Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 14:36
Static task
static1
Behavioral task
behavioral1
Sample
eb4a4253098e85c922186715574894d5_JaffaCakes118.html
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
eb4a4253098e85c922186715574894d5_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
eb4a4253098e85c922186715574894d5_JaffaCakes118.html
-
Size
87KB
-
MD5
eb4a4253098e85c922186715574894d5
-
SHA1
021f896649b9451b90a52ab9bd36d29326d360ac
-
SHA256
f4497cf385fe7d13d43fa95c24cd55eb402cb1186c97499771fb5928105ce2e6
-
SHA512
770bca103320a4febd5678d2155c9563a937a9af51ba3691c56cde0ccdb0fd69688cae7ce4db63ff7c909e57f9a456336b3e5c9d981016c023d5760b859be501
-
SSDEEP
1536:/RxJpLXbqr/pkDo8gad2vIK4v+biGWUYwO7MtzavHOqonIr7w:5dLXgCE8gXsvsCwOw0HOqon8w
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 3000 msedge.exe 3000 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 3756 identity_helper.exe 3756 identity_helper.exe 3896 msedge.exe 3896 msedge.exe 3896 msedge.exe 3896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1220 wrote to memory of 3124 1220 msedge.exe 84 PID 1220 wrote to memory of 3124 1220 msedge.exe 84 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 2232 1220 msedge.exe 86 PID 1220 wrote to memory of 3000 1220 msedge.exe 87 PID 1220 wrote to memory of 3000 1220 msedge.exe 87 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88 PID 1220 wrote to memory of 1832 1220 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb4a4253098e85c922186715574894d5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad5df46f8,0x7ffad5df4708,0x7ffad5df47182⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:22⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:82⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4908
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
Filesize
1KB
MD52a95b91fbd082d0622e67007294b82ed
SHA11dc2bea20b6c8667f285f8dffcd520c83b83198a
SHA25655b3eae566905c626c267045f7148ecce65cfc84935ef0a167a1126aacdba0c0
SHA5125ca24b7582d89aaf3ad833dd6584a52e36b0a5d65645768ea99cfa16b3f2de91cb58c29c491f7f908edcd2b3bd658c8564c3ff67fe2709ff61a34b3bda023048
-
Filesize
6KB
MD5aa9efecc113c43f6d65811bc4fa7dc46
SHA1851860312af7d768537335db5a29304c816b6f7d
SHA256fa68ebd27e1cb94d5215c88fb175ceabaf0e80762f08ec57cde2eec0e73fb86b
SHA512b1a1d90cdcbed3cd95a5c6e60a4c13f03ab85310daecbdcd68a8734884a85cdf746fb203f2426cbb139eba3df04485c5a5b83959e827fc8fb8150497d8fe33da
-
Filesize
6KB
MD5b0862eb767ceaf60a9bcfa118cc39925
SHA1935b3f70f9f56e5bba285f03ba97e93d6d748edf
SHA256d2c600b4d565e3b81da56e5fc962d2319fc5d7aedb6ecbe5b2cafcffcf460a32
SHA512f9ae41307a32f16f3332e0e002197ebb90d809cbb20a87ea96926d9a08f04ba91d75d275c78fe5599165810eec116e9829639093bcaa87d777d3a707cffb48a4
-
Filesize
6KB
MD509c36a073f3c3db66cd784d0fba42c27
SHA18021b915dd42c7fd4f88078670030f1f1c57f21c
SHA256a1fdf885a898686e3acd2c23280fcbde88a4adbf4e2e9b454011432de61898de
SHA512cfd0413dc91c087ac74c317bf4ec18853e194275190256128ba3adb9000489f21420b3b9dfd4eab50ffdc747f755d2521d746f64ee9d30029407d6f553db9831
-
Filesize
6KB
MD56d1a60b7322c0db8c49b57041c045528
SHA166b2e76080a4dee72f690d8a4c86885b8df17902
SHA256297b30b4f32baa5649a5102ae3d65d2ef1efb282b11d0b2c8ba4f80173aace1c
SHA512e5eac64a87c9278f9d0d3d2b91fb24e97a36a697124a29dd3071e7630687b076c5fdab6ca4863e366081247f52777b0ab0dae236e6ac46b975b1e7a232b558fc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD595147e72c019b68b4279393d64a899b1
SHA17081bb68e98e38d008df585c02a1e96f539cd5cc
SHA2563bc3e80c965433bafdbec66a71c00dff762496e497bd719edd97a8602cc15371
SHA512114562b975d1cf730f757dac98a3128f5f3d844fee0b52f67c671acc3d624ea6697496b81b0d64045c1a8b6135b271c76dddc8fac40312ea2551f9833a3e5214