Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 18:50
Static task
static1
Behavioral task
behavioral1
Sample
0a5ff15671acecf6c9bdd6e823ade449_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0a5ff15671acecf6c9bdd6e823ade449_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0a5ff15671acecf6c9bdd6e823ade449_JaffaCakes118.html
-
Size
956B
-
MD5
0a5ff15671acecf6c9bdd6e823ade449
-
SHA1
a4cc8f83c881523ef0ccfe68017570773c391492
-
SHA256
c2d8e980e0b114b6a5449911d13ab2c9065dad1f1d733534c2e4718707259d49
-
SHA512
c66e005dc5279eee2a6623de0b9d758d0d7aaff37f9edd8b383fae83e06534cc48f8c1ebb64aaef27d1e2d5a268b2fdad5f5988e753e2f4fa4d8430cccc113cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4088 msedge.exe 4088 msedge.exe 2812 msedge.exe 2812 msedge.exe 3504 identity_helper.exe 3504 identity_helper.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2812 wrote to memory of 1160 2812 msedge.exe 84 PID 2812 wrote to memory of 1160 2812 msedge.exe 84 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 3584 2812 msedge.exe 85 PID 2812 wrote to memory of 4088 2812 msedge.exe 86 PID 2812 wrote to memory of 4088 2812 msedge.exe 86 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87 PID 2812 wrote to memory of 3672 2812 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0a5ff15671acecf6c9bdd6e823ade449_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd1bc46f8,0x7ffcd1bc4708,0x7ffcd1bc47182⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2972 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1591823060086319413,371229355465727249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:12⤵PID:3680
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
6KB
MD5f078ff9538bf2d39139c882beb3cc9d3
SHA10e823d6eae075735cc0e0cabccc389ca1f8c64b7
SHA256a75733102f3e84d08783bbf249f3277d1c81e904595386d29f05a43188bff058
SHA5120eba11455ad27a8488230f8056f560e923d2145c1556456e35fd186264b394c7208203edcd06928f0faa625d0c7e4682125a64d3b826e6ac8d38982cbd71bfc2
-
Filesize
6KB
MD5b895e9ab382569fb851deb505053c985
SHA15bee60c12ef1adf521ba8a056347a4d93c68daf3
SHA2564f2ede7965a0e5c07afc34de92cf9b700c49cfb08287923d9358a3cad9dad9de
SHA512a4b68f58cb9af1ac735ee02f03eb5f99c5ed180f35dc94dfba8240a6eb431dcd5c7c0f64524977bac3b412f510d0b445ecded810389a9971177a8141560a16ee
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD58eb66f1ce1b66a572de15885b84c3b65
SHA1c47f4c1445f730ab244ba5d0bf3c60532196377e
SHA25642cb0988474890919d0a5055042e146fef3e81c4971e1a21697cee77a1eaf2db
SHA512b998320c223f04e966577562c3d2bec0dcbdf7999ebb3472739b9eb4bd08555f62ceb9806c4c771d6569e9fd6bd28a946355c53e3295e5dcafa26cee9d4484a5