Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28/04/2024, 14:37 UTC
Static task
static1
Behavioral task
behavioral1
Sample
05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html
-
Size
461KB
-
MD5
05690ab6eb984214769fe3ac420d50ac
-
SHA1
404aa146e2408bfe17888ac4bed740c6c2de5c05
-
SHA256
22f37ea68c54451fa21dd0a5828ccb39279fd284f6355ddb83fa185975728a33
-
SHA512
e04341b3eb794b7c767c31174e5985de33d6556f2b7f398b43d556980d93d7eb8463d1d9917478260b8e316838d8bd2b57fb6d17c34ad4cfcb372f78399debf0
-
SSDEEP
6144:SusMYod+X3oI+YXQAsMYod+X3oI+Ym4sMYod+X3oI+YLsMYod+X3oI+YQ:55d+X3j5d+X3/5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3748 msedge.exe 3748 msedge.exe 2188 msedge.exe 2188 msedge.exe 396 identity_helper.exe 396 identity_helper.exe 2840 msedge.exe 2840 msedge.exe 2840 msedge.exe 2840 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2188 wrote to memory of 1916 2188 msedge.exe 83 PID 2188 wrote to memory of 1916 2188 msedge.exe 83 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 4236 2188 msedge.exe 84 PID 2188 wrote to memory of 3748 2188 msedge.exe 85 PID 2188 wrote to memory of 3748 2188 msedge.exe 85 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86 PID 2188 wrote to memory of 3560 2188 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\05690ab6eb984214769fe3ac420d50ac_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf95b46f8,0x7ffdf95b4708,0x7ffdf95b47182⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:82⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,465819260523966511,8529589407212824904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4332 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4452
Network
-
Remote address:8.8.8.8:53Requestag8aq.cnIN A
-
Remote address:8.8.8.8:53Requestag8aq.cnIN A
-
Remote address:8.8.8.8:53Requestag8aq.cnIN A
-
Remote address:8.8.8.8:53Requestag8aq.cnIN A
-
Remote address:8.8.8.8:53Requestag8aq.cnIN A
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
6KB
MD5dca4b6a9072223195020bcf21e53d0c6
SHA1306081da9de1239faa461aa7df1d3e43bb41d59d
SHA256a252e3a9c1c0f7d5d5bc4531a18c5b648eb2389e0c5282506ff61ceec6d91643
SHA5127b02419bba2180eca09efe82c6f2a39d14a11804afb47ed8a969a4457f95b7aea0a59298780cbebe52f2a4aecdabc9b26014f2f5ca932e71bd2124ca045fb482
-
Filesize
6KB
MD55cdac59a2e9a65ebb77b4a78f669aba1
SHA1f84ab77f7f1d32aed25d0b933ab0554ba65ab268
SHA2565162d0adb8cd97ac2bfe122a874a5ca9db8f27b135bfcd5a1519228f84b6252d
SHA512a69b858e164fa38bbfcf17f976611b398dcbb8ef5ed05790b5a619b061c5e5c5be9749e89b7e28d1f5dc1809d5cad5a69c86a532b36740bc2c31500c6420be35
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5aa8e603494cf306ea101dda4a1c1e730
SHA1cca27e8358c4ca42574462c8ccd831d519765355
SHA256bfdd86e51dde2dc3deb87131ede10c753cf4b613b85a1a1c1b6d9ee77d303418
SHA51273ba05abb446657f3f38943dc66abaccb6a38d9c71d127480f691b4f5176b36e0c40f29cb91d9d91c365334abcaca9921ec2a0c2d050a29cc59e8024c0c26c29