Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 22:49
Static task
static1
Behavioral task
behavioral1
Sample
2714fd468e7382e6da45baa2be7e51a4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2714fd468e7382e6da45baa2be7e51a4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2714fd468e7382e6da45baa2be7e51a4_JaffaCakes118.html
-
Size
36KB
-
MD5
2714fd468e7382e6da45baa2be7e51a4
-
SHA1
275efe8e6bddae679e71eca80e61cff380fbc04e
-
SHA256
24a1fc9599d5e70c0ae59aa2e7bb05bbd092deb0675e87f37735458c194e12d7
-
SHA512
2c625709308155d5d9321dfb951b48f79e0622acef4d6589a335ca3761c354fa42e472663b5f6d21c76a2c4e825284bcc9f4e975851bc6e25de740723a3c14ed
-
SSDEEP
768:zwx/MDTH2o88hARzZPXmE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZO16f9U56lLRv:Q/3bJxNVGufSW/S81K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 2324 msedge.exe 2324 msedge.exe 3672 identity_helper.exe 3672 identity_helper.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2324 wrote to memory of 1480 2324 msedge.exe 80 PID 2324 wrote to memory of 1480 2324 msedge.exe 80 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 3992 2324 msedge.exe 82 PID 2324 wrote to memory of 4300 2324 msedge.exe 83 PID 2324 wrote to memory of 4300 2324 msedge.exe 83 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84 PID 2324 wrote to memory of 1632 2324 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2714fd468e7382e6da45baa2be7e51a4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa890f46f8,0x7ffa890f4708,0x7ffa890f47182⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17094042858514650767,8531678029851351552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
614B
MD5a03cbca5ff0f3ec6bd2d5b9b812a3fb2
SHA176c06ee50162460740d087cbb88d92401ba53cc3
SHA2562fb038b5a84627e789af902872301388be781beec503136a9799c029e1bc259a
SHA51267730953dcc0e994b2b576e690fa193aaa9eaf648de6d7ebe62f925d64a93c7909c127f7f732128f83018ea3a126b31bb0eba343503fbd9b36ec421db737eb9c
-
Filesize
6KB
MD5ffdcc814ea4a26ef5c7daebf9054b310
SHA18b7c687b2d6a60c688f529735b513c73f73e385b
SHA256054aa0a15518e1db3bbeeb2471735a6087d77cd55779f71d11df88ca1b3c3699
SHA512fa2bb2b29edd3df9acad96c01d39453d1b5495f8841272552400a53a797e2ba0d783cc8fa46d3dc85a69cc208b34ceb111dd21a3be7efa7af1875fcf85a5c66f
-
Filesize
6KB
MD50bb967f2ad4e0bf965c5e5e827513ebc
SHA1675ddb6991842fe22041d6a136e1977b37f80dcd
SHA25605f67b6e24137511ef293c1ae696bdd7601da93d7b6e35ede8fdc5183818b9fb
SHA5121d34f1a03ebb3f023d75aeb8e22ed4ae68ece58b065948f4f637770102d5a4515c60b394564701c185e186a7dd7a0a364faa6bf548911926b7bb0d2faf489bec
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5ceb2d0dbe056b0c9c03d408792dd6cf2
SHA161a2b223e1e0bb00da12f5762cc9667bc6dacf3d
SHA256ad247dff783343b1482b7760384235ea85b836ef6eb46daa95d3c0f12b5cca29
SHA512996c9bf6d31bb52b9c3a8458ef522eba0eef9cdc13b85cdf24522250fd4a498a8193d1a3a5b68a0924e52763ae95496e313946450b1b2229f708aa45e263d547