Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 21:29
Static task
static1
Behavioral task
behavioral1
Sample
ec07bffa756ea9ecf4e3235ea8125eeb_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ec07bffa756ea9ecf4e3235ea8125eeb_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
ec07bffa756ea9ecf4e3235ea8125eeb_JaffaCakes118.html
-
Size
94KB
-
MD5
ec07bffa756ea9ecf4e3235ea8125eeb
-
SHA1
c772fd87c703693d6797c5b24b617593213788d5
-
SHA256
85dd6e7a2676e698ba3749376cb18fb2550086a02ce0df9f00a076fa26edf667
-
SHA512
08d26b05719b201e39c92a26376f46beea514f78a0cf3ac86668aa08efd09d257fdd6bf7771ca125f44188221be81ddd5762490b797c1dd04197e1122d2091b4
-
SSDEEP
1536:PmhQ+BHKMRNW71uVo6xV3VAhEER6IAcSwhqb8jVw3vzo1MH7lhqNmKGGGCRPF2Zb:aFHK8WBuVLN2w3veGtCRPF2R1AcFUSrj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 3320 msedge.exe 3320 msedge.exe 3776 identity_helper.exe 3776 identity_helper.exe 2028 msedge.exe 2028 msedge.exe 2028 msedge.exe 2028 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3320 wrote to memory of 2576 3320 msedge.exe 85 PID 3320 wrote to memory of 2576 3320 msedge.exe 85 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1448 3320 msedge.exe 86 PID 3320 wrote to memory of 1224 3320 msedge.exe 87 PID 3320 wrote to memory of 1224 3320 msedge.exe 87 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88 PID 3320 wrote to memory of 2220 3320 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ec07bffa756ea9ecf4e3235ea8125eeb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f3a46f8,0x7ffa6f3a4708,0x7ffa6f3a47182⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:22⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:82⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10682325370942259443,9971522541545415331,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
Filesize
904B
MD5bfaf3595583f73b0e9a4a6f0209ec266
SHA14f90c3017b00df3d32a9bab65cc9f56454202021
SHA2561c798448cb728758aeaf3c77ca2a3b31d4bcd4e9759c4d48cf670b4614da7ee8
SHA5121fe70d0364be8b86fa14ab8fa373af7edaa6bbb0d51f44489fbc28c7266a9e3cab023411b77cb74ae0a726a26f8a4087fca61dee982c3e55427cf518d9bd8aa0
-
Filesize
873B
MD5c7f3e09f30d3b98ac78e13287fd921fc
SHA1dea2270e0eba9a8d903cc9f0d8ef62cb812939f3
SHA256caeedd2acdb7c8898be8727b25c11a2f2ebd2077749a49fde0245cadd8b947bc
SHA512ffbcc554d1a5eee878c8c1adddebf88e756ee8da6dff81b3ddba1b78e319b6464da7c1018171ad229681ac03d6c5074158cfb0496d5578f3846c4f76dcf28fec
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD562f838895729126a1cc2f8748e816351
SHA1b719c84b13ebab58e3a6bcc19abcdbcebae6879d
SHA256bca506091033f6c55529b5eea191f5031cb3adbc8594eb56febaf7fa818b56d2
SHA51230547ca95d093669b7cab554c13fbf9d639c16658272bd1153253140a1c24ce0e11ed7dbd1bf5fd6d738c2d54e6c2003ee7e028afd717af008d4d956b0cca3ec
-
Filesize
6KB
MD53b8739a55efa8b521d7ab01a029cb24c
SHA114fb91f2186c4229389681d860d3c5e9507c0482
SHA256612a63b55edfb464d567c5db2908a500b76da1fd4fd71f8c08d2409dcd070e4e
SHA512e4b0d6712ca621dcb1895cec6d8329f3c73662ec34de3a68786c0a9deac62efdd41e3a54adc5e3c056a7ec92e2963a529f575749f2ee24f3fdbd7acbe4e92b5e
-
Filesize
6KB
MD58ac632a47a1c9cbfabc5d5d83f77fc78
SHA16af1c6f8ce0b984209ce2bd253bbe70549032dc2
SHA256a716ead031f8e9188eaad33fb943988ebcedd420c76262413d08cfbe5304111e
SHA512e1c050221e4d7dfe3cb82b84a0499498de510182b51537a80d6cef90ee74e0d875f73b313932975fae8bce3c1c25f4ef0081df75418fae71cdb67175c5e4c6e5
-
Filesize
6KB
MD52307d9012c67502cafdd34b486bf670a
SHA1e3c3b95dca95c92fe35df5104c1dd957920368db
SHA2569c672e49fa276104ee8ef879be05758e995fed123d1c86298b90b97ec7390b2b
SHA512e0293cd55eac9182d3edcc77c7b331e8b93b34a60e32de0749e4f2767c086eb96d6b19d76cd6e051dfc797e0e5d8d88ad70ae7cbaa41a6d2dc8291fea13f7db4
-
Filesize
539B
MD504a9a493948b7436ffaf224a535da2bf
SHA1436decbbc1a3eb590ed21654d710ab4b96d43014
SHA2567bdab90a275542c83c372baa46484de2dbfcc2d699e4f90c71d85f86a6f54a1e
SHA5120723e5e096481506c05de669c24291895e563501d0a000dce36072b0f905b1cc9df63a2150d6f6e0c67cd8102b1e110b267a401f7db32fd62cf5228fa553f014
-
Filesize
372B
MD566a8ce2af660d7b7e3f4f51930c258be
SHA11877d4dac077679bf75c3ecf1b7252b482c41346
SHA256139031ebeda684ac88082114c32300406af8613c08b8070675ec72cbd03cdc30
SHA512b123d1eac5a8a44a9140ccd5a6b2fafdf095c879ffc6b43305e40ecdde5f59ecc71195fdb190aca860b413681c24ffd7e4d63ce66b40ebc83750568f5e685a1d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d898576742562b3dd77170f89456566e
SHA1939ca26fc8c85042ecd09dc8c2ccf40990d57d7f
SHA256d9bf086df829445e178b51a5b7382081005654440f57cf0bb5db2ab8fc24947d
SHA512f76b48c71853295f6c8a4bdaf6f0a8ea2e33a6dfe0e8d8fb7d4e3dd96da45d5d3b1acbdbf2d7ff156c6da236ae6900a8bccb0049854b3ab2234a7fa56406f5c1