Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
04/10/2024, 22:52
General
-
Target
1535baf6f7e75e17ecfa64724a789d5a_JaffaCakes118.html
-
Size
139KB
-
MD5
1535baf6f7e75e17ecfa64724a789d5a
-
SHA1
d41b4410dfcf408724797bfc2739a5e34723ad9d
-
SHA256
555658afdf18ff741e6fdd8942c66bc604cd9c120d9da7949e88141347365039
-
SHA512
cfb08904916b266cdbdf115060afadfb0c060e45b20e1aeddfd24f0397e6bff547b6476f7965531303c957ab670368a66167f78302d398c223e5944f173ad22c
-
SSDEEP
1536:S9RNYINSlJiayLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:S9kIxayfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1535baf6f7e75e17ecfa64724a789d5a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9b3f46f8,0x7ffe9b3f4708,0x7ffe9b3f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12094103022681975683,6731507476405181403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db1ed3bbcaa8e96c29a0b57e72bf0319
SHA19bc11860837a2bcdd048613ba8dd76d6d77d32d9
SHA2567c7db5dde536599fd7ffd4dee8e03ca0f6680e662022869057b09a4635b9b87c
SHA512eb7375877e9b51ebcf8cfc62cf822fdce3fdce837fbbd00d4d54c52c4f67bd82408e4809e1c92f32e9f3edc9e6726910f752fbeaf14704745688b0239405e6c8
-
Filesize
152B
MD5b4b5eaf7edd9d5391ddfdb694e0cd888
SHA1d1f92fbd238c4d5fb6861a83153893568d514586
SHA2561d5fc1e6da67b60df30ee83dd11359ec3dbe0c4bdddff2f2f862fa9c4619d903
SHA5121b62d5740572b1c17dadcb83d9e0017d6a8ff94cc64bc024cc47fa92a8180f7c2d18bef79ddf5cac8a9a97ecefd8461b06665e522acb0c5857dac1a2838fc048
-
Filesize
5KB
MD5de1ca6cbc95086bdfee956ca005a540c
SHA13e7721144de856556e900776930a9f9c970e6640
SHA25670f0131015b51d93df582235da8be9d5884b906d3b895778fec9f5d4368f5c17
SHA512826fcda87bd80abcc4e52477eda085c3b6aa483de457e5c3ccb911c1aada08b8e78bcc0807d2440a564da128e63e9cb93adf65306729684e77e5eb0be7c56c10
-
Filesize
5KB
MD56dc4e08985cfdb76144659aae2962f1f
SHA15eab6c6d0ec65dd6e23655ab537bb4024096e086
SHA256cdc40a3891ec90dfe33e00335ad50f3bfa702237fa66c96900f6486344763734
SHA5124f01a34ad489137201c387e384f9a2fcb461b5df14714de4270bcbf41d811ceebbfb2ab948ce2f09243fd14171b2691499bf2a17544f19be6a6109641c980d90
-
Filesize
24KB
MD5941ea4c983b3cf877ce6e1aab38f2794
SHA1c4fcce581d0660a0c96d0579aedb528a8168233c
SHA2563d4479f291d239eec609801437c1962e41e19c53a3eadd2f95342167fa7ad342
SHA512f47836cc619ea50f24d3804a697bb562781e812a65285959d7dbce53db8945cbbab2f9b8290ba2bd9925f620858918ddc676c082cdadae8444a9751d642a381b
-
Filesize
9KB
MD5053748b308e11de4a0f9e510c8461f0c
SHA15a0ed453e28f817b2d797ecc3672b611be3770aa
SHA25641414b024235b34fc88221954678347c2b63145ca96781288a3de72b27bfc0db
SHA5121c78190055a63b19c89b71ea2f83d1f00da776d04fc908d87efe567091878089a1dd68dd1ac16dea7d3221335fc334bb6bc70640c9ff76f13262d8d71b5e783e