Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 08:18
Static task
static1
Behavioral task
behavioral1
Sample
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html
-
Size
23KB
-
MD5
23f8fc1e15e5448a31f2a12a4616c146
-
SHA1
591e1a12daef59a22a12bd488f24be201e6eeb4e
-
SHA256
f6b203eafc8bccc67b5f9081739a75d1e50f9dfdb01c1f9544d2cfc8da51cd98
-
SHA512
f69fc3eed32c89060765766dd57bcb00e55e3d989c305b0b90aa48e5d8d5c5cd8a0777c2432b0155ad9ab20a6af25223ccd543be92f18ec0c7d9dc504983f49f
-
SSDEEP
384:zVhVtx+dWwputxwQ7U7kSj3Y47ZYZ5iOJtCiCU7uHOeP3x3gdE+uvi40AnZtGkiQ:jVtx+dWx0TA8OarHjP3xaEJvuwGkisi6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 3732 msedge.exe 3732 msedge.exe 2764 identity_helper.exe 2764 identity_helper.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3732 wrote to memory of 1804 3732 msedge.exe 84 PID 3732 wrote to memory of 1804 3732 msedge.exe 84 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 3004 3732 msedge.exe 85 PID 3732 wrote to memory of 2128 3732 msedge.exe 86 PID 3732 wrote to memory of 2128 3732 msedge.exe 86 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87 PID 3732 wrote to memory of 2104 3732 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23f8fc1e15e5448a31f2a12a4616c146_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa184e46f8,0x7ffa184e4708,0x7ffa184e47182⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,495735568874913444,5584893931762063905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:688
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
670B
MD50c0839d63c389934dd7d552149430482
SHA159c3f32f31e862dd4e5e62728f3d62ad3e386a7c
SHA256bf28118f88886e8a2773081a5100f0ae21d40c6d118bd402487bcbe406b42d9c
SHA512bffa77348f0d2c1237ed383af5a0353224af768c873da836dba35f40192f18bc73a2da7207b62be1f263ca577c03049ce2194865845bee6ea7ac1f96d86e0988
-
Filesize
5KB
MD5f06d9c3d83278e6a618db89f9638df60
SHA1760e90abc7d489a790140ead0e4ad202b55b5cc5
SHA25672feaaff315582bd3dbfb433affeca610255daa83594ba57f5824d0cd04e495a
SHA512920aa609f5a01f51413b81bb412368cd49996f8c60521689f1a10cb452303d3e96e8a4ac2acf6b5520e528b0d671f8611474b373c306ca2add63fd76be41b5fe
-
Filesize
6KB
MD50dd14d12a1ac7f6edd039753e1ffa0bf
SHA19f74851903dfd0ffae423a43fe33dc5f84ab03df
SHA256df7951e599eeb7cdee3010ace9537103681291a9a97cc356686f0d133d009d21
SHA512f8000a2e3d7b55de3ae2954228c6b598856839f9778187388b71f793493a4f20df9fb9401d97733aae1030105083d5c30d0e3dac75e21921ab2c72ac7f45e556
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD555413f12bb3dc2e93b49c1a2fa9fc272
SHA12593af58868d59481b8df05742023f125e506486
SHA256abe1f00c98a7390b263f837816aba786fbb9e05097d2c18ea25d0af651350b2a
SHA51280d0ee1b47200f437796fdc9fc1bfad0f8aad0a7184a9a0fe49fbe42cee2a031a9955972a509ced480bf585a02ca69857b47dd35a8b42d76ab2900e09804a1ae