Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 10:18
Static task
static1
Behavioral task
behavioral1
Sample
fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html
-
Size
4KB
-
MD5
fc88fdc974fd2355fb0b8ac87510540b
-
SHA1
0e5c760ac82773835bff0c25593760e74b903b61
-
SHA256
3bbcbb64807f6fc1166f4849f1c27829c356838eb313b7ded0a2d58975db036c
-
SHA512
541d5319b6a78bfb4498b6c5f351a2a751daf5612c9b6847fab60b9a18f0a1d643092dc93bbc81f452ee4d837bcc21dbe3f68783fd162941acab3071a4784f25
-
SSDEEP
96:86/zTFKdyJiSKUmU19C2JUoYl2ing1eJJJGvBdOwdOTjUdOMdOSR1dO2f:86/zTFKgJiSKUmUlM+eJJJ7Ej
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2856 msedge.exe 2856 msedge.exe 3820 msedge.exe 3820 msedge.exe 4840 identity_helper.exe 4840 identity_helper.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3820 wrote to memory of 3952 3820 msedge.exe 84 PID 3820 wrote to memory of 3952 3820 msedge.exe 84 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2208 3820 msedge.exe 85 PID 3820 wrote to memory of 2856 3820 msedge.exe 86 PID 3820 wrote to memory of 2856 3820 msedge.exe 86 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87 PID 3820 wrote to memory of 4620 3820 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21cb46f8,0x7ffa21cb4708,0x7ffa21cb47182⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57b56675b54840d86d49bde5a1ff8af6a
SHA1fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA25686af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA51211fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9
-
Filesize
152B
MD548cff1baabb24706967de3b0d6869906
SHA1b0cd54f587cd4c88e60556347930cb76991e6734
SHA256f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d3ed85b-4918-45bb-9a68-c859975bfa0b.tmp
Filesize6KB
MD51ad89c4075a386007f5fd3b7c2992955
SHA1ae6251d5730529436beff8b401d274aada43083a
SHA256d35309b08c9f817b8809941c575005d56aa30b7425f5e463ad00359c61128b98
SHA5123f71437682b140426d74e7d765f936daa36cbbc4d39b5ee387580a91c5a9bb4b8a35a1bdd1a03950ccf2ea94ba143ecc9ec475b390980104d702a12d7a5544c9
-
Filesize
568B
MD55ceed50eaff386332ff44dc99bee4fd3
SHA11208aea05e59d0134fde6f411e4716fe1a9e8174
SHA25608bef83f153fffd54136cd900e4f2d45843553baf7f9195a8bf996d25526280a
SHA5126c1004969ab54162d277a6c4f964018db1091cb550d42238204306b7e278f41256c58bde3b361c04b5c328d4c9d5438798dc576ee64f439a0358fd039a44c92d
-
Filesize
6KB
MD59bfa530dc444922f19b7c9b238444488
SHA1d5c706d9598be618833831a0e9c6b023d4a2b608
SHA256df4602c301cf8f7bc9f73f9fa05a1c9bcbf66f17293bdd8b8b6249b2aac5a689
SHA512674aefb1147641443c1f9ea78889c5ff6b4a58cf0898ee8678d85977975de057b5593f65452336f33bfcdd8ea61a2387edd75b79dcb2886239b98fc5dc775108
-
Filesize
6KB
MD57236f3487880ca88beca00a750ee7b5e
SHA17b142c37d7a1ab207cb5005f9a6148e5daa518db
SHA256cbee51386c9c295e00f0e56e95de60a4efe974a960273c202b6160055bd72303
SHA512d6a73abfa822308966b050fccd49df5eaa373bfd91a816dd4c1a705d974eb1a5c323a316e598b2ad998e6546506cdcc86268175eac5b4ed278633f2133ee2881
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fa2e99ecf2fd62ae800b6181f3ca064a
SHA1ca147ed06d58b8e41a9cd3bdfa48e7b4d889e34b
SHA25679b4d8d72b3b073d0941151fa06697316102e0ec29dae000e3790026c13592dd
SHA512c2187b26d3900254a1960adc3f15249ad90f95595ecf833c351ce282b8bfc7934dd23ebbeb1c2f0176165e5b24c2eaa54242cb57f7ed9d211f4104a605c1533a