Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 17:47
Static task
static1
Behavioral task
behavioral1
Sample
13cfecdfbc602082937759de75e00e3f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13cfecdfbc602082937759de75e00e3f_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
13cfecdfbc602082937759de75e00e3f_JaffaCakes118.html
-
Size
618B
-
MD5
13cfecdfbc602082937759de75e00e3f
-
SHA1
f4ea164396dab8100f710ab10af5c1c2a4d82e61
-
SHA256
b1251abba64816ae1991f62c3737a3ae51da28ac5ad8a65cde1d9d5e9ad7fe08
-
SHA512
35ece8f9693f111a72e8a6ffa6f5a73c3cf7e4ac299302f4dae8688ce21dab66660f6fdded33c57cf13bdd677ee14a94d23214fa6748a06b6c0fef8aee9219c9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4296 msedge.exe 4296 msedge.exe 940 msedge.exe 940 msedge.exe 2420 identity_helper.exe 2420 identity_helper.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe 940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 940 wrote to memory of 112 940 msedge.exe 86 PID 940 wrote to memory of 112 940 msedge.exe 86 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 1304 940 msedge.exe 87 PID 940 wrote to memory of 4296 940 msedge.exe 88 PID 940 wrote to memory of 4296 940 msedge.exe 88 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89 PID 940 wrote to memory of 3652 940 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13cfecdfbc602082937759de75e00e3f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e9246f8,0x7ffe4e924708,0x7ffe4e9247182⤵PID:112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:12⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3831383829079607580,13467796762471085745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4020
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
5KB
MD54c38e88f5d910cb10dc6a7aec1f68e30
SHA12030040d05e2f690f3dd5a290dbfad1b73a04d9f
SHA256f690b2eb5c1c51b05caa447c62b7bc6453f811336a34c84a3463ca65b040f1ee
SHA512471d9dd7e925c88eba5c15e9874987690e0e745e6f2ca1138c830f6722a89f6530f83d8bcb8867c2f6b04408ed878805681dd3a0cd7c7ca4ff5c98964907350a
-
Filesize
6KB
MD51ed27ede5b77b5d7a3476a2742ac1839
SHA18877fa452661a1664ec9362dc48ec32dcd69bbde
SHA2563fdcd9da4c3eb5f38bc0c902eea4ada261196c00f961bffa3af9f3e0e3e7adfc
SHA5128e4779362bbc24236c951827280b6fd86b2b1a6b4e207d5f38311be68c240e72fb765f902d644c5e5b96f92b47d7e6b2b2ad311fe469d2edd0997dbdc56e915d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b1c8fd97d3bb5e70a1c2fa2f3655fdf2
SHA1b476788c5aa65691dbe0c27c4dd10164031bcdd1
SHA256a2d21b9e7c4c90719eb231af3e4423cd7ad59f3456ca046c16c58538788baf26
SHA5120a2f4ea04b730d0be7a2b465380d055c017c80042267c469d6c65cab459b7be7845522d33e5c737dac7095983452aeca8bc5e523cb460beda88356129d193002