Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 03:39
Static task
static1
Behavioral task
behavioral1
Sample
fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html
-
Size
393KB
-
MD5
fe5734151e15f7264cce5c5e6a1a7a04
-
SHA1
be1b0268078d721e75554fef6cb2ce94080707f2
-
SHA256
ec7b099cc7f990203ad69890bc780e1ea1907882910a2ae3bdf32bf2ae112260
-
SHA512
f669e65bfd42d452bbea9dc969ec01295de411a3a3b073502ddb412299655d276d63ad042db1c2257c44f084fee5151c75d67af54533f31e88ca599c295f90ca
-
SSDEEP
12288:F5zSS0w7RbgE3Q0g1IPt23rl/ZslohtoG6rel8Bo:/RbgE3Q0g1IPt23rl/ZslohtoG6SCo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 444 msedge.exe 444 msedge.exe 3624 msedge.exe 3624 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3624 wrote to memory of 2392 3624 msedge.exe 84 PID 3624 wrote to memory of 2392 3624 msedge.exe 84 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 1512 3624 msedge.exe 85 PID 3624 wrote to memory of 444 3624 msedge.exe 86 PID 3624 wrote to memory of 444 3624 msedge.exe 86 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87 PID 3624 wrote to memory of 3672 3624 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa917f46f8,0x7ffa917f4708,0x7ffa917f47182⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3284
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51563576cf468fd744c889dcb8cc5dfef
SHA1521d13bc82b35c174d534ea058edfde2038316cd
SHA256e935541d0b3d9037243144452c7f3ae843e91bd8077f7a894a679264e033d0db
SHA512e8826a3c71e6e2defdde7cc201067122c9e7f4c42145ebf57e65c1aa01ca420726552de8b72989d1350082cf61a551ed83c85efe8d30769a0b4a6421bc5c55e4
-
Filesize
152B
MD5bf4d4a5a03d0b8f530855d589992550c
SHA1ce8f77dfa28da9f59484416569493f7f08d13d5c
SHA2564179623794d9f853edc3740c0a9ae2ce2d56d04b09de7c145298af5c439b796a
SHA512dc96fb9ebbdb7cad8ddae46277602cbaf970644747e450d5060241d68813472bb6fb1feaa2285675b628ec33295e6246a7de68ce271de927ecd0e7bfe5fcb2fa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD52e60ff328c6ac20b0aaacb819cf1fb67
SHA1b6f2600101f51b44b7e0c43dd3da24c1faa00cdc
SHA25697228cbb3b204f7e8aaaf8ac63ee1faa9aa056d4e924e12ddeeac7cd3231c050
SHA51274a0e2f0595aa5d1e12a129074bf8d51bf56d3711104c2cb6fd7a446eee18aea2ce5b3dba4689c036358609f99e86307174f1dbd5470731cca2fddb2699a707f
-
Filesize
2KB
MD5223b5452904d003ec749cce7d0311dc2
SHA1cca28a3f6ddf50bc7dc87a9048beb867474fd870
SHA25639f7de9bb89ac9557c5644d260d9bb46c114e7447bb06b543dfd5d9caaa78f01
SHA5120257221473e3debd85923bb79a53e2d32378eee5acec97506180ad3634fbadcff4cc597e12a5b00d788ea6584fa5d21ecc422c2016a1fe1d1f3bf9b6f77a9080
-
Filesize
6KB
MD592b489f1571cce0eaa49117090baa187
SHA152375004801c20bc9ee6f1cf650fd236041e833a
SHA2567023497e9e2cce966921278000c48a15ee9fce3fca6e5fb2fd53fd7bcbfc1a8d
SHA512856f99f92a78ee24ceafd55b97e154518046d1686e271abb0bfadf7a5eef16346856680f445643c3d5418344c0d33236384e84b46821583773dbca1c8a27140d
-
Filesize
5KB
MD5e62e66ed8fbb6959843d8eb288880678
SHA18c3738b7b8a5e50ea7ec1da0ad257df7059cf74b
SHA2562876afab3aa487d1105ffe24cb365500f96811f1beea63616cfe23f9dc47adcd
SHA5122902904d083acd1f81d77cb84412b36181ed8a8785e113778777c4cff78aab4740afd504cfa3e60185c230333ffb8cda3c98510f3948475a9858e38cebd5dc33
-
Filesize
24KB
MD556311e099ce1ae1986c467079845fc44
SHA122e1e12e4f107e893f0e3b0778b80cb9b76a6915
SHA2564de8cbabfe20889599fe5d076573d5ec2ad60b18d502d3df500489e0f5fce6ad
SHA51217afa96faa5192766636e60041ea822b2bc5ce99313c97d4aa35f02d93cb95a7c622a442aa95cc2c6d03af9cdc49b9102db849f561a0829890bdc5c28161bbd6
-
Filesize
10KB
MD5d775b86b69dbbcecba847aaf318f2371
SHA1822aae137c4c8453e7ffe6e942b118404f55bbd6
SHA256a61146ba3d1189881ca62652a5029d667c3f375ab9d506187cbcbf157d7bb6d1
SHA5120195c24ab3e55899d65483d8863cb7a21622de602c523a00be626b153bf96131651aae838563c7811848c2dda6a77bac9440f8a32437017229231875703fda6f