Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03/05/2024, 10:56
Static task
static1
Behavioral task
behavioral1
Sample
1059f92b78e600601a146c4085d16957_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1059f92b78e600601a146c4085d16957_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
1059f92b78e600601a146c4085d16957_JaffaCakes118.html
-
Size
51KB
-
MD5
1059f92b78e600601a146c4085d16957
-
SHA1
3c22fb0467a8ec64e9d328f9911cce0db218a2b9
-
SHA256
4d288faaa95e8439f4ad40e262339d662cd55734c675aa36b1cf27bfe4c7bfb3
-
SHA512
e19f1c22b27a4984aadc323c375670621a118a094a729bb60d1728bb465870530e815083a59758a0344505b585fdc1b87b7f2f1978e3c655994712ceb9d7f53a
-
SSDEEP
1536:FnG0bUe+6+ORRKWjIRhJlFKmE3MWUy8G9sc4wcsVos0IkYxocoU0VN+:5G0bUe+6+ORRKWslFKmE3MWUy8G9sc4g
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1368 msedge.exe 1368 msedge.exe 1960 msedge.exe 1960 msedge.exe 1972 identity_helper.exe 1972 identity_helper.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1960 wrote to memory of 3124 1960 msedge.exe 85 PID 1960 wrote to memory of 3124 1960 msedge.exe 85 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 2704 1960 msedge.exe 86 PID 1960 wrote to memory of 1368 1960 msedge.exe 87 PID 1960 wrote to memory of 1368 1960 msedge.exe 87 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88 PID 1960 wrote to memory of 3624 1960 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1059f92b78e600601a146c4085d16957_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3ded46f8,0x7ffe3ded4708,0x7ffe3ded47182⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11880547245757550860,4564170086087877500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
6KB
MD574da9ba045c80d43ef347b412d474fe5
SHA1360af7047120532b8801cd7c3918030c7a24d511
SHA2560f595784e732f57cdc5b640fa3b405951d6e7c9f523e08025b23075504c0422a
SHA512c16ce5a72524cfa08cb2800932e53814634a831f7a56762029cb6756a7feda06758d29cd284b81a4168efc2c8efb0925ef76d2a905dfba66d8da21c92053daf1
-
Filesize
6KB
MD5aac99ec21cb05ab3782c41ca1f397d38
SHA1fa40679f5578fbf0b936846ee6badb6e085e3f7d
SHA256d9492fc1048aebecbb3ed5a123290ae35a545473df2ff39ece2264e8dc8a4aa8
SHA512ebb19ec4708bea68b4e65eb87e507341d7495e6f4b1041732e19fae2887795026b43b0303e14a158bf45e24744aee4b7d8d529ea1acb8ea5db5136f5fade95a6
-
Filesize
5KB
MD5345298cf3b5fb9f65dc7e91f3921ce08
SHA1b2ea42b94153e91ec12ba75f2386454e54ac8b2d
SHA25671c63018aa36531b058274a4e369ef0f230bb0bf8c2c4a7fc9c173ddaccbe441
SHA512c2a2dfac566ef2ac006eb9f853ee52e577c9cc7b1baf06970a141f838dab73c118553574ece3720ddf1ebfc7af39696a1990f617364289901b7067a3921005ce
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD599ed959308f09d35d0c04a795d5273a4
SHA1e1a6eb7a78c2d8f922d2a5beaa932e8861d2f5d2
SHA256ca9c4711e2432e19b3271e3b3aa5bfc42d9ca3214953a842cd76320dcd536837
SHA51251a53d29e8ec788da29216d4b03ccae9905b8531286472351e5db1d1c1969e898999230ab614fc8ff2eea60a908f954e910efc40d7108918db14c4ab0e7d7259