Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 05:52
Static task
static1
Behavioral task
behavioral1
Sample
f0765a476e65803a1d6b8fe21c6d0155_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0765a476e65803a1d6b8fe21c6d0155_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
f0765a476e65803a1d6b8fe21c6d0155_JaffaCakes118.html
-
Size
116KB
-
MD5
f0765a476e65803a1d6b8fe21c6d0155
-
SHA1
85a95e1f0125c23dee5652ebddfc2934bc6adfa6
-
SHA256
e670c456923780bfd93a6bce70310669b5bb69029c9d44b45cd46226bd9ea3c0
-
SHA512
7941cc3d08da6b88fb27649a859f56d48f541573dbde3f89e661c6744af922dcf589cab6dae3e84d0d5d5f0bb3265606f9e1ee672413f37d7b7906a1bb945a3b
-
SSDEEP
1536:PBSYt+Is1ttU4BSlp4g68rSHakzmOHO2avD7yfVESdAyfIB+Bi440MLW1D6lf3D7:PBSYrl4Ehrz/bIh1/rWHE/+aGx0K/T
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5096 msedge.exe 5096 msedge.exe 216 msedge.exe 216 msedge.exe 1392 identity_helper.exe 1392 identity_helper.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 216 wrote to memory of 232 216 msedge.exe 79 PID 216 wrote to memory of 232 216 msedge.exe 79 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 4600 216 msedge.exe 80 PID 216 wrote to memory of 5096 216 msedge.exe 81 PID 216 wrote to memory of 5096 216 msedge.exe 81 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82 PID 216 wrote to memory of 4820 216 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0765a476e65803a1d6b8fe21c6d0155_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc631f46f8,0x7ffc631f4708,0x7ffc631f47182⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17514246122994778610,13299693700958350249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5348 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dcf7b7f6db8648c9118903ae11d4ba7f
SHA174265dafa33994ef7148111bef9efbab6e3795bf
SHA256e37da26dd87b61af0f60814c294039c308daa1d9854b4b9329d4f0f73390fbc0
SHA512af9feca3a642b8b75de639cf8652772b3cd8af45071125b2f0e3a6c9dec6f29d304ce6d73c43fdb43d0ee1d10295700658104d5b0b6ab775440f2b9ded3ba406
-
Filesize
152B
MD5a1c7c8628309cb2cba92459fe2e71e8e
SHA1baac2923b088bba88dfd7a31f555fc3cd2c3c377
SHA2560090e38f869c2dd4de536e6753758ba86bac959f299004a1ab3755f3e11a7657
SHA512c958c4e8ed85749be852fe1c1d53f97b23e76d9bfabf0073a5a3a7c5b12f556da74770fa748b5943723c5f8b7b87bdb6bad35c4adff4f89909e37381763f3e92
-
Filesize
316B
MD5843bb3dea3c2c3a091da8221a5bc35c7
SHA154e739dec2c8b20c3460ee83c44f1e24abbc7d75
SHA256e3b49c8824a26eaae9e5ebaaa9f503545970ba6f3b5189ab13a65732cd61008e
SHA5122f9999fec7dd9b6d30f183b3a82236dcacf053d51c8141ea9110d071ec2981a42e467e3f770349e37138680a860346b10cd449342e6622be3046b1ef7c54c658
-
Filesize
5KB
MD5b1bffedb340c3dc54f0beddc37e049ee
SHA15d75fd3576ad32da9eee6bb20ed4f95801ff34f9
SHA256486889795a1ab269f9e183668886e835656e9ca5236a249c3e5bf018f12e7d48
SHA512e7df649167abb05008162bf963bc5c039ca3505c8244bf54dbf5bcdb9df2d74205e1a89c87f350676868a01138b7d21ca52e1ec329908cbee2ebdc779162ac7a
-
Filesize
5KB
MD538c79e0b5508bcbfb9c649bc1b64fd50
SHA1292f895d231ad6d6849462551ba3945e5ae07307
SHA2562d5dcd31f93e13e8ec9538316df5c23a143eeaccf06e5b736b7aa6cb0db4b455
SHA5124a559de6b794b148711c682b315f03d286d6aa3be23d25a1ddd04fa8c4a3489cd421065e761ec49560d926d2c71831b5afc783554dceb1d107e32e22f4bbb9ff
-
Filesize
24KB
MD5f62f39afecefb4d599158edd0c332ce3
SHA1c204efb7df0bfa812978506a3e6fdb88dbb2e2a6
SHA256d0bfca70a679b26ea7ce6cada90113f728e32af376c90fdaa6b9f8e1c0e316d1
SHA51209ba87ba4c25971482b8c7cd78361f9cf188861b36f72c0391bcf8d8cfe2e362a17c281e044207fafedbbf863653185bf19cfbb79756a8bebe7f57befb9a771c
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD52dbcd74bf316651dc7315b865672a3c4
SHA1184d6c36af9928cff4200377ede12d72fb952899
SHA25636c673c4222db16c7fdfaef7c7a2d7017a3d18bdad0071548af7881912ae22aa
SHA5125ca6c4d0191b44802fad7f1b23d4115a73cdb92ae2dd6b711af6c3ed9f4ce8f6203b816d4dca3b2d65c644cd718d343ddadca1b48fde96041fe15a348ac63129