Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 03:00
Static task
static1
Behavioral task
behavioral1
Sample
f288c2596d392f8429de7bdb6a112121_JaffaCakes118.html
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
f288c2596d392f8429de7bdb6a112121_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
f288c2596d392f8429de7bdb6a112121_JaffaCakes118.html
-
Size
15KB
-
MD5
f288c2596d392f8429de7bdb6a112121
-
SHA1
4df5005e000d6b9f59270ab11b35b8d7d47accf3
-
SHA256
6b024102a894d3659ddca5ce2eda5578c44692a569493a0828a21f115621a3ad
-
SHA512
b6787d9dbecbc7d8a92884e40c288c4e959c005857cf2906bc73ff7f861a58483468c013f7edb6734ed195c8e9630096d788acb88a963f8d1624a0985019eacb
-
SSDEEP
192:tLWIt/Pw9Vw4AngsutfylPXEqu1Tj/l/Kh4+3deeeIKzY/l/p:tLF5w9VsutfylP0qaTQeeeIh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4828 msedge.exe 4828 msedge.exe 3592 msedge.exe 3592 msedge.exe 3904 identity_helper.exe 3904 identity_helper.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3592 wrote to memory of 716 3592 msedge.exe 85 PID 3592 wrote to memory of 716 3592 msedge.exe 85 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 376 3592 msedge.exe 86 PID 3592 wrote to memory of 4828 3592 msedge.exe 87 PID 3592 wrote to memory of 4828 3592 msedge.exe 87 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88 PID 3592 wrote to memory of 4940 3592 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f288c2596d392f8429de7bdb6a112121_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d6b46f8,0x7ff80d6b4708,0x7ff80d6b47182⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5495721794265543243,14824830561602144784,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
6KB
MD56191c49c4bcf50ac97f47c8a2070340c
SHA1a7a643bfc1082c1bfec8efa0c439308e84a57ecc
SHA2567658601aec00afb18d67707911dca9d7c7be66aee75264491c2e04350636bfe6
SHA512b0f1ce8d28e138ba42ba34ed845fdbed9bd84be7ff4f24aac63435b92c39045bdcce245e7c6c725e8e81fe6bba07b15a510eb002b13e1098780b4725a328b922
-
Filesize
6KB
MD5c8dd8ed23f4abcac014a6d6795ab2585
SHA1b745a52975686e61692b850ec8c9fcf615936db2
SHA256f8af88bb2cc471ab6df6a5bd742c7943abb8540ca416240df07b427a13ee5f36
SHA5125af98bba2ca0b7cd000bead459886f37d8c2bf89ccc0776c652ce7f30683a1832aa8be02525d1253ff240f047aac49ccad0df507b1f173c70d5058bbd8a393a9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51d8264c3e9d03d07e6c6079610f0dc82
SHA14ca93d0dc0b44e9b75093bb272e45ff8c05bf0c1
SHA256067f65cf496e8d755d628cd4c3a80029464ed891904c1ab8e1714d2a3123c359
SHA512053d11ed87cc8639c8bbaffd1090aa99334e4c87f64644c1dc77420dd6c2bc7e35ce9cd9940ce25952614d82febc61520ba95234a65b6f6c2b53345777dd3232