Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2025, 09:38

General

  • Target

    JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html

  • Size

    192KB

  • MD5

    555dca777fbf086a5c3f41b3c295144e

  • SHA1

    c943fa1d9d550b61e290aff4a8814d59abbff8f5

  • SHA256

    fc32bba627150a93cb6d7ec61b5c38aa39e151dd8fcf03d922f167c6f87c96e2

  • SHA512

    4f356b6d4b972f51b1fd19eaa6b271fc2d8cf8ff12eab5117a984ab6f000c033eed763ed0fb8abb163ca39e5ffb91a60197242fc68787e491805b1ffa79be783

  • SSDEEP

    3072:+rrRspnR0JGEiVTkLi/Mo6RnF09AHN7odgh04T75bFI9IvDYBMtkNNF:+rrRspRgLf09AH554L

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3640
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb443d46f8,0x7ffb443d4708,0x7ffb443d4718
      2⤵
        PID:2204
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
        2⤵
          PID:4188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4500
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
          2⤵
            PID:3916
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:5084
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:1316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
                2⤵
                  PID:2288
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                  2⤵
                    PID:4972
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                    2⤵
                      PID:1420
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                      2⤵
                        PID:764
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                        2⤵
                          PID:2296
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
                          2⤵
                            PID:3564
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6940 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2440
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4332
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4240

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              d071abd21ba95452bd70e7274b2139b6

                              SHA1

                              75ea5ccc5ad04b9634e377b286fc99c448f07891

                              SHA256

                              973e07a348e7b2dba242b74f59a5d3d690842f19be76dd15a5e693992f08f142

                              SHA512

                              af42a390439b837dfffa305f21fb573b6f2028bbf767d7dcf239900fbcbb8d4e7015d37a8c52bb513bad60f6f5039d4e699acf8b5135b24e8d0e26a1d96d9b5f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              102f253d13f1fcbd58ff7ea07502d0f9

                              SHA1

                              17fa9662f4778117d415f7821ad2f9eb549832c1

                              SHA256

                              6d75e75b1174af3c7b730d9d4a397e5c1b53c6935f7c4ea675da4e42a9f6559d

                              SHA512

                              5401a9bd5aab0b6add34e79e644916c3869198b3310c47aa8a845ab2d4d566d973c2a56e888c675c96bd04d2e1cbc756189f9122d6ce4b88cdbcbe1186ca7eb9

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

                              Filesize

                              20KB

                              MD5

                              2ebfdbd309ee762211b4a2ac39708c4d

                              SHA1

                              b002922c672dbe1dd4caa02af24d0b1e7da616af

                              SHA256

                              54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

                              SHA512

                              d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              120B

                              MD5

                              7e482a696cb123d60ce1e1d00630358b

                              SHA1

                              68668839893ebc9f364792e54a757c64f4400309

                              SHA256

                              5e2b85126db5723edbf043ad412d00c9b166345e80c4ca5faeb74d783ca7d7e8

                              SHA512

                              95afa9869b08ea4cb47042bdbb52d61f91fbd9d7c3cfdc642f9c2d0308cd76c04a70eb8c10b52aaf8930a56178d4074d4a271a6effea05cfe8467aa19a6d3292

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              144B

                              MD5

                              a9318ef3823386248f730f7522c862ea

                              SHA1

                              0d8af4a3db1ffb05e4d38d26ab26f04a9d39d9aa

                              SHA256

                              47a2797a2f357510775e071bae395c4abb86c7530cc72f734222b370274c2572

                              SHA512

                              575a44fbf8af81bb7da048581422cc6270b898a6dfa0ab240b99977b8e6a59c7d4ca0497da74f3cd1b4dfaa44bf59255af66925a063f0cd09bf0fce622c3cce6

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              d2352ff00d159d32038e94bfd71288d8

                              SHA1

                              d40b0de4a34ec408b039694fa607399f79795117

                              SHA256

                              ab0aa151b22c7fe98787baffb2589c12e498b6467aeaf19008ad572e7d5bfc6a

                              SHA512

                              8eeb693dadabb153ca2c5a7b15f058dce2929cad8b5e4c774a795b5061d2817d6686ac168d75bab92b5c4156a15cdbadd750f9f145cdc056ae5c9f8602a3c995

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              3KB

                              MD5

                              98bc50b5e45a426cef9e1d1713cf87ce

                              SHA1

                              193b97af82b897593b2cb3f3aba0b3d3f727b4f6

                              SHA256

                              4f9278ffd8f5769632d9f73ff427302c784c6be40c66320fdc56a965c67ff272

                              SHA512

                              5f15e559414a2024cd3cc4c3b62ab7205bf9b76a289d8a5ff31fac0a16960989a9d3ec2e7ac662bf8f0fcd5861bd386cc5f9335f2fcebc5b3d1dd569439a6332

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              b8d8d67852ef756a95681d191939887f

                              SHA1

                              3c55a3e9c9d25a45912e48148e48c48ed53bb6b2

                              SHA256

                              64f615df6eabc70bb5388467abf92045a085f6319abf796ec6c0547ec4d34ad2

                              SHA512

                              a37bc6076de62852b20c68396ca4610341467fb64363263148f7f89dd56c92d533f1565dfa639efe698dba2ddc4fb5c4a10656a15ba47125ed586fa3bde80932

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              69b1de380159df8a607366aa66d3ffb2

                              SHA1

                              f3f3e2051fb7f04d01eaaff2d1b632d7d94b27c2

                              SHA256

                              e9325c5f2d25d3d1e2007501c246917fe5e213cf3239df691351899b06024b54

                              SHA512

                              2a1f35df9d3f56a3d24b298e2012b6694c77bcb4361688e81369a59eaa61f71c83b8478f964ac5b0ca294bd7ba7f75dd5b935a39f0e3470ec21d579aeb3c146f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              c672afa43c4d92ed912a7cdff86aa7c8

                              SHA1

                              178a0163d4ccf519ce2ec1bd515652a2a80b869e

                              SHA256

                              19d2925e545134809cb9e6cb76f55928961d23e5b7dd2a519e86fa25ae5619f7

                              SHA512

                              97eb1dd9f6d5c307f1dc2f0bf7e74793743706ea01376b6c6463c47540f5471b5247664786d50aef32b486342caa9cc914b4c8d21f3ee467efa856ad26dae5cd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              46bb9ae98130fd8802d1b8c95377c232

                              SHA1

                              1bf52df7740caf1faad3324a5a3151d2282716a9

                              SHA256

                              431b72de3b4d9910ba8753a31d24fb66a05b3abe417229f4ed70bcc5918af74c

                              SHA512

                              1d1a06ce16d2e5f24198d645e906bdcd1f841587da837ce293ba96354fae6d50de3e6ee002ecb7166a512b117ead76da4594ec8a73c0851eed9262f03165c09d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              538B

                              MD5

                              a4795db68e259f93e439ef3b00230f25

                              SHA1

                              9f60740a4d222754f519522ef017f607e9bdc3eb

                              SHA256

                              0bd7d25181ea0d351b6c2153a4b264e174bcf3ac9f7034679d40bd3c08732b67

                              SHA512

                              e257f5785ee7d7a84687a6ba4ad4ba974706317819c1731fe0f676df59bcbb27eed9e05590a9c6fe8404435ba5a3a59db3010f6750c8956b64d6d829e078bf73

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              706B

                              MD5

                              fc9080f7bf158497d820828bfc253f5e

                              SHA1

                              747c8a2ff3805acc8dc4c543352e026adf649f04

                              SHA256

                              b4bd3d57d7620a46c1f20f6c7ce56f0234ae8d718038beda074d97f347632ab0

                              SHA512

                              17d54a3c52566b14f87491a939f054b9f19ba5b9a6bdf878f95afe097038f1b46b304631579752be12c5113e0824c6ca348feea488dfa2aeddf53e3de3a02a1d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879bf.TMP

                              Filesize

                              203B

                              MD5

                              c94a76b36ea51a576d67b7d8e4004989

                              SHA1

                              30b65a7f487ac3fcf5710dd6a07ad8c531d0be78

                              SHA256

                              2ca591f0d20d245accdf862fa95d94c2abc61392fb7d241dbbb7e337a1f9fdef

                              SHA512

                              0ed35c2418d8485269d1945010bc0d58d4bba6672f1417c1ed3bb90fcdbb79c2a5f0da40107654fff5dd413a9adfd488cb59fd8d0cc06e4493e4c79252962640

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              542158eec2bf85ad52259fee6f211909

                              SHA1

                              65a3f879c05c792e1f6f63ab3246ab8b006445dd

                              SHA256

                              a4000825bd17a0c7093c18056e2459d2cd6210b3e7113ecfb3c28de0b909ef85

                              SHA512

                              3249dc35b566743b05a0d5b71843b9acd7b08994295e603be78c537104bff50389ac3ff46775139d453ef00e09c939b01750f2bbe13f14a9809a4a740e67e413