389ff5b74039bd93219d664dc5deab0b5a66120e70adc27bd7e1eb4ee5fa4b441564f490e5cbcac94ab4044ebcacab10621f626b11d95e9c8230b4bf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  af0186345e4bb61bbe1ffc96075910ac

                  SHA1

                  05ff8e4c024281ba07a6e685e5ade0de83457a7e

                  SHA256

                  6909897daf1b44f539e92acbde4bbcd8dbe622a6a2e84228e61b7c5cf24ae8a3

                  SHA512

                  a1f65a6f098355f107e42f22569b2c4029cbe8b56ac3fe65fb7ac3ce48066ddcd8088939a2650c6a4a78b3eaee179550034b55d6546db5d91170253888efeebd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  7296607f8601fc2709420bca6d390864

                  SHA1

                  619388a947ea7f6b60c2fa2cd4971de93bb81764

                  SHA256

                  be6e4c192bc3e96bab048bc3083da9ae555b2b377a9cf1dfe69b00d5b0cf4e4f

                  SHA512

                  829910b0147e70a45d1cd583b43762664bf20edc20d6b268e40bb6cc7b065cd150e5767e5e196e77147efb974ab0165c33ce0b430363015646f1116fed57d646

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  d5f15fecd8adec3317d99ac05259f417

                  SHA1

                  e48093686bd6b9390dd7e10357e0f4074138c971

                  SHA256

                  3db23e7ab8eaebb1a3ce20bbc2718a5c1ec741b3a85e7d7c47e1954354407e1e

                  SHA512

                  3dc785d87aafe68da801ac87aa0ef69a7a79569fe82e8d67281ce3e7c9b92608ebdf9da4603da851eff49a4946d7ca787dc198b83365cd8bee570ea47d7a37bb

                  Download Submit