Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
29/04/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
080950d3981564863bcab628790733c5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
080950d3981564863bcab628790733c5_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
080950d3981564863bcab628790733c5_JaffaCakes118.html
-
Size
16KB
-
MD5
080950d3981564863bcab628790733c5
-
SHA1
6959aff610774f5bd4063b52f448387bb3a82126
-
SHA256
4f410662296b1ab76672ce7de3cd1859c14560834f295655a7f4decda3bf9c86
-
SHA512
9825e1c103c910e316a49454ee578f0deaf1315b000e165062894c9d9ef33324ec739926df0ff298abab84c2526d2799bad1aea200286b19440da4dc7574888d
-
SSDEEP
384:X28H4dG3/i123OJ+HSBUSq9HI0/e2BMKDJ+lP0Du3BCa3bS9Bv:Z4dP639o022CVb353e7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4468 msedge.exe 4468 msedge.exe 640 msedge.exe 640 msedge.exe 3172 identity_helper.exe 3172 identity_helper.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 640 wrote to memory of 4016 640 msedge.exe 83 PID 640 wrote to memory of 4016 640 msedge.exe 83 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 3716 640 msedge.exe 84 PID 640 wrote to memory of 4468 640 msedge.exe 85 PID 640 wrote to memory of 4468 640 msedge.exe 85 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86 PID 640 wrote to memory of 1756 640 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\080950d3981564863bcab628790733c5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdb7046f8,0x7fffdb704708,0x7fffdb7047182⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:82⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:12⤵PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,14950100044910155795,9672402020293214709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
6KB
MD5eccf5446f60ce81580a8d21181489f55
SHA1b5b0219a99f1f31a1094cb2ba0c081c906c22fa1
SHA2564423c0453a0f1cc805d8316827dc427e4d0891704045bb274a1569cb9b4ffe45
SHA512c4b634b6bded90b0c02d3a1eda4c87e03188627e8b9c426dbf9460ab5e67ccc5550f1b9690359b6bdf9935a097eb53c454a7fbb7e296578c41a34a264c871d8c
-
Filesize
6KB
MD5b03f3b09c5b22bbd7128194aaaff4876
SHA13d0732bbd7b4da27e98d56341085ef1b2a9c524f
SHA256770f2112058ee40d1063c8a9279c811186e27692c7badfbbbd7bb263dfd801d4
SHA512e08ec6b7d531ef7e7abab86ce01dddf0982995b3525908f4bf4eff7358c51689137dd2c0bf25836988d9cef4960216500c7c25e08b8dd610d059095670afa524
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5013d3dd98a69dd226159cf934e35f0bc
SHA16b127133a621ad6811562bda861c7bf6da0413c8
SHA2565764de397f48de079eaa343973e839b1be96def30edebbf29c5042eee69c1132
SHA51226b16d0c6351ee6e16da05cc4529f71e55f45f2984461bca748c4b28eb96b13b3e7d234822ce9b8d1205ea25dcaad3cb2c97eda1db020d3c50a4d18fe7250fad