Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

f8a2db80a3...8.html

windows7-x64

10

f8a2db80a3...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/12/2024, 10:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8a2db80a38b3443a827e274b247d607_JaffaCakes118.html

  • Size

    162KB

  • MD5

    f8a2db80a38b3443a827e274b247d607

  • SHA1

    649c69a631feaab357b0db3e1e57510fe0990963

  • SHA256

    704de6bf2250a00410a1a692bf7aea5915d973c91bfc2ad50d188d9ffd91c9eb

  • SHA512

    39541e4d6bb558a505d82af3cd7caa03c8e4af41d3fd0bc35ba8db39ca9afb423a2a918fa7c739aa40efefa59a1cc7a9f05aae39c5a1acea580323d2d69fbe95

  • SSDEEP

    3072:iOzNny+L6yfkMY+BES09JXAnyrZalI+YQ:iUQ+fsMYod+X3oI+YQ

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f8a2db80a38b3443a827e274b247d607_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5c046f8,0x7fffa5c04708,0x7fffa5c04718
      2⤵
        PID:5116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:1676
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:4696
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:4796
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:2008
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4056
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:8
                2⤵
                  PID:1864
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3360
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                  2⤵
                    PID:412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                    2⤵
                      PID:4744
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
                      2⤵
                        PID:3948
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7524722219527903167,10201748119428550509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                        2⤵
                          PID:1092
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:860
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4552

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            www.2ow14y.top
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.2ow14y.top
                            IN A
                            Response
                          • flag-us
                            DNS
                            news.share.baidu.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            news.share.baidu.com
                            IN A
                            Response
                            news.share.baidu.com
                            IN CNAME
                            news.share.n.shifen.com
                            news.share.n.shifen.com
                            IN A
                            180.101.212.103
                            news.share.n.shifen.com
                            IN A
                            182.61.201.94
                            news.share.n.shifen.com
                            IN A
                            182.61.201.93
                            news.share.n.shifen.com
                            IN A
                            112.34.113.148
                            news.share.n.shifen.com
                            IN A
                            39.156.68.163
                            news.share.n.shifen.com
                            IN A
                            182.61.244.229
                          • flag-us
                            DNS
                            209.205.72.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            209.205.72.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            69.31.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            69.31.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            101.210.23.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            101.210.23.2.in-addr.arpa
                            IN PTR
                            Response
                            101.210.23.2.in-addr.arpa
                            IN PTR
                            a2-23-210-101deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            154.239.44.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            154.239.44.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            196.249.167.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            196.249.167.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            50.23.12.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            50.23.12.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            15.164.165.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            15.164.165.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            241.150.49.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.150.49.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            107.12.20.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            107.12.20.2.in-addr.arpa
                            IN PTR
                            Response
                            107.12.20.2.in-addr.arpa
                            IN PTR
                            a2-20-12-107deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            88.210.23.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            Response
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            a2-23-210-88deploystaticakamaitechnologiescom
                          • 180.101.212.103:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 180.101.212.103:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.94:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.94:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.93:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.201.93:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 112.34.113.148:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 112.34.113.148:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 39.156.68.163:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 39.156.68.163:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.244.229:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 182.61.244.229:80
                            news.share.baidu.com
                            msedge.exe
                            260 B
                             5
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                             90 B
                             1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            www.2ow14y.top
                            dns
                            msedge.exe
                            60 B
                             130 B
                             1
                            1

                            DNS Request

                            www.2ow14y.top

                          • 8.8.8.8:53
                            news.share.baidu.com
                            dns
                            msedge.exe
                            66 B
                             196 B
                             1
                            1

                            DNS Request

                            news.share.baidu.com

                            DNS Response

                            180.101.212.103
                            182.61.201.94
                            182.61.201.93
                            112.34.113.148
                            39.156.68.163
                            182.61.244.229

                          • 8.8.8.8:53
                            209.205.72.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            209.205.72.20.in-addr.arpa

                          • 8.8.8.8:53
                            69.31.126.40.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            69.31.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            101.210.23.2.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            101.210.23.2.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 224.0.0.251:5353
                            msedge.exe
                            578 B
                             9
                          • 8.8.8.8:53
                            154.239.44.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            154.239.44.20.in-addr.arpa

                          • 8.8.8.8:53
                            196.249.167.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            196.249.167.52.in-addr.arpa

                          • 8.8.8.8:53
                            50.23.12.20.in-addr.arpa
                            dns
                            70 B
                             156 B
                             1
                            1

                            DNS Request

                            50.23.12.20.in-addr.arpa

                          • 8.8.8.8:53
                            15.164.165.52.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            15.164.165.52.in-addr.arpa

                          • 8.8.8.8:53
                            241.150.49.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            241.150.49.20.in-addr.arpa

                          • 8.8.8.8:53
                            107.12.20.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            107.12.20.2.in-addr.arpa

                          • 8.8.8.8:53
                            88.210.23.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            88.210.23.2.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            6960857d16aadfa79d36df8ebbf0e423

                            SHA1

                            e1db43bd478274366621a8c6497e270d46c6ed4f

                            SHA256

                            f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                            SHA512

                            6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            f426165d1e5f7df1b7a3758c306cd4ae

                            SHA1

                            59ef728fbbb5c4197600f61daec48556fec651c1

                            SHA256

                            b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                            SHA512

                            8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            efa1c0a31f7f76e7d62766f54ee7f1ff

                            SHA1

                            ff512a0e7d8d747efca7f0e5d82439c4653e7577

                            SHA256

                            520ab3c75629a1fea6f9df6d8d2983ada47b5b3ae23ad4cfc35e731fbd641bff

                            SHA512

                            4300ee7a10ae04ed2780d5c37cdd752d024ecc96ff55f37f49e231b546762aac418f88fa4d19747c015008e02e58ec8efab2a3e485c22de195329b23c698fc12

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            3315fb9b6b2fa63335788161f227fe12

                            SHA1

                            3b7a677897519097d5d9eb1a3325b4c11e250a3f

                            SHA256

                            c314db383c2a067ee9ae5c18b0c1e1a9de871efe7a970ea44db14c39e3912966

                            SHA512

                            99da41a7fecd6b32dbb9207b1822d1cf0c42e652ee0ab71ec1ea86822a2974a55e3a82914a6ccd44c81135f45f53545949041c4b5b7427a985bf51cbae1aa842

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            3eabaf3e324f45a2809d8c04319f1bf1

                            SHA1

                            181c4a7f6caac71c48b975039c8e4f4ec71ae58d

                            SHA256

                            ef8afef9822f0b74769e459a68415b919e7f0aec9df54af0b5b7cda2c308f221

                            SHA512

                            2bc3882239d14325c842cdf85b2da7af3e2493bc3d67118cb122ab4fb00b5ebaf557946ee78ee2e54b011c5dd8d05a651ce6f8b4af5385fcdf2c18744d8a07bb

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.