Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
0a78386c070b3403ee87813b21223600_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0a78386c070b3403ee87813b21223600_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0a78386c070b3403ee87813b21223600_JaffaCakes118.html
-
Size
82KB
-
MD5
0a78386c070b3403ee87813b21223600
-
SHA1
d465e0340b63792fb28d8fb20fbbf3aaaa26811f
-
SHA256
3435263743a6208babdb1c75bd5f2d752764324222aa66895cc372d53beb514c
-
SHA512
35f5f9924cbe528d3f9a3cae52337bc7db70078665cf936e4e3cd7b492b15aece519f16cc5fe606821bf2b5f70487d178e4069c5e9c0758dde017f893a35385e
-
SSDEEP
1536:/4Fp94yJnuu4F2k2vsKAt7+4O/k/M/x/d/w/f/n/Z/V/B///Lh9Ujv6pSXB5kMlx:/4aF2k2khK6p8TZ9fX3HBKM1/F
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3344 msedge.exe 3344 msedge.exe 4748 msedge.exe 4748 msedge.exe 3372 identity_helper.exe 3372 identity_helper.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4748 wrote to memory of 4704 4748 msedge.exe 83 PID 4748 wrote to memory of 4704 4748 msedge.exe 83 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3416 4748 msedge.exe 84 PID 4748 wrote to memory of 3344 4748 msedge.exe 85 PID 4748 wrote to memory of 3344 4748 msedge.exe 85 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86 PID 4748 wrote to memory of 2620 4748 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0a78386c070b3403ee87813b21223600_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3af846f8,0x7ffe3af84708,0x7ffe3af847182⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:82⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8486052227280397337,4924305274157683973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
6KB
MD59947d728f3388d5b8756f725873cbfa0
SHA1e008e061a0fce79671acebfe917176a936f5bca0
SHA2561b24c6b37122e1b951596915fa65c619061699d0222094665be360293b047767
SHA512e8d50f3726a13b6b17961043cec0c4a9269763760ab7049f064c9beec090a236e63ecdaf0576e4bc3c8295d89288ef7b07e104a08a6771af6bdf04edb55ea7cd
-
Filesize
6KB
MD5fbf8061af6987fdc6acac7f053853526
SHA19c9fdfdffdb334780306049543eb9a2ef6127384
SHA25610a8a54228baf17640bf66e74a4ef75602df339da274354467fa24a8b37fac0a
SHA512813834f187e10ec82e5292dd7f2efc1fec0d80ed540bf7d075b07967fe891c2404a337e953b7665edd82a8c398f13a9c54949871f5e9071f038a0f0d01fdb697
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD54f9aee7ced767d747cc4609689778fb5
SHA17bb0324f4044fc4842c493739e280f3a6229bd3f
SHA2567da5456fce36170d7f032c976da635d4f97ecdbfaa8d65de9cd6bb9e414337ff
SHA512a64652df788ac3f060f5a41dbb2053b2b9901a0fd067d638f4986e3bf26a6634c56ea29debd3112b2f06122c8227fb2cad4e83e2246ff409a055f325951bbb1d