Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 10:58
Static task
static1
Behavioral task
behavioral1
Sample
175b6ed620cf714e4b958787f6020b96_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
175b6ed620cf714e4b958787f6020b96_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
175b6ed620cf714e4b958787f6020b96_JaffaCakes118.html
-
Size
789B
-
MD5
175b6ed620cf714e4b958787f6020b96
-
SHA1
fd1c3e8b37cef3e4c21d5e8c791a0d1ec8bcaa20
-
SHA256
ad4021e40006fd485b651fd5913b6175c62c9de9864713005965141dda247399
-
SHA512
3c2b9dfeeecd46fe713418daa5b68f6627f52fc1deb84030a56a2ee0282c059548d4cff9ff3bf01f1cf1b58ff8f24cfaad414bdca6a363061ffd3b4ac25045bc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 1900 msedge.exe 1900 msedge.exe 1628 identity_helper.exe 1628 identity_helper.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1900 wrote to memory of 1368 1900 msedge.exe 85 PID 1900 wrote to memory of 1368 1900 msedge.exe 85 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 1520 1900 msedge.exe 86 PID 1900 wrote to memory of 3324 1900 msedge.exe 87 PID 1900 wrote to memory of 3324 1900 msedge.exe 87 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88 PID 1900 wrote to memory of 4332 1900 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\175b6ed620cf714e4b958787f6020b96_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff035946f8,0x7fff03594708,0x7fff035947182⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2560579942329867197,8497080368641087262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
Filesize
6KB
MD55add904ef700f8169d24080f10a12ec3
SHA1d0fa02e9110804d40368ed462ff441fee3194da9
SHA256d0db640bb391f46892ac32e0cf1bc5fd9f34deec619c8478b6e9726b2aac417b
SHA5127fabcc948094bcd0be9ab498a8196d2e0a661bcf12ec8cdbec32e588f98c0c316b8777b171eebb0f0c5f0a2de7b050916bba74b5e93a66b9a75e9406861a2d8b
-
Filesize
5KB
MD585bd7ff74a6c380ecbc04aafb3156eab
SHA17a9d71105e8028bb4b08440c83b15e1a96feda70
SHA256ff7de9c8304031b1a80b0d017e305da6a15716731d505803772bd3c9fc744483
SHA512c35c784bda614e89c496c4b0ab3896b5e680bac76952aac5fa2ca50194e8b1cd1e7379632089378d897bb96cfbfaab57739198ac92879a67499cd14740547a41
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c3e96a3a9000080ccf526a1a6ec99fcb
SHA15d53a202e2be5efe873ead3c2a028923490499a5
SHA25630197d8ee501dc372e8fe6ccb6d3e0a410a14394468bcad294a0b022f6c24c9a
SHA5126d3e9648fce6f9e27c250f0fade1e786aeb0795289d15b2d9faf6d470cc03119d3378fa31a3ec42f6c2205958179b35bb92c63647ca2ef81fd8a5f0243c69636