Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 22:42
Static task
static1
Behavioral task
behavioral1
Sample
270f87ef765b202f78c926627433a81e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
270f87ef765b202f78c926627433a81e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
270f87ef765b202f78c926627433a81e_JaffaCakes118.html
-
Size
36KB
-
MD5
270f87ef765b202f78c926627433a81e
-
SHA1
60a705f593540c15fa5bfa11c305987237378163
-
SHA256
39df983a4359bee20a413c17ba100283d1f52036d004a0a45d209f7b9750aa1a
-
SHA512
99b46fbdb483fe5de302efe2d67688484b7bad49bacbe23e4b2b207b3b6f17f7612832ab0470972032117de7c773b623e157202286bd3678c9463fcd6afc2383
-
SSDEEP
768:zwx/MDTHjr88hARvZPX2E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TUZOD6lrw6lLRcK:Q/XbJxNVru0S9/S8XK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1156 msedge.exe 1156 msedge.exe 4924 msedge.exe 4924 msedge.exe 4276 identity_helper.exe 4276 identity_helper.exe 1872 msedge.exe 1872 msedge.exe 1872 msedge.exe 1872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4924 wrote to memory of 4772 4924 msedge.exe 80 PID 4924 wrote to memory of 4772 4924 msedge.exe 80 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 412 4924 msedge.exe 82 PID 4924 wrote to memory of 1156 4924 msedge.exe 83 PID 4924 wrote to memory of 1156 4924 msedge.exe 83 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84 PID 4924 wrote to memory of 2732 4924 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\270f87ef765b202f78c926627433a81e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97dc546f8,0x7ff97dc54708,0x7ff97dc547182⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
614B
MD5b3f9154d5ff94ae8b328d7f261b70da4
SHA14eb72306ef7a6264982ea9031555ce1d27c0e97a
SHA256c5adc19fca5bb5a0076b0338b785a8ebcbd9dbf143637fe0c91a4cd3bd506963
SHA5124d94243f507c73a80cdd0016aa7d29bac1a460e6b069b6e54400ada664403c18c226b0e6f12bfe5a7a64b2127d7c1b7d2b34e87b412f363e629ebebb93138d04
-
Filesize
6KB
MD580cc289966b5f58d543f023637690b70
SHA1e2f67beb10bcdaa1cd4716c87ad102d234fb2fec
SHA2567210f472a54b2fde1dd42c771c6d566b64f67d6a3412ea71dd1efda8802afadd
SHA512ca4dafdbfd00a47b7ddea6ced3ddf9ba44416991273b3ebc188315aba577234022505e0e1b55762c40397808e750dd95c43564830eed1ad4cc781518ee4da3a3
-
Filesize
6KB
MD5d814b3453ed634b9b4306bf2ec9859ba
SHA1b2b383f1f0d252c1128ae406b01ce88838684fa0
SHA256f95bd51c609968c7aff06da37274136997fe99c02a41c80881c1a5003a965f79
SHA512d288a234e894e970451a78cd2e10c7c417de9338f9d8cc94f6b78e637055e1acca6b628cb5168846bf875e1a7e0dd14060cd5eab1b753761e717fb5de74e84a5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD550bbd1f5d80509dc0fc0cbc1c5ccdc67
SHA197fa13cbf06c3dabc373a70433d6025afb40ca24
SHA256a9634d8b0b91e53f309886bba38077a5ca41876303c6f5ad180a47fd3a7ff220
SHA512cca2e61f8141dbd98f4b914efb5e4f028b130523b3086906bb39acee9da3d10e2777de0a385acee3d66dc73eadb3bd294d7e9754e2387ae24fbd8a10da2922db