Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 09:37
Static task
static1
Behavioral task
behavioral1
Sample
fa0533065f827fa100e7c0b863fb6058_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fa0533065f827fa100e7c0b863fb6058_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fa0533065f827fa100e7c0b863fb6058_JaffaCakes118.html
-
Size
562B
-
MD5
fa0533065f827fa100e7c0b863fb6058
-
SHA1
76dfe24d5e303c6a246e3d4edf284f7557590057
-
SHA256
fea421bb3c02b5f8932e5974464d7b9895114fc5a11ea162f03efc8458ba339c
-
SHA512
c59987d89b1ce656b5e9809e9371e99a37d9650cdaed70fa67e90795ed608851f613d68fee06790f8714927e3f57b2fd9530343d5d8049cccd784d1426461b5c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4700 msedge.exe 4700 msedge.exe 916 msedge.exe 916 msedge.exe 3608 identity_helper.exe 3608 identity_helper.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 916 wrote to memory of 3492 916 msedge.exe 87 PID 916 wrote to memory of 3492 916 msedge.exe 87 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4056 916 msedge.exe 88 PID 916 wrote to memory of 4700 916 msedge.exe 89 PID 916 wrote to memory of 4700 916 msedge.exe 89 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90 PID 916 wrote to memory of 4424 916 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa0533065f827fa100e7c0b863fb6058_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa92ff46f8,0x7ffa92ff4708,0x7ffa92ff47182⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:82⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:82⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13393634340752996283,14516457048640778820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
6KB
MD5e9711c890e0440eead75d7cedc027632
SHA1f353e03cda94e73fcebc20b7f26c843266899f61
SHA256cab9cef34f1105002dfed8795ae359882a48be02be82cd6b7eaddc74aa1515cd
SHA512037086afc0c749905fe3396f5772dbf2b3e7266597e9c2012c47bc851ec820b5de42ecfcaccbec983782f3959c6badcf1cc6ac1ba54fb27bc1b63bbcd7a7e09a
-
Filesize
6KB
MD5fc52fc17ffc473267f2c3a95f807e8af
SHA1b9882b6bb3476e7f31c4edf239af3881cfb565bd
SHA2568c78213d26e9794269f68d80de2b1b0476da6aab8ebd55c7338a8b6d22282edf
SHA512c293167a9efbf4081871b1409e29c613e2f6ff5ab3d6afd83ed0bc7e6420cd9059527cb50e860dd1c1cd94f07932ea2174f2cdc205269079840ecc069aa20ef0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD503f0b47bfa4466a8e51aa97c2bff4f05
SHA1ad5e7b9886b9a7f2e3de39f5370e04aaa155a2ce
SHA2566bd6afec7fdd58db5cac0e722d36e4fb8341b64bb5a1c2e2ffdd93dc79fa1a0d
SHA51281c8d51ec542dacf513b55a10758287b3332814fd3603fb22511ddb7504a121e03c7319c7dbffa3c67317f3760da8c6536d5644a99fb5537ae627a6f71e8cb40