Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2025, 11:59

General

  • Target

    JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html

  • Size

    53KB

  • MD5

    56979e6edd5099eade8957e709cd4a93

  • SHA1

    926c6b11c6c60a71dad54bc9b5022b94a1f3cdda

  • SHA256

    02b3de34d4aeffe1aac481ff33f8d998bc08aa389f93bfdc119dbc84a923eb91

  • SHA512

    a14da94682d3bf39f8abd9ff967e620275b09259615ad1fcf6874ba9edfbeb832a157d031ac6ecc3288bfe41dc35ea6599c7533255eace9b00e4858931a33b7b

  • SSDEEP

    768:LpGhKRcghp1Np18hKSVdNVPOMXdRl3oFv+Hm6KDssMtle8D:1vp1318ISV7VGMNsWHm6KwsMtleY

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_56979e6edd5099eade8957e709cd4a93.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9831d46f8,0x7ff9831d4708,0x7ff9831d4718
      2⤵
        PID:2876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        2⤵
          PID:3456
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
          2⤵
            PID:4828
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:3428
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:2772
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,4659441588725015940,18368534841488202699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1508
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2320
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1092

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  bc29044ff79dd25458f32c381dc676af

                  SHA1

                  f4657c0bee9b865607ec3686b8d4f5d4c2c61cd7

                  SHA256

                  efe711204437661603d6e59765aba1654678f2093075c1eb2340dc5e80a1140f

                  SHA512

                  3d484f755d88c0485195b247230edb79c07cc0941dedbf2f34738ae4f80ba90595f5094c449b213c0c871ade6aff0a14d4acfe843186e2421ccbad221d34bf54

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  709e5bc1c62a5aa20abcf92d1a3ae51c

                  SHA1

                  71c8b6688cd83f8ba088d3d44d851c19ee9ccff6

                  SHA256

                  aa718e97104d2a4c68a9dad4aae806a22060702177f836403094f7ca7f0f8d4e

                  SHA512

                  b9fc809fbb95b29336e5102382295d71235b0e3a54828b40380958a7feaf27c6407461765680e1f61d88e2692e912f8ec677a66ff965854bea6afae69d99cf24

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                  Filesize

                  829B

                  MD5

                  bd8d91bf840668104965725978a3f76c

                  SHA1

                  dd291003dabaf54d1379c91efb29631d0819fa7d

                  SHA256

                  aa144d186a03824aa061635ce4c351430ca8df74f369aa1d64d07cf9355422b1

                  SHA512

                  3fc7e70644bc141f53051ddc47f1ad071e3e64e509a4e73539b47abba538a58ac2d4b5dc52de803b8e294ce7edd1065da8914c3eb8bc0834475ec2bdec6f0947

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  6KB

                  MD5

                  d1666c069eb67c2f56ca0d789fa46768

                  SHA1

                  e0ed460cd91cae38f064c8555a2bf816f7dbe23e

                  SHA256

                  e7093e86b2ab6180b681cbbd06560fe26d6561feb408833b9c6f57ff9e349b07

                  SHA512

                  6e1b450020892593409b4a06f52cf409571275ca24393f833062b7ef2ca3aa8a249a2d13edb4bee22c0c3bd1ca32a0b9a0e742035d1c58f3c784c466f90b891c

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  7KB

                  MD5

                  bed12c244ccceb02598e54c9f09aec7a

                  SHA1

                  6a92d5750f15510908b3fa719a4c1dd83b2fd307

                  SHA256

                  6c8047565ef19db3deb4b39bb27c642c5184a23692cbd841917410b0aa19a09f

                  SHA512

                  9fc72d773475864c09351af0faa2ef9bfac44cb371410341c991f9d830881b2ee062c7ca911dcb647e964e4a9930ce9cb41d81526f54c80dab78cead183ee553

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                  Filesize

                  10KB

                  MD5

                  6a27ac376248060edb3ec5b8674d16f6

                  SHA1

                  2b2ecbd0db9b00129855cfecb1df53b0cfe8c0c8

                  SHA256

                  8e6de3afd61c6dd667eb4e7791bb5ce1e1637d89c9d22fa01ede09963eac4f41

                  SHA512

                  2125d86be8f4cc3ca9f033926e71d7112ea30e869c74bcb7a24fa0d4482aa837141651dbf5edcf7911a9a203154428762ff0968f1879087944d28eb7d6ba9d57