Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
f92924603e8214bee6ad2c354fbac7a0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f92924603e8214bee6ad2c354fbac7a0_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
f92924603e8214bee6ad2c354fbac7a0_JaffaCakes118.html
-
Size
98KB
-
MD5
f92924603e8214bee6ad2c354fbac7a0
-
SHA1
e4d15cb9a5c855704c591029031a3c44050324a0
-
SHA256
9683796f32f1abda5d6ced2dbd61ac44ab518407825e4ec3b89024fdbebd319d
-
SHA512
a0acdc1d40d2020d7c74ebdeae1a9790822f3c18be193a729d13153773f29d83120e0415677eb395295ab5608a18f56aa2f03fc6ab4f7583de3360ee60cf71dd
-
SSDEEP
3072:K6VSV8VZ2omP9vnJOYmPj1Mz6LQFoV/ZPfq:K4yP9WI
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 16 sites.google.com 24 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2872 msedge.exe 2872 msedge.exe 2512 msedge.exe 2512 msedge.exe 3092 identity_helper.exe 3092 identity_helper.exe 448 msedge.exe 448 msedge.exe 448 msedge.exe 448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe 2512 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2512 wrote to memory of 4256 2512 msedge.exe 86 PID 2512 wrote to memory of 4256 2512 msedge.exe 86 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2168 2512 msedge.exe 87 PID 2512 wrote to memory of 2872 2512 msedge.exe 88 PID 2512 wrote to memory of 2872 2512 msedge.exe 88 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89 PID 2512 wrote to memory of 4428 2512 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f92924603e8214bee6ad2c354fbac7a0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5a9f46f8,0x7ffb5a9f4708,0x7ffb5a9f47182⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10655921678313100935,18089161680751161521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
1KB
MD5cacda9e763aa3c8c7db99429e3f7f09a
SHA16249c8299d960a2764c41e337ae69ce0e2702742
SHA256b9919ba176c5d4720b7d273048f4611fd76a58e9ba7dda103a5369afa12bcd9e
SHA512e555126fac5758cc9380bf77aae4193595652360495f3e53a47349c8ef0b542f38214e54dcf998934dd18acd7d919a34723d78dc45b316abcb944fd7b391a7f3
-
Filesize
7KB
MD508181aff74c41a741f65e0520b708a73
SHA1c113957e1cb207aca7e6eb00161ccc4441b3a61b
SHA256d18b2dcfbc5fd6bbebf9bb3c592d5e90878c7ee290cc41b0263b5a9a3da70e7c
SHA5124748c5029f79f5b36bfad54af9b882c89783c837b29e2e78100729113c553575914d3809016abadb7cb39e8c928a7e48526030d2a1769755e51d5ad64c38e92b
-
Filesize
6KB
MD56283dd8528eef8c20ba74e8efa86892b
SHA1a43b0e68d91a68283ef54ecad088b772549d4ac2
SHA256f21730ad0201eb0f72bbcfe1181da7c4cf8160212908dbd5a2dec8006cdea631
SHA5128ddf3bb3d4ba35661706145cca8ef56337bd1c74e80014b64d9a884cc9a69da71f44cf7d1e0d6fa1cba32ce74416066ee70cc1665fdf0195a639b58480c4f278
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD532c5706cde09bb55e682644af0df45c0
SHA10b93ab4559fc7a96597072d8bb64e1e072d3a3cc
SHA256e37652422a01133ed94f66d612ac430c7c2ad34e4f74ece2b926dc8cf935c1f8
SHA5123e789267c997708379e5c0092a11d3deb23f2dfaf9aca2716bd02d28cf1e16d31fa4ce7918deb2c30bc0d0b1fd76b652b681e05c6c35b4258e2f018848302304