Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03/05/2024, 11:06
Static task
static1
Behavioral task
behavioral1
Sample
105de1e9aeea80faf4c885b2d2517c58_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
105de1e9aeea80faf4c885b2d2517c58_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
105de1e9aeea80faf4c885b2d2517c58_JaffaCakes118.html
-
Size
76KB
-
MD5
105de1e9aeea80faf4c885b2d2517c58
-
SHA1
48530e7e5871b66df8c17270efbe1901a449b360
-
SHA256
5f20a85050bb51da056eaf905f782185273a39f65cdfc08e42cd1714d31fa4b5
-
SHA512
6b922b44e50223c3a143ec66da9df6c8375cdc817edb99860172ed1d2b40c168e66dbc1102428c5804574f0871109531a22c93494a3b0b780bdd182b566e8007
-
SSDEEP
1536:SGPStGEy7kcZmMiJ+dUgmdPXV9CO+2+0FWa5:SGPStGEy4cZjiJ+s8sb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2328 msedge.exe 2328 msedge.exe 2688 msedge.exe 2688 msedge.exe 4500 identity_helper.exe 4500 identity_helper.exe 5712 msedge.exe 5712 msedge.exe 5712 msedge.exe 5712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2704 2688 msedge.exe 83 PID 2688 wrote to memory of 2704 2688 msedge.exe 83 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2236 2688 msedge.exe 84 PID 2688 wrote to memory of 2328 2688 msedge.exe 85 PID 2688 wrote to memory of 2328 2688 msedge.exe 85 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86 PID 2688 wrote to memory of 4008 2688 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\105de1e9aeea80faf4c885b2d2517c58_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffe141d46f8,0x7ffe141d4708,0x7ffe141d47182⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:22⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2408 /prefetch:82⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:82⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:12⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16754016575744204270,15687708389838431393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4968
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD50d486ed19bd505c1f52aa8968d9ab481
SHA12e1fcb33e781ba19d6a0e60e42c0be99eda12460
SHA256bf9b8ed1b09920f4c0e6bf051050ba172e32bc5467931cc0f791647cc1b7d63c
SHA5123a81fa3e4b13f2a9da1ed400a34a978e2b01514e39cdab3f8c02d6e98852c7306e62bca1e04acfea39e9104922250fd7a3a7cfd1826bad2dbfdc7e45bb7630a1
-
Filesize
152B
MD59dc60aef38e7832217e7fa02d6f0d9f6
SHA14f8539dc7d5739b36fe976a932338f459d066db6
SHA2568a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32
SHA51218371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7
-
Filesize
152B
MD57ac03b15b68af2d5cb5c8063057cc83e
SHA19b2d4db737f57322ff5c4bbddd765b3177f930ab
SHA256b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700
SHA512a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732
-
Filesize
480B
MD508e2d7370c805f1fe667fc5024946b33
SHA1f2f9e218aba6055e2495c824eeb8725c53f16390
SHA25677179410ae74d0f53d30321e56ea8f65a7a01c7f409222a18061a21a8a67b0e7
SHA5121e27bfacfe82b39fa8800c2669b5816cc760c92c9579246378fd8fec82c9fb5cfb2c10dd0dbeb16fc73d5938b2692197b57b38c0bec901016c976bb70cc08bfe
-
Filesize
5KB
MD572d6efd24ef46b7eb89c6d527a8480e5
SHA1f8ff16218584525bc3fdf704d3384ed7fad8ddc6
SHA2560371d71bfda1ae78cbd03f91bd9521509eff96e661b9a69283618b72cb9e9cd3
SHA512897791023acc20e35349759c1e2c7d5006342e3913123692b7fb40dcd777f6d56813410086ecf4ee48388b346ee7003f3af527c7ebb82bb5bb63af1427bef23c
-
Filesize
6KB
MD57b6ebfa45fd013890b947e1410b1a391
SHA17082f7c7218d16c6a451c48768e3753375720456
SHA25693de8142dd478ac2e6037301885f5740491db5525be677379f55147dfdfeaeec
SHA512436fcdec53f3825a467b21aa444b7fefb63bdf9697a123cdd1a950926a3c9b16fefe25737fbc40f2bb371d35d180c04320e7936fef15b7aa6648ca3e2ef21ee4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ca6b8558ea3fe8594313afddf76c9c5d
SHA146535ac9036f0bf072b95e5a250b18c17ec33e44
SHA256cf8fb88f04bd6ba7a8ea7833dfc913fe41b1bd8a6626a9a6d0c2fabaecb3f203
SHA512a9b71034f1709d39fe93d4e28245d4fac9683774764952f584456da57220130915bc523c45f91a6575f9ca6c99a6357eae9163df24cb339a3c9426a90a13e369