Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/04/2024, 09:48
Static task
static1
Behavioral task
behavioral1
Sample
e72d02423f8c3a1b2b41876f61881db3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e72d02423f8c3a1b2b41876f61881db3_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
e72d02423f8c3a1b2b41876f61881db3_JaffaCakes118.html
-
Size
82KB
-
MD5
e72d02423f8c3a1b2b41876f61881db3
-
SHA1
439985dbdd4daa09800d9387df8229718df7e3d9
-
SHA256
d3ca5634cfc646ecac0d5729c8ee7dcb931c42ab12cc1ac90ebeed8789f050b8
-
SHA512
398af6853c830f6cbf12fe6ef47dcf574bfd44b6bde5d607c98f7ae61b8cd1800ad346e3d949cf0ee2bb940c3d64f9af34aa32c2a9b7100b29c97bcfe97ddd7a
-
SSDEEP
1536:z8TEdoFGw9M4pQrhywsx9BPTz88gZPNmsWvjYBrF0EbgOvb4pYWyVvg7Pyt1/zB4:z8TEdoFGw9M4pQrhAzHgZPNmTj4gf728
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2572 msedge.exe 2572 msedge.exe 1592 msedge.exe 1592 msedge.exe 1124 identity_helper.exe 1124 identity_helper.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe 1592 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1592 wrote to memory of 2496 1592 msedge.exe 84 PID 1592 wrote to memory of 2496 1592 msedge.exe 84 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2184 1592 msedge.exe 85 PID 1592 wrote to memory of 2572 1592 msedge.exe 86 PID 1592 wrote to memory of 2572 1592 msedge.exe 86 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87 PID 1592 wrote to memory of 4804 1592 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e72d02423f8c3a1b2b41876f61881db3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7ad346f8,0x7ffd7ad34708,0x7ffd7ad347182⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:82⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:12⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15864790352332244697,2215802978269226687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5617ead2f60d4f9586c21421a40528442
SHA10b750cdd88cfc5d100e646ee6aa6b273da6d8e0c
SHA2562a2ab9e35603acf5f22d063880fcca13c2721eec1db5e0ffa54ab020a9d5dda6
SHA512f7c6d2f3d2b0ff7eee6ded88c9e13febdc13ab0e911a1cedb69f8ced4dbca67a8813438136129d8962b7d4fd3f33cdea4aafed2091904704b154f8f313ab0b2e
-
Filesize
6KB
MD5b924db05838e247eb7aed47d94ba9e69
SHA1c287983219010860da80479f0c48820cb787c900
SHA2565ef2d710c0017637483f48118c36bccd9c5bd1e5f9c748611685f340cee4af97
SHA512ee2dbbc3ac95d0401df7c14893efa592187074ff65402d9591242c67ba4d463d9a2140fb7e6ea0bae067d408ccb7a9b7f319f949b9be81024a10a838349f983b
-
Filesize
6KB
MD5eae26a045e58b234168a438e6364824f
SHA14ce778a0a5d49d1d25bb0b39d58b30b490e716ea
SHA256daa6882acaf8b29fc367f093dfeb8ed8f7e5ab3776423b6a7dd03e6ecb24cff4
SHA5126bf6a9280143048160dc4d832cfaeacee6465efd5a87a378bd8ddd92a0fd5e0eeb631fdc0a339191989cf3393195e1fc3ed3d379958da51b2bf8e10307d2b4a1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57e4d8dfe7febf476557d85c153244330
SHA1320b3cd13f32cab735395f8c6db4718bd3cd898d
SHA256d65f85a42e9bccea2cbbafed5b5131b8b644a7e098a900a36ddf44ea4942d3bf
SHA512a7e56e8f3535f7c8cffc746ccc333422c4836580cca0be63da9a685bf83294039a094e7816193f6f81e3edee5c898038d44ef69bc567c0c51c5f363613d4cc03