Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 16:27
Static task
static1
Behavioral task
behavioral1
Sample
ffb39346d128f25308bbc544a5644d6e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ffb39346d128f25308bbc544a5644d6e_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
ffb39346d128f25308bbc544a5644d6e_JaffaCakes118.html
-
Size
4KB
-
MD5
ffb39346d128f25308bbc544a5644d6e
-
SHA1
9e47df27187d6c6da4a40b280755a7b83f863d81
-
SHA256
68bbc9b04cd25f20bbfe0f645354649b28c36f793d4524318552941177602490
-
SHA512
f2079a856cee3bf7b3253b1e12e12a7f4478049babe34a4d7fbb8fd88a6a98bb480a0a7e04c13f76d1dd6cefa6b4a58fd4e79f270adb09f8e6ef283a4062b7bd
-
SSDEEP
96:2avJRmele4b9oGaVzpRPk34000diFk3yzpEa4000Da4VnrVqVuU5:2avJRzLb9oGaVdF000diZdo000U
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2060 msedge.exe 2060 msedge.exe 1516 msedge.exe 1516 msedge.exe 3048 identity_helper.exe 3048 identity_helper.exe 1092 msedge.exe 1092 msedge.exe 1092 msedge.exe 1092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1516 wrote to memory of 2404 1516 msedge.exe 84 PID 1516 wrote to memory of 2404 1516 msedge.exe 84 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 1616 1516 msedge.exe 85 PID 1516 wrote to memory of 2060 1516 msedge.exe 86 PID 1516 wrote to memory of 2060 1516 msedge.exe 86 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87 PID 1516 wrote to memory of 3996 1516 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ffb39346d128f25308bbc544a5644d6e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6faf46f8,0x7ffc6faf4708,0x7ffc6faf47182⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1524,12483381356736673707,7514967453699051549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1092
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1252
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58f38951143ede15b2f00d3352e458d47
SHA11130065985230474657d5f744e99312f22c69485
SHA2563a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65
SHA5125376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57
-
Filesize
152B
MD5b533661b945a612876de1e58ce73d065
SHA1d93286945efeb7f33b49f8e594cdb264884c827e
SHA256e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65
SHA512672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a
-
Filesize
5KB
MD5a96e8f0e0b020d0d9c5e9c968a819d31
SHA17c05cfa49ea935363177f67fefafda6c9e10b84f
SHA256af1619b3602530f2ee64bdebc949884c7be78b1f13e6d58bddff3671bca58c19
SHA512361e30c2b386dd86840a6202fe809ff9978b7d33995c4c73b654c606d2dace88ffdbe82571a82ab8e83a546c8ae7d596a732b9ddc625c5af13e1bec7af931de0
-
Filesize
5KB
MD54571dea7097cb93c8d8a9038fe16c952
SHA1e3eae5375a15bfd654fd67b0b050041081b4642f
SHA256c0f4923fe71ac77fdd99629c46fa08f4043af00c0b388dd0c66d585ed1b5dc94
SHA5129c4fab4b50a1dfddd3d48e17be55b2ff7dfd5d28cbba2176719cb0e32d02ead569eb0fd1d1a5f03d9ddc1c34102135aa79ce5dd9eb349305c251bbe912680dbc
-
Filesize
24KB
MD5eba8517f3652641367e901d3a54f7581
SHA1fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6
SHA2562d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388
SHA512da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56fcb4ba0bffdfcbe5ef493742f5019da
SHA117c96fe39c76714efc26ff69c85ccb4a6f101fa9
SHA256f0d247ad362ebca0766fcd660a0f7c484c23129f32e0e12de47f4497ce79e764
SHA512836e2c56fa24f418a63a77de83f108585956c2c58f7f243a77215bd1c6758a5cdb47b68bc3889fac87985fd52453f95a0760d950042247b90c5e74881743a77e