Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2024, 21:06
Static task
static1
Behavioral task
behavioral1
Sample
00138e9c83786cf7e940faf24a1d7cf3_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
00138e9c83786cf7e940faf24a1d7cf3_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
00138e9c83786cf7e940faf24a1d7cf3_JaffaCakes118.html
-
Size
2KB
-
MD5
00138e9c83786cf7e940faf24a1d7cf3
-
SHA1
e93deb25574783851c7e9178ab3c3f6878f05f9a
-
SHA256
bd014f1b499402654366249e83df0ab2920966b7a475f078a3c03a5b5b44fbaa
-
SHA512
7d9c82e35d1f264faa043782dc46d0067130ca6477695db71c8801dc8d6117e2f1b040ce5d192172db4147ba046e8767298e23458d659415d68ee5f44a26295b
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 640 msedge.exe 640 msedge.exe 4276 identity_helper.exe 4276 identity_helper.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 640 wrote to memory of 3316 640 msedge.exe 88 PID 640 wrote to memory of 3316 640 msedge.exe 88 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3448 640 msedge.exe 89 PID 640 wrote to memory of 3500 640 msedge.exe 90 PID 640 wrote to memory of 3500 640 msedge.exe 90 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91 PID 640 wrote to memory of 3380 640 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00138e9c83786cf7e940faf24a1d7cf3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9ca246f8,0x7ffd9ca24708,0x7ffd9ca247182⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:82⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8283220120413671060,16638969798921340178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58f38951143ede15b2f00d3352e458d47
SHA11130065985230474657d5f744e99312f22c69485
SHA2563a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65
SHA5125376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57
-
Filesize
152B
MD5b533661b945a612876de1e58ce73d065
SHA1d93286945efeb7f33b49f8e594cdb264884c827e
SHA256e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65
SHA512672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a
-
Filesize
5KB
MD51e0c652aefeb2d1d7d808649d97713ba
SHA17d65a0b4939989fdbb4ad3e392426c5a375a3384
SHA25660d5a960f085d365f4816157ca0ece0f201ca4a52f4935b8e26ef83c59057996
SHA512abe00930c201dc8cdb1d58260477746e2df4ebbc08221bdd36dcb7557145edba0e26ab806339f3e31e955a053839be0e040b1f6e7ad7523a0ae3831114f82ca7
-
Filesize
5KB
MD5cb708a721d073c8584a00a24a156ef4f
SHA15081b88426b9b53e506442f2c675d8c2eb18c323
SHA256ca767ab7f2af777d0a4262bda14e8f6d872378008112dfff3789bffc092a7153
SHA5123d72dd3e440f3fd2bfefff1eea56037a374d097cca993e1c09d79d56feabeb54fdd856c3d53333396edc5afc15805c8a540df5f9a7c231e2e2914c860924790f
-
Filesize
24KB
MD5eba8517f3652641367e901d3a54f7581
SHA1fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6
SHA2562d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388
SHA512da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58598bf416fadf7759ec60ffa740681d6
SHA141178fd842f01d4ccb4fa9fbf319b21c1c9f1ba7
SHA25619c8798c7b6e9aaea0451dbbab98700266b26e35ff3822780581f29b835889b8
SHA5123db26a26d610e38e2c425d6b689b8c64be52fe0385833f08fbc54267fa7ffa197782d41a918035f66ae3ebcbdd722942f1b16239d122a4dc894156eb87db2172