Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26/04/2024, 08:29
Static task
static1
Behavioral task
behavioral1
Sample
00604a921b38ec529e620800c2d42e55_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
00604a921b38ec529e620800c2d42e55_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
00604a921b38ec529e620800c2d42e55_JaffaCakes118.html
-
Size
36KB
-
MD5
00604a921b38ec529e620800c2d42e55
-
SHA1
2089ddfd20f2a2fea14865d3c59afd334177bddf
-
SHA256
bc7ef68978f372c1a6b1f0f54bf4a7368f129ce249c3887103656be2167466be
-
SHA512
7dd906be30a30b4739857ae6254a58d2640b68c1062c95c39510f39574820f50f47aa91e7f7d7f374d3cca8d7ba190e261ebdf24c6567eb0e7b1c17a0dae6ac1
-
SSDEEP
768:zwx/MDTH3P88hARkZPXnE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRcM:Q/vbJxNVuu0Sx/c8/K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 1400 msedge.exe 1400 msedge.exe 1000 identity_helper.exe 1000 identity_helper.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1400 wrote to memory of 2808 1400 msedge.exe 85 PID 1400 wrote to memory of 2808 1400 msedge.exe 85 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2100 1400 msedge.exe 86 PID 1400 wrote to memory of 2200 1400 msedge.exe 87 PID 1400 wrote to memory of 2200 1400 msedge.exe 87 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88 PID 1400 wrote to memory of 936 1400 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00604a921b38ec529e620800c2d42e55_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0d1046f8,0x7ffe0d104708,0x7ffe0d1047182⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
613B
MD5dd8c122c7af29d06f8c33b7d3ecb3e51
SHA11af0fc2d17d110a8c9efa09c8cfcd3ee47e7e75e
SHA2564950b7a0281cad8b2b9195a782e52cfa6dbf0ab3e21bf3c443c835d9f28760e2
SHA512ab4425a665636bfb1b555e16ee2e7ae171b3f3938f3d87ecbb91fd62066483bc9190d4a276796428b8462e91aa003dd255a082aa572b9bc662910a710a233345
-
Filesize
5KB
MD53bf5b539e1edc3ccc136c64f194d2e9c
SHA13e6cf346858a461ae427c939b3f0fe228ce711b7
SHA256d39dfe9bfe962a337fb20dc2244e59199c6b40faa962d42d3d6c2e14bd03c291
SHA51216b082f5817046ecd2aeeed46858812eefff91200193b5f845d45ac227ebf6323df6f6580ae4f754bc0b97239f72567ddbd914a5932dc0e7f1c6d1a8041a7e56
-
Filesize
6KB
MD5c14acb9e043b65636be098afd8f9dc09
SHA19eb58826537edcc337a0e852659e89bbf5a4f973
SHA256b284ee27abb8350e947bae78fa0d77bbc36f52c6d4a0fbc25be06ec01ab43296
SHA5122f9bddfb68c86ff5210643dd0bbf674ab0e2a96a603ca5f5792812cf267f13e99fc3285da8c7d1e8ffe7dd771ad29b5d4d8ea713ee302d3ebb0425c8cc9ad459
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD57c57be72379674fe4dc65e4526794662
SHA13bbf3b0452e77312383bfd4948c5e67c86b3ddd1
SHA256deaffa4a327d3819a1eb0b8faff24e0b1deeffd34ab4f299208d2a7cbf987407
SHA5127a98fae52fc5888d72b4aef9a3d0b94fe2fe532a172db03375233c5c065f61197235668fd20ea1be0ed7d7de5d5580a0740cb1f96b9f53f8095f57c12e67a7fb