Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 05:34
Static task
static1
Behavioral task
behavioral1
Sample
0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html
-
Size
14KB
-
MD5
0da3da5a25b754827b258c928bc98f10
-
SHA1
5fb09ecb3141b54da739c9b60e6c737b104486f1
-
SHA256
8aa2cc97c4cab990c88064ec7e0e0c9f5b935ddc9410a3d8e0f1f58719978506
-
SHA512
e961509123536c7842df1cb67db0f892efb135bc3d80b3d50e083763540ccbb5d141d1926d15d5223fcc04f33da710e71d8dec9eb798430a972d3a70d7c6b463
-
SSDEEP
384:cSdm54DuuSQvr5V3SK6OQUpIer7E5Gt7OAQDCiMDEO7wtOuVF6QS0Pz:ct54DuuJ3szgKawtOO6QS0L
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2400 msedge.exe 2400 msedge.exe 4848 msedge.exe 4848 msedge.exe 3164 identity_helper.exe 3164 identity_helper.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4848 wrote to memory of 1436 4848 msedge.exe 83 PID 4848 wrote to memory of 1436 4848 msedge.exe 83 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 1932 4848 msedge.exe 84 PID 4848 wrote to memory of 2400 4848 msedge.exe 85 PID 4848 wrote to memory of 2400 4848 msedge.exe 85 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86 PID 4848 wrote to memory of 1536 4848 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9178446f8,0x7ff917844708,0x7ff9178447182⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:82⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
782B
MD54c7f95af5e9fe5e217802e78e845d72b
SHA1c29d3c85ab205172e91a1f97345be5a7c90688a6
SHA256a9af8cdb003e11594bae216bdfc7ab567affc452d930d66a575904b4a15692f0
SHA51257f5924ab6c13dced274dd855710dea0e60102763d103e1c0699aa6af5e5ca7ad4d047ec693e0fec4521223e7405c755d11eef5c4d7630290385cf65809b81e6
-
Filesize
5KB
MD53dcb74611351789fb93ce9fbc711c4b0
SHA1321e6845abd2aecbd10a683e5c5bf3b424ffbc51
SHA256ca8b8477fedecb32846aa143b9febbd4e2b423e0af5dd802e8f4dfde5ed7b46f
SHA5125de5ef50cd52f723aa117cec7bfb168b3e36c324ab66968c8a75d0647fb41c06ecee2a62bb2ffedb25fa585a1a826dc1c8a4a687e673b13c4f4eda4488d430be
-
Filesize
6KB
MD5e729c21570aedfade5be7b1364f8c6da
SHA12899cd0c319d06634fa9dd653078923e2ad2a058
SHA2564efec8453c846a7d877a3c4e0c5d5973841dd8bcef9dc97f590de9f5f852f659
SHA512ebf34d14507964564af95cbdec0c50d1b58fca7e1c25760909f29d66b9f3dbcdb4fa834ee297f5a2427a9237d88a39ddcbe12e32c889f95f076d21c7e69f526e
-
Filesize
6KB
MD5765ba237d226f7eef4047a718809901b
SHA17dcf659304c400a0f90e3c5802a9ed48804b3a0b
SHA256bd6e826bf8c8cf462e5913085d86de40a52771555ff95baaeeb75a46c0478112
SHA512a4d3bd2d4a05b40a4b747b20cdd907b60365b2e21a18dd87e3a2fe08c4ac9b422f1fc6bcb9420effaa9eefe3bf5266f95546fdac40780a40a43f27f0159f3567
-
Filesize
6KB
MD525d751422111caf1cf0c903d5cc9b0eb
SHA1e7c060625c24b73e8842078c946e75f720e7e4cb
SHA256b7b28a241e31397e78541ebf623909ff5e4796415599cc622906392422bc4438
SHA512798f0dbf467afa2d1794b17b1065651b4fe8f82c00170f9d325b5f6f8ce785bb57091e06b22bf4328331cb225143f07caafa066334c10606dfe333446b15acee
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD505dae09db352be6f7678c33f235f3ad2
SHA1495b9857cc51b6b3b38d84bbcd814d92f497b732
SHA256ec54449fc08850ed75849a22193bd5c61252c84e47dce62071367d3548dc8516
SHA5123027632c344c607060b8c379863cfe67d074dd6d3e035cdd1ed3dc34df485be6b1960ea42a3020a3d1129e9d83722a22dfd9cbbe03621009c7ded6b1e19a08cb