Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 21:08
Static task
static1
Behavioral task
behavioral1
Sample
147cde38c59f60fdf6e9c081739c039c_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
147cde38c59f60fdf6e9c081739c039c_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
147cde38c59f60fdf6e9c081739c039c_JaffaCakes118.html
-
Size
28KB
-
MD5
147cde38c59f60fdf6e9c081739c039c
-
SHA1
6795739cc864301c4bd6d627d7d0e52af95d162c
-
SHA256
a87f85d674eae87d52ab0b695ab7d888590d4c2706d5b5a8fb48addd12225f0c
-
SHA512
61452362c18f1afadd425d95b38842c3f52693bb5087305da548717477fe1809a9b29a296710e3e4656d335d7c59cf088353c6b16dbea156780b09af7a061201
-
SSDEEP
192:uwnIb5nPUVUnQjxn5Q/7nQieyNn2EHnQOkEntp5nQTbnpnQ9eUzam66lEGZfQl7P:fQ/ME3Jm2EGMSM6K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2520 msedge.exe 2520 msedge.exe 2656 msedge.exe 2656 msedge.exe 3848 identity_helper.exe 3848 identity_helper.exe 1736 msedge.exe 1736 msedge.exe 1736 msedge.exe 1736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2656 wrote to memory of 4088 2656 msedge.exe 83 PID 2656 wrote to memory of 4088 2656 msedge.exe 83 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 1036 2656 msedge.exe 84 PID 2656 wrote to memory of 2520 2656 msedge.exe 85 PID 2656 wrote to memory of 2520 2656 msedge.exe 85 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86 PID 2656 wrote to memory of 4676 2656 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\147cde38c59f60fdf6e9c081739c039c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a24346f8,0x7ff8a2434708,0x7ff8a24347182⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6426023634889946825,1312255542663767887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:64
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
6KB
MD5e52a40a16120d49d2f4cd324e5e4d377
SHA15feb5caac8403ca63e9c3c3a88eaece3cda1be40
SHA256ae930b28716d6d3fc13c058e0b1eada629857a586b15ae8f6ff5deea02b1ca76
SHA512555a5c0177fd040b8795b4c59377fd9ed165e3381e30ef7f4e802813e167902c70faa571fce68e9c72e89951c679d7582d315771c1349cdafd785c6e056843c3
-
Filesize
5KB
MD539d7d86687c51b1fb735294f57207b2b
SHA1b567dc6bff9ffbe38989f636277eaea6f05c8624
SHA256f98cb4bf868200a70e8a5c09934e095bff0da8f74540a9b9bd5ad3af74ad6cf2
SHA51204a3ea99ef8394aae3c8a5811216b9233a8a23456119580a70f854778870cab08c20aef99dd1656d310ab1c8226790fd793d0cebafad157e0340cdb8dad7e544
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ae0e22f6f86ab4fbbeae42399fc04882
SHA1171cdb1236a73981a974339dc638a3e01a3f3572
SHA25613e4ef4a209930cd7d668b146e6df38f8245f55f4521a7cf71502d3b87c47aa1
SHA5128de92b34187c85f24aa6e0cf4084addff4bbcf5741a6d1ba5961397dc6083142fc6e4187c44f9872a61ab36ef51f341db866077de3fd05ed618471ec08372261