Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 14:07
Static task
static1
Behavioral task
behavioral1
Sample
eb3e1e7d9aed813ef5978e1b439d5730_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eb3e1e7d9aed813ef5978e1b439d5730_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
eb3e1e7d9aed813ef5978e1b439d5730_JaffaCakes118.html
-
Size
123KB
-
MD5
eb3e1e7d9aed813ef5978e1b439d5730
-
SHA1
95ebcd9eaac26b6a9a3fbbcea019b78fb056d860
-
SHA256
f526f19f19cbede60e836a78851380f0e53d2e5d3904b008b840a1f39acfe954
-
SHA512
7671f0d7712f382236d4309eb2fe8a27a5733b8b4b7f7dc3242d6eae1c303e7c306e843535cb812e73424f1a179078cffa963aa9d753ca702fdb84eb850918a3
-
SSDEEP
3072:oKeRTRGGApi/ky8IDi1xzvUQ96N4EldlMP8UkMgx8dsRJ+SKb6RfWp0M1dQBhh6i:oKeRTRGGApi/ky8IDi1xjUQ90hMP8Ukn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1972 msedge.exe 1972 msedge.exe 3008 msedge.exe 3008 msedge.exe 3928 identity_helper.exe 3928 identity_helper.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3008 wrote to memory of 3892 3008 msedge.exe 85 PID 3008 wrote to memory of 3892 3008 msedge.exe 85 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 2968 3008 msedge.exe 86 PID 3008 wrote to memory of 1972 3008 msedge.exe 87 PID 3008 wrote to memory of 1972 3008 msedge.exe 87 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88 PID 3008 wrote to memory of 4568 3008 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb3e1e7d9aed813ef5978e1b439d5730_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x110,0x114,0x118,0xe4,0x11c,0x7ff9fef846f8,0x7ff9fef84708,0x7ff9fef847182⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:82⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6920119760094789522,4862264072818572364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93aa32c0-e793-455b-ac43-77040aa12e55.tmp
Filesize6KB
MD5d13b02c0807a051c908bf319466ca4a3
SHA10627bf2b95da031c94c5fbfdef39db7bbb19c48d
SHA2568787ca9567e6659cb2f1a7a3d511ae8371fb3269c162e2dc418b210a749cc0ac
SHA51211a927eb7b7c632258e12ead88aacf7d3b815dc0e537c72cca7b1cf53d564b50ee407f101cec0f0b730289da1485939997bc2482983d71d0a10c423e89e374ab
-
Filesize
1KB
MD5841614d2bc4cc44ca9e44ac17f5620c7
SHA18ae082b50211a86c29bde91f1bfd5744a19ad20f
SHA2569de4406708e615f381ad98433d3799eb0ccbaffd3f8e4f17af182d0b73650d7b
SHA51289f38522e92ec8b3ec95175ea5b2f8edbaecfe2b539e889afad6aa1d8a58327e31a9314f9dacec8325f2cd03fa5f992cab04e71f844d4498bd3baf0b07b4f117
-
Filesize
6KB
MD51ebc68add7361a93824f8214c48a082e
SHA1cd07fc944206f4ac60238fddc2afa972960e0ef2
SHA256817ac9c1c5d1b5727c33a91f34a0a3e6a1cab1f4a60564f3eb6a4e473c0b10b6
SHA51271a673c420166b60419012fce4626d94de436db2c0e073879f6c249ceaede6732f647d0286b8660f50f367ac966d759a9b23e57f781db6d7a59b4e677c3a7bb2
-
Filesize
6KB
MD5a2203f7d35011b2409c094135f66f9c1
SHA1c98629cbd99be342eaa2fd6d37937aecbf36e2d9
SHA256583e33f1e43c0297b2f5e9d6b7c221ae0941664491f9ab83b2d6a4b4431a00ed
SHA5122f0e222d1bba7265d28f85e75879e67b408e7307133ba9f6e5db41a6c301da4cf15b63cf45650d7b4bdd42f1534fe0c12924f937f403674113d5730864ef4029
-
Filesize
203B
MD5ec5c01df2f0d9ea4493d2f6c092e5d10
SHA1cd99d6cc68cd0033091b5cf01f76082ef2bd37ad
SHA25662d1d6118fc48211ced5271173517e88aff0098475043bddf5ae3218e1813f2b
SHA51289064be45dd2c2b4b4fc77a92477ed942d5513c9c6932e58c96c975bad05d9e8b996fe7f7814d56f5c02845656278a4ab9cfe174df278de935ea7c784b25ee27
-
Filesize
203B
MD5f5eb0c3202f50c5c9060f3106a2bfdb3
SHA1fb7af849444c29d1542b8d77679c93e2e5f7b73e
SHA2561ecbb15507057d2119e142ae3099ce17db75a5ef29f8838fb97e352693b7ec75
SHA512492b4c7b5eb47aa57f55b36d613b10db6448c75486d393fa20a52e7ad76f27123c66b6eb4c30fa4e3698ea41419fcce75082ec20d1708f1d7498660f924d94ba
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD575d304b9448963b479e97dd74268867f
SHA140add9d76eb13bb6f1bc40510ef4f494fc7a841f
SHA256e63a8bfd7e5e1c78c14c20497a25b0352971832e48a6471f2333d6a79a8bba5f
SHA5124d2251907bf5a5dee7c5a2aeaa11f67a54d1eab7fcbbccaa8a71c133b3c87d3af77dbc54446a1b609d308829c87e808ca2b0bc60cdb3688db5de39c7912bc391