Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26/04/2024, 09:33
Static task
static1
Behavioral task
behavioral1
Sample
007b3ceca0207c412c455aab71154c9f_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
007b3ceca0207c412c455aab71154c9f_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
007b3ceca0207c412c455aab71154c9f_JaffaCakes118.html
-
Size
36KB
-
MD5
007b3ceca0207c412c455aab71154c9f
-
SHA1
93dfb3c1a6a4f72cb92195a109fe180dd51a009d
-
SHA256
f1fe82448f82a1f25d6063c1c4abb73f46a6f5d95a84cf42486cd0512bbbbcdc
-
SHA512
2dc99e0d6bffa2f57882ea66223849bb2d818beaccf51b3c8a5b0e1ce2e418e6605c33aade75611d7506765c8ce9aa3950515bd5b5166faae3b5d2ccce880ef7
-
SSDEEP
768:zwx/MDTHxp88hARdZPXcE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRJ:Q/HbJxNVNufSM/P8wK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1976 msedge.exe 1976 msedge.exe 2960 msedge.exe 2960 msedge.exe 4436 identity_helper.exe 4436 identity_helper.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2960 wrote to memory of 2440 2960 msedge.exe 84 PID 2960 wrote to memory of 2440 2960 msedge.exe 84 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 3968 2960 msedge.exe 85 PID 2960 wrote to memory of 1976 2960 msedge.exe 86 PID 2960 wrote to memory of 1976 2960 msedge.exe 86 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87 PID 2960 wrote to memory of 1264 2960 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\007b3ceca0207c412c455aab71154c9f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa377e46f8,0x7ffa377e4708,0x7ffa377e47182⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,12116011260181336812,1167811249903773939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
613B
MD5d79b4cd9e39ff5f7b7130a14f51b263a
SHA17b340d65142c69fb27a05e77bcde27bb2f16daea
SHA2565715589030020d1c2e5aeba88b0fa8c33acbed42b00085db2cd1db4778a2483f
SHA51200374325ff307a07a0f5e131948d1f28d0591ceddd6d501eb4bdbab6f0e7df5122513d5168bf2ab578766d8b7fc2bc66b7a1e6999badaf71755b1e67bf8f6ced
-
Filesize
5KB
MD50e11962a9f6a4f8596bcd0d07a75d2bc
SHA16d57c4ea836304b9fef3c3718bda4456870c9a93
SHA2561af5f016b7fbf781af7ba5734a0d119125d393a816ea2bf363db169cce3d2192
SHA5122c6ae31828d537a2733809ecf182cb3d8e648d1542855bd8bebc7968a65491f5338ddf1be8a1fcd9157af6c64705ea59234c18d463a20c9740a05d5698fd3c13
-
Filesize
6KB
MD5f29926bc1e4ac268e462cb31429ea3cf
SHA1df0a296bb258976eb7a24b039b3784b43b14c04f
SHA25664c96a77612591e90aff72a6a326de46241de384f6f2319b7d181c7eadefdbcc
SHA5122d6951371ebc1b671018a74faefd91309459b88f4488fc3458c500d22b6f665955b3e0944e87e0b692977d4504b54de9a78568c798dba13323c9bec52cf54d52
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5bb138f6757e9475259da5991c1523799
SHA1159cc61ccac3f4035522759801fb07d248d8a555
SHA256299d5958e9b2ed04bfaf32b883103f1227776cb7da044d3f39a86eb93fae7e73
SHA51215ac0f990b379ea8a34205791caff8e3ab601de70c7ac60b9482dc58c3ab1ef29deb4db8f30ce95d238847971ac50c002c2020d45b530970bc369aa28b1831c7