Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 13:29
Static task
static1
Behavioral task
behavioral1
Sample
f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html
-
Size
53KB
-
MD5
f5e238523e781005effdcb0e27218b8f
-
SHA1
394aab32f80d6478076402f2b7d54d6f13aca7e9
-
SHA256
e01b517c885b54227084ef2cbc60e72ec85a67e3c8c7a7eea1b8b71ef825b998
-
SHA512
db998518e5d7cfa56cf23a7d076e42182865db1c9f8e84bccf209d7178317de1896d8d482252fe4393e42c407fa699bbb8067fc0672d976939cd8a8ec5b06bb1
-
SSDEEP
1536:9kgUiIakTqGivi+PyUprunlY863Nj+q5VyvR0w2AzTICbbnoB/t9M/dNwIUTDmDi:9kgUiIakTqGivi+PyUprunlY863Nj+qx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4904 msedge.exe 4904 msedge.exe 2132 msedge.exe 2132 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe 2132 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2132 wrote to memory of 4352 2132 msedge.exe 85 PID 2132 wrote to memory of 4352 2132 msedge.exe 85 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 2956 2132 msedge.exe 86 PID 2132 wrote to memory of 4904 2132 msedge.exe 87 PID 2132 wrote to memory of 4904 2132 msedge.exe 87 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88 PID 2132 wrote to memory of 4908 2132 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe47182⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3216
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a9519bc058003dbea34765176083739e
SHA1ef49b8790219eaddbdacb7fc97d3d05433b8575c
SHA256e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b
SHA512a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53
-
Filesize
152B
MD5cb138796dbfb37877fcae3430bb1e2a7
SHA182bb82178c07530e42eca6caf3178d66527558bc
SHA25650c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd
SHA512287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5
-
Filesize
601B
MD5e546622dce6a9ad9b56184cf50c4046f
SHA1228d13e5525e087ff96b3ed4bda1946bd910a144
SHA2564561a42f5eb70a4a7b62f5b17231bc61466f82052b214fc77f6a637ba4187ef4
SHA512185569bfd4ec7c17abf9c3372c854f79bd505e19fab9c6e87c9311a68f61dcd0aaa271381ca6767de53c56b7f7faf772776457468585523d71adebdc77338356
-
Filesize
570B
MD5f05dd25fa6f86747088e819ef0516969
SHA17beedf24769b3b486b5a3f912423504ad1f60d58
SHA25660be46778c97c32529c8bf57e09633911244bddb0d4bc8d70a5e94e6431bac25
SHA512a223ef659064b3be3ffbe392d66aa5d54e7fadb15eb7e65e85489d10d262ccba3931e9e32707db3e1e47944854bbd40726336fc80f3992ee8cce32f36b86bf50
-
Filesize
6KB
MD5d750db96981893fc557811651974129a
SHA136a5826a864aa77f33bc8c0345f7e31fe75c505f
SHA2565f70164ef09bbaf41db3139b8c6b3b7126c2c92529372dfe34ec676b031f8fcd
SHA512a10fc1853f4b04f6f93c8b681257238c01f4e9f97f282c197c3cd16106e2a684927455564fb9f09d6c12bc59c1370906641c6786519332adb90615f1c1d1de95
-
Filesize
6KB
MD580d60a5d0a31c87230e61a9ae27fe882
SHA1c83c47f33ca28357a0efef2e95e9ac55306083fd
SHA256e58c383a6d83c94b4f1f8b6c5bd3a5f593867b805eedaf7ba8d6a60b3dfab812
SHA512878c4af2445253f92adb9d3257d54541feddb8dad9d744daf5c3df6838211d828a609a9f73735a1d3beac8863700808015efe554bbaaa3b793f839f8367f2ca0
-
Filesize
6KB
MD5722a50c9506f248b88ef858b90dfe2d4
SHA14cbc5d8a0ee8efbf5be5ffc947bfda1a321ee3a7
SHA2561871b70520f87fbc07bbd5cc54b3dcf1c1b6e80288a5124129b2c6c136570513
SHA512e7be0abf91b4eecb6acc31c68d2a8644f1c86dda90548be8685937e2f59be03594500426a3473fa6c0e4962ab08bae425fd22600ca4664349778136120c0a1e4
-
Filesize
11KB
MD53f286848a0c1d3e90c90167eb0c247ab
SHA1ec60804488444e7dd85885d22c3be8b0721f3fdd
SHA256d30f228a2f3f56fc334ce34fcdbee82142f7e921d1aa93a13453883ec4c00cfe
SHA512847a7ad24526fa64de3450f06e98f8e0d78017b2995afac8e3937c473683c8da37b7a903c3ec1367c44fa34e8bcc7503a4cbc7b5956000885834301fa89b701d