Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 13:39
Static task
static1
Behavioral task
behavioral1
Sample
0ea72a2dc73f4881d98d4dfc06e69ae5_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0ea72a2dc73f4881d98d4dfc06e69ae5_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0ea72a2dc73f4881d98d4dfc06e69ae5_JaffaCakes118.html
-
Size
2KB
-
MD5
0ea72a2dc73f4881d98d4dfc06e69ae5
-
SHA1
f5fb66df2d6efa0a3a1c78587e0f9683d5efafa5
-
SHA256
792ee6bdfdb2160e10775dcc2ba26b1d9955216296e1dac4a56ada13e412a9bb
-
SHA512
209912724e051e2dd7f61604fc08759d1aaf838f9e2ee530ba3ff0083e0150c1c79c20f10a9f8042ea0271845afe712fdf2299ec269ff7c7896931a1974f9630
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 976 msedge.exe 976 msedge.exe 636 msedge.exe 636 msedge.exe 876 identity_helper.exe 876 identity_helper.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe 636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 636 wrote to memory of 2616 636 msedge.exe 84 PID 636 wrote to memory of 2616 636 msedge.exe 84 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 1516 636 msedge.exe 85 PID 636 wrote to memory of 976 636 msedge.exe 86 PID 636 wrote to memory of 976 636 msedge.exe 86 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87 PID 636 wrote to memory of 3448 636 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ea72a2dc73f4881d98d4dfc06e69ae5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa184e46f8,0x7ffa184e4708,0x7ffa184e47182⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 /prefetch:82⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:12⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2575146317444828247,9133866111381748806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4716
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD5a9f838469fed07ccd5da6955e01d9239
SHA13304425598dec310417ab17c87583791bc11dca1
SHA25688350f1c86bbb2a1827ef73b3f2f5408009e9ab5364b03a1aefb5b871942e8d4
SHA512759ff576ade7281e5b66266186a83dbc0818ba87edeaaab3a1d40b9278a03bc0c2edf7027a0daf10a41474d8da50321a12cebaba6df0ceff6b2f5b8618f596c1
-
Filesize
6KB
MD584882709077748d6cf27d0b325c18716
SHA1d9e83cf06268c33c1cba0121b5d986d7c11602f6
SHA256ff7ba0b7632a81c8151bd35e25e4f83e965ae6fa5c94a05ca4306f4b4fde7e81
SHA5122e53fbdab06742a5b4001507172514c6465af03b1f60cb90f1d3de67ad508542e6217d204200e1cdb2ab6a533bdd77d5ad8af033c05c0c65e996281ee77bc53b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD506ea512f76d5ba1a8a3fd54331852ae2
SHA14511aa47871905e275ccfa2aaa71758c29d57540
SHA256efe53d4c66ef31c44e67ee6ff5f8280c505738f05d254548170aff438797d213
SHA5129eaa1a6e8b74dd0958c9ba99b8c7b8f1c91313bfc31d0ed5459f99b5584f12ea0a28e548a41fa0efef6fd4666a5bf2b30782df6f331ad6ab26a175d74c5fb3ae