Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 07:27
Static task
static1
Behavioral task
behavioral1
Sample
0de19b6964b8005ecc32106d504c8ac3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0de19b6964b8005ecc32106d504c8ac3_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0de19b6964b8005ecc32106d504c8ac3_JaffaCakes118.html
-
Size
301KB
-
MD5
0de19b6964b8005ecc32106d504c8ac3
-
SHA1
0f359cb0fd66ab888c44df087a5d797052add1ea
-
SHA256
f27683999c4a5ad369462a9735d621f27e79d123fa914fbc5812c4f43ece5ef3
-
SHA512
e31c767a779833d4b5bec11496790e0c42372b84c345a6a928d4e0f26d7595b2b86de65e5ec64fa865d7561e6544f742bee51e93cce07520964692b228fc0ea9
-
SSDEEP
6144:93uw+yjs1yH/ql76kfdfkjMnqRgX/pk/OBdaYdvfNswdOYb3FQwATNu:93uos1yH/ql76kfdfkjMnqRgX/pk/Sdd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 636 msedge.exe 636 msedge.exe 2584 identity_helper.exe 2584 identity_helper.exe 748 msedge.exe 748 msedge.exe 748 msedge.exe 748 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 636 wrote to memory of 2816 636 msedge.exe 83 PID 636 wrote to memory of 2816 636 msedge.exe 83 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 1104 636 msedge.exe 84 PID 636 wrote to memory of 5088 636 msedge.exe 85 PID 636 wrote to memory of 5088 636 msedge.exe 85 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86 PID 636 wrote to memory of 4436 636 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0de19b6964b8005ecc32106d504c8ac3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9026146f8,0x7ff902614708,0x7ff9026147182⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16055283833784414679,13708518578167318675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
32KB
MD5f48baec69cc4dc0852d118259eff2d56
SHA1e64c6e4423421da5b35700154810cb67160bc32b
SHA256463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c
SHA51206fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37
-
Filesize
556B
MD5d310152e8239c1f96aa7aebd3c3c1b59
SHA1bd0ef389c8fa577f79d4abacbb510037882baaf7
SHA256bae751249eab7858fa09dd73fb1bb54539d079b842b4a94895fe6656bd68f553
SHA51284af470ab0c59c962ab8149f9e4d9e3fc7b57fa2884dc4b9cdcc1cda3b21ee28cfaf51fae11e44df9357f2ec61e3a715c18b55f5ab2d00fbeb8c5bc57c304c29
-
Filesize
6KB
MD559de50baa4aab5aea8cd4bcfcc2108aa
SHA107f459c667afc9d77aa8db5ce81c8766e010d96d
SHA256edb7182ae0ea1b59f72fbc1785348301ba9c9f243327ae95813ad9603a1e7c2b
SHA51289eccb5a89afcf62796bf7d117b97a0f699ff5a951fa271900cc82490a6333b3f0999cd7f29ffe681fda9e6dae2b829c9a7e8fc1e7dab8f3aa6886ad983cba21
-
Filesize
5KB
MD533cb07d688134545517097f4e54684d6
SHA1debec94d8ae7e7db55fe65010ad2af1e26650c74
SHA2561cbf10edeee81633e6e494b86e570f9e2eb221f201ed9e9780acd389c5f14a5e
SHA512b7ca6f362312f55b4f9a44d0326d5fda1bac65a67ce517ef0e68e60f5c93361a8067637f7fa5048a0073711481b0ce76770437e01661eb5ce74a1fb54e44c3c8
-
Filesize
6KB
MD5a0c38588c6b212bc9784ae6de0976109
SHA175fc54210b926ae8fe3c7d1c8031bf8219a1fff0
SHA256dd3bd5c858725210ee5fc9591a28b5951de45c2108f3921409dc4acdecb8b5c9
SHA512e058deed65367c07e9c4a79c3f0a18fbcb3897b8298290c193b495d5545dcdcdf34fa6ecacb787846051dc750ba5fe1e9bc6ddbdc1d92d112d6d96345312d62e
-
Filesize
371B
MD5b3dd72c2ff88a606b1fcf081f0b5f01e
SHA1501597a4a2cdfd62a4f61163ec8efbc48200619a
SHA256d2e103518993bcdc1705a318520afafc8756537834db54b0b22201d693618fbf
SHA512e1bfb5daa8165af3715d2a2e59a3dc8affd859b3813a499472b10e5babe56ed5c6465364a21d18270cb86d507ac1818fedbd795cc53d3e1f675a46b868e9da00
-
Filesize
204B
MD57a1a9959c899f8b51fccb4588de01c7e
SHA108c8e30e85b712044811f85b07b545356213a449
SHA256401d5360b3b702ae0173fefdba8734da45361d6fde69c61743cef8d64da7a2a8
SHA512f06ecbc080d91eb2cea463a321340ff954df7c72c18921572ef2443ec69d774417920a969b09acbd5d24646135db0fffa24160f76d0f32caf843fbcf43bfd89b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54e22c537f566fe4a8a2dd7666d2b614a
SHA1837e9118a607ec3bcc0041a3c636532110427a04
SHA25630c583a09c2b27edbb4f3753f4f5f2181a5ccc1afc3052772e1f08d89fba5fe7
SHA512b9c20fa81c9df2043b09e1b341540eeed23073ee19661b384c1a5137379beb6de159dfddb512f94bcdcd1a5354889067955f9ae13f848ab3597b887e2e15fd1c