Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 17:46
Static task
static1
Behavioral task
behavioral1
Sample
13cf2ded75073a45a1d1ffc31195ad43_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13cf2ded75073a45a1d1ffc31195ad43_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
13cf2ded75073a45a1d1ffc31195ad43_JaffaCakes118.html
-
Size
229KB
-
MD5
13cf2ded75073a45a1d1ffc31195ad43
-
SHA1
ac69cdd1c19b2037de722d5777afbf2527124e64
-
SHA256
1f246afa9f218d1ec62a99ab189a9b1027e83028038fbe8f942b67b758d92d90
-
SHA512
24e048a3a4979d33af1b7be8344f21f020187b91e836fde51ef5604187b6b62009e39fb730fb5e052dfea91c9cf8b2d3d52997185d468adabaea4acd33f2b5c9
-
SSDEEP
1536:d0c5sZEfuspW9ZmUxcApEpirgpppdjolsZkQrjOC9ZJVkj6JaNvDpnr+GnA1:ll0gvUObRJaNvDpnr+GnY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3632 msedge.exe 3632 msedge.exe 1088 msedge.exe 1088 msedge.exe 1192 identity_helper.exe 1192 identity_helper.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1088 wrote to memory of 1392 1088 msedge.exe 83 PID 1088 wrote to memory of 1392 1088 msedge.exe 83 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 4120 1088 msedge.exe 84 PID 1088 wrote to memory of 3632 1088 msedge.exe 85 PID 1088 wrote to memory of 3632 1088 msedge.exe 85 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86 PID 1088 wrote to memory of 1996 1088 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13cf2ded75073a45a1d1ffc31195ad43_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c6e46f8,0x7ff90c6e4708,0x7ff90c6e47182⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,2349926726377572083,4407919250779029215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
5KB
MD5d65a120cadc0949a0adb567b8c7c3570
SHA147aa7c3c14ffeac7018b4e8677b1612cc9691059
SHA256d729a5193abdddbbc497059f43ab375226271bc945a4e7e3bf32f3e1787c6eab
SHA512d3b0c27c5b31a8423fa69b0b7bbe76e4d624cdac934be3f1dbaafc53936364ed0a70be973cd239978a12e432d493a6b6a9f3a556aafc3e1ea7698340720535cf
-
Filesize
6KB
MD562bcdf43b1362c8896d56fdf3a0de1c3
SHA17797422f89fa29d4c06369ab388c814bb6241652
SHA2562871cd474461f2f1fc587bf98b34789b99d3373b88a780cd5237f94848aa3c02
SHA512a766cb7f4fd51b8dc59dad947e1f03e910cdd976897139e8678b261470e157a40dada705a5aedc75e153ca4daae2f85c2a541c182591072a79fd39dda3b37011
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f7b437c0b09f7842fff6784c1a9855a9
SHA16116ce20bce3db218f1fa7012272a8cbf1ce55c0
SHA2569ee3ac484e29ff2db728aa810927d39e195c9c6c4301872fc621bb31e83bffed
SHA5123e434c0ecd32d0bd1107e36747293ae164b50d4e5f4be7953431cae07f9bca8b2cbe621665a9ce2f9abae3350c5882328a2449d3e062b09d70dea3406f2c87f1