Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 04:12
Static task
static1
Behavioral task
behavioral1
Sample
1175d7b01ba523d5d96e2fa001682981_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1175d7b01ba523d5d96e2fa001682981_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
1175d7b01ba523d5d96e2fa001682981_JaffaCakes118.html
-
Size
236KB
-
MD5
1175d7b01ba523d5d96e2fa001682981
-
SHA1
a347ef0bd54bc7f82282c12fdfcdbf34f272cc0f
-
SHA256
ba74322c238fc7e2cd12c4bdf8f85ffae6369e90bcea42c687545829ed5d06da
-
SHA512
a3ea1a0ff03d1a3d7e2e9215c31cfd769060458dd77eb5ec61ef1c9009c2ca318e36eea708fb54d404fe4f9dc84235324db6953d928b9252a2e18d752a6225c7
-
SSDEEP
3072:VtEqi5zPSy/zy/GuZwlevRgqrN2jmZBqz:Pu8y/zy/G3lqRm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2032 msedge.exe 2032 msedge.exe 1412 msedge.exe 1412 msedge.exe 2720 identity_helper.exe 2720 identity_helper.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1412 wrote to memory of 4268 1412 msedge.exe 84 PID 1412 wrote to memory of 4268 1412 msedge.exe 84 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 4284 1412 msedge.exe 85 PID 1412 wrote to memory of 2032 1412 msedge.exe 86 PID 1412 wrote to memory of 2032 1412 msedge.exe 86 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87 PID 1412 wrote to memory of 2140 1412 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1175d7b01ba523d5d96e2fa001682981_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabc546f8,0x7fffabc54708,0x7fffabc547182⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12654190986401358062,15071299192881376547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5072
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2168
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
1KB
MD57a8172148c82d83c5324b9ebd0d8e72e
SHA11dc84a468881a0ba38dd088e61cca749dee9e55d
SHA2567f7e20a6d2054155de0035767c37d8a81e0e04573b061229ad1d35d403248f98
SHA512c7b22a3e7f4cc004f50ee71cabe424235c1fd5720776dd2a684a1bee57db2a2084fb5e7b93aadf4076c094238dff1bea9b792779164a7486e1946f9b1b5f0101
-
Filesize
5KB
MD5743e21715c302e9517ddcdba1205665f
SHA152d86080b9f0ffe6084996e4386676b4ae5826fe
SHA256179792fd55220b70b92422238a8f9dac15798815b72ef4bf7a2c6fb941fc3d11
SHA512fcf760b79cf0c406cf5a9cce1efbbe78e22c893db1806b5754fe95323e9b0a02495ed06ccae56e110ca7f722bdb787e8e341879b3c691f7fd826b30a2d1fd65d
-
Filesize
6KB
MD55ab97093cfc925b432391272cf9deafc
SHA1fbeb35ab4cbd1f4c036332c96873588a2f98c97e
SHA256b2b698537d5e3245bf4bf3518eb7897d1b07375754c136c47d3b811699dc86dd
SHA51226b23f3de0ea5aafb6d8cc894f718aee47409d22ab4352527eaab4c4a89fe715b5dc67f1996fbce5a3019b6c9426e245951a824aae03f6fae32a11086c8d60b9
-
Filesize
6KB
MD5653c229807798c282d995461cfeaf4e3
SHA122d07e346c3e5515add090fefec593f9fc265409
SHA256507b979364fe68848bb19d8faa083f9eee0868bd464d72a668ddeb43a0e984c3
SHA5121b362db10437a6a9260a58917c999994fcc50aa2ca2b5ce5624ab4a26721c9f5b2d6981ad7a5037203fd5432cca59a43b4edaf184c1fa9dc2c9c4147fd90be04
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d10fe7008c5338b9271d60a70dbbbbd3
SHA1f1c05cd2863e8c8b1314c90e894acd7cb4e7e871
SHA2568279eecfad0c08922351dd1b9ca8ed9f7d0cc16aca37e488518c89426731cc40
SHA5123524e0573f9370d5bbb763699db80c4581e250aae9b7152f61559647aa7069c7a70652582f4f1e9fde495381b0fb56e85354d848861bc5b0f60838f2a2c60e14