Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 11:53
Static task
static1
Behavioral task
behavioral1
Sample
09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html
-
Size
36KB
-
MD5
09b9c10db614542604b9c010b3dac2c0
-
SHA1
658bdf1144ca5e0548a0b18821b3363e62a1644f
-
SHA256
e945d0efc89cf3ebc0eef2accd82c196fbb751fca8ae05e02cad7bce29979611
-
SHA512
57de9a79a03d90cc4e4147f1a4ec5b3b1e768a05f5c2dc019b3131d2f39fe21af914ce5fc31cf2dbd062ca7c28ec927997e4ff376597523b492c8880e2a8bba7
-
SSDEEP
768:zwx/MDTHWI88hARqZPXBE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6T+ZOk6u3l56lLRx:Q/3bJxNVAufSI/t8+K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1192 msedge.exe 1192 msedge.exe 832 msedge.exe 832 msedge.exe 3628 identity_helper.exe 3628 identity_helper.exe 1608 msedge.exe 1608 msedge.exe 1608 msedge.exe 1608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 832 wrote to memory of 740 832 msedge.exe 81 PID 832 wrote to memory of 740 832 msedge.exe 81 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 2576 832 msedge.exe 82 PID 832 wrote to memory of 1192 832 msedge.exe 83 PID 832 wrote to memory of 1192 832 msedge.exe 83 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84 PID 832 wrote to memory of 1568 832 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d847182⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
614B
MD5b1ed6b0bce4dbb21754fa7f391eda305
SHA1e6954a74a64e667b2b6b9f16d26973cb6d5eaffc
SHA256990abaad88da6dc6b06bb0fb3f31460ccc89fcdc10bc469ace2766af632b89c1
SHA51226f45b12d709bbfe5857f670bd47d9c50475b1da2285a7772be35e1e50e10d6aeaeec8708913216b8e4f3396cb590305b7c11744433b075b26e4c51fa8b170b6
-
Filesize
6KB
MD5fb835e0520229b87bf31cad0dc703829
SHA1608f7f6531c63c00175bebc6c696bc9143fd2819
SHA2564ed531c8c39ae41ea184b089f200ccd04e3af19560f4db00a62bcbeb0d83cf21
SHA51287aa021c216c76197a5d9ce8d2139f98ec7023ac0ead1f70fd76baf6b81de2eb60e2471c12f095cd8ef7117539ad5db53167266cdd239936419d47dfae6a167e
-
Filesize
6KB
MD5fd19289549b219f32bc8c5378a0035d3
SHA1501f14d143b7f17082bb79dc72fd3f507a5f91ba
SHA256f53f5ea17c434befb8a805267fb352521a7cac2c23c86d124488aa51e2a67c63
SHA5129bdff3c189f032a085fd6c313a6fbd804daebd20df8ea0741d3e9d817ba6a98de41fd0fb7f807c8903a8e53f682f71a66408bd9e7024d3ec15490ecf0da7d71c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ac8a42939096e1b8151b8d67ea42779e
SHA1bf59c2d844cdf8801da5a32f52bb81604854c64f
SHA25615400f3c76b94d8d1e85f54dab9f8294a7ec72a2c402c898df5d40b4e6f69e44
SHA51211971fa92658a1ec15243ccf92ad7131cfadf543c6d00b9e47b0d1aa0170dd21cd8a0891892e690988b59b1557e42e6def1e7665e067acac4253204641be0e97