Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 00:12
Static task
static1
Behavioral task
behavioral1
Sample
151b782d178aafdf2f3c883a90320246_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
151b782d178aafdf2f3c883a90320246_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
151b782d178aafdf2f3c883a90320246_JaffaCakes118.html
-
Size
31KB
-
MD5
151b782d178aafdf2f3c883a90320246
-
SHA1
b5ff12554c01df8a0d1a4dec584880e52a56cf92
-
SHA256
3f115ff7b83f1ab122faccd95430e43240790d7d42195d73d5021ae111ca54e1
-
SHA512
7a942fb073189e0d0f473fedfab131118583ec4b8352ee150aff3d3f2080eaa1463bd9fd4e6bda3ccff449c245f01161133c56d5d5263fe1b8f88cdab0009bcc
-
SSDEEP
192:uWv9b5nx7nQjxn5Q/AnQierNnonQOkEntIOnQTbn5nQeMCpA2bLU/IfyINcsitO/:yQ/H3BLuxVP2ZIAlkEOZO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1760 msedge.exe 1760 msedge.exe 3728 msedge.exe 3728 msedge.exe 4832 identity_helper.exe 4832 identity_helper.exe 1416 msedge.exe 1416 msedge.exe 1416 msedge.exe 1416 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3728 wrote to memory of 4928 3728 msedge.exe 84 PID 3728 wrote to memory of 4928 3728 msedge.exe 84 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 4856 3728 msedge.exe 85 PID 3728 wrote to memory of 1760 3728 msedge.exe 86 PID 3728 wrote to memory of 1760 3728 msedge.exe 86 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87 PID 3728 wrote to memory of 1944 3728 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\151b782d178aafdf2f3c883a90320246_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff855746f8,0x7fff85574708,0x7fff855747182⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,93881648457383211,16341371448196610078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1416
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
Filesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
Filesize
5KB
MD587b9478ee7a9da10886289b4e6e5e0f1
SHA1a5a29f996cec82f01a7559d9602967ef3a4da697
SHA256a7755c1126ceaf3c2dd67e6144dd9deeb8906a20699ade4e523dfeeb94acfdd9
SHA512cfaedc1395fbb323482e990d051b06402d491331105bd0c690f316c33471254c225b6729fd3c07d874622a7771ab535b03be7d729aba5bee25b7c8a7c92241f5
-
Filesize
6KB
MD58a50cfeea95f24526901a8d3eef302e2
SHA128c9571cab73f6f707b8e3f4a7c0a965d84f2233
SHA25634c2e52556ca5085072a58e8b4c1c161eae5eade8bd86bba4268c259dcb04ef5
SHA512090755061ed48eb2f8cdca7061fb1ad80f4f84881750722902e367a00cc50125c9f4a79dacb8d05430a26e8a6ff87f13c0001d040aee727d3dd35f63334806a9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f22a1fa87cb38134cc42aa3a3e2ed9c6
SHA1ef0204ea4e83fc2c59f908ca44a8704f8fa3e0fc
SHA256d67478010f0f2adc0e31a74c85b7dbc6f546da9a7c40e12d8ef6fce5ffc66167
SHA5120dbab44756b0c14396b4aa743ef15e4e22dded0dc4096745c067f807c58b77c7b854a017afaf2b74e428e06f2522636ab5482e1c3d9f359fd33f7b26c75f619c