Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 19:09
Static task
static1
Behavioral task
behavioral1
Sample
215344807277cf4830600aa8ed549d9d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
215344807277cf4830600aa8ed549d9d_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
215344807277cf4830600aa8ed549d9d_JaffaCakes118.html
-
Size
16KB
-
MD5
215344807277cf4830600aa8ed549d9d
-
SHA1
b6efef836178472d28a4c5925944ace539019859
-
SHA256
5a8498506545c78555283f8cc402d1998b6babdff703ca3f0133e60eea6b4d81
-
SHA512
1c810d03f8924ac6b14e16cebb598c9b8e9186a6bf0b8a8003742e3051eb0bed1c6008c7a17b089cde2db692853a1712648291ad81371a4c7499f22a0f82d34b
-
SSDEEP
384:yC0cCQ5dzvRSgVDGS0rNCcKM57JzhRNQvgsMVW:yCflxkgpGS0lKM/bzVW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4948 msedge.exe 4948 msedge.exe 1652 identity_helper.exe 1652 identity_helper.exe 1064 msedge.exe 1064 msedge.exe 1064 msedge.exe 1064 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4948 wrote to memory of 3108 4948 msedge.exe 84 PID 4948 wrote to memory of 3108 4948 msedge.exe 84 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 2060 4948 msedge.exe 85 PID 4948 wrote to memory of 4100 4948 msedge.exe 86 PID 4948 wrote to memory of 4100 4948 msedge.exe 86 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87 PID 4948 wrote to memory of 1816 4948 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\215344807277cf4830600aa8ed549d9d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9965d46f8,0x7ff9965d4708,0x7ff9965d47182⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1808429284016707934,14197788911781206854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD5ae679cca96523c8f0110c74f2d53a2b0
SHA160496c47de1478360182a2fa7aa038c79b53d8dd
SHA2569678321265a45821554a86d0094fdd71a7ffdc822014b5ab8cf3fa671b74b81d
SHA512d22adcfb00a720de9876c5bfd85e3932dc432093e60b488008fe1f4cbf6247b127c390d53c9236407eed40f599bfe3960f3af09df17a725bcb416eda6ac8bfd3
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
493B
MD5c683fc137605850e4c700b31f066c026
SHA181b09848dd3089bfc00053927fd59e20cafef1f4
SHA2569ef3f2d1a676c8db17ea67768acc5eec765862c42dccf820263d1afeccf00ee3
SHA5122a0ad6f0f7b0729e19169943c672c78f8e078e4e2ef30a9e0a224833a38cc6b6c91bbc66c3c3bfbabbd4e590bec35d38f5a425cf9abd9cb84fecc1792719504f
-
Filesize
6KB
MD5f3ab951fa9ebf12d15944c6f15a559f8
SHA157aef5b1727fa536d33b99877346eb8b52797dac
SHA256de0561917cd372c29c16555cbf3d2a77af1cca7ad742b674ee750499aa4da1d5
SHA5124af163332363d756dba3fd42de866d2da30748aa979974f7086117b9ac9da2419d954d021b4dc5dc829be16a7a5505bcd55a8bc042487caac11dbbeeb7d3dc3e
-
Filesize
5KB
MD5651f9dfb5f930ece2dce9441c313fd3a
SHA17e7c8817973e063a407fd6959d13558422a64518
SHA2561fafa4eb13d1041f6ce30d52602e1ab8d948ac1b7bd57127c27d751968076de9
SHA512236426e245d1feb3bdee542a97c42577b6e648a2a32c4fabf0c3d50ff3fa012d85657d47703f5990b09d7ecb9bf3ef332fcde18db3955ff076b3b3da5985ae1e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5554321f5dc9c61f8312870d5ce4005d3
SHA1a3d52dba7f95e08dc9d67f9c4783f408f6e90095
SHA25660e39ab7ad3c81939d18a20a018b958ec63f69040ba19433db88f5b6a9c6dbdf
SHA51229744db8a3d3a95057ab594f465d093176195978282b4c10c7a9aae254f739b3bec03874b2a4195979d284a72df4484079addda7178bac332a2336b03e5de234