Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 19:13
Static task
static1
Behavioral task
behavioral1
Sample
264f0dc80369b89ea8dd6f4ea661cb72_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
264f0dc80369b89ea8dd6f4ea661cb72_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
264f0dc80369b89ea8dd6f4ea661cb72_JaffaCakes118.html
-
Size
8KB
-
MD5
264f0dc80369b89ea8dd6f4ea661cb72
-
SHA1
a4a73b1c7f1628ab81152fcf654df6965f301173
-
SHA256
4ffccd30762df349f42f69b1cfb74f115d9bc6ef2f98af575518aff908f5bdc3
-
SHA512
e1d8500763a79aac484243a2f61f52104789a8b6364e2400e755b73167e84145b9f9b5e4d934d34cf9433a40da29c6c5f4db72e56b0cbc90f4493c93b334fc31
-
SSDEEP
192:ZcU4N9xAH2kXiJCkC0cCrZEcWhPyaAuhcWNM4w41X2R43Jl:ZqN9xAQngcWm41XVf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 408 msedge.exe 408 msedge.exe 1908 msedge.exe 1908 msedge.exe 4120 identity_helper.exe 4120 identity_helper.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe 1908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1908 wrote to memory of 3000 1908 msedge.exe 82 PID 1908 wrote to memory of 3000 1908 msedge.exe 82 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 5004 1908 msedge.exe 83 PID 1908 wrote to memory of 408 1908 msedge.exe 84 PID 1908 wrote to memory of 408 1908 msedge.exe 84 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85 PID 1908 wrote to memory of 4296 1908 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\264f0dc80369b89ea8dd6f4ea661cb72_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa270646f8,0x7ffa27064708,0x7ffa270647182⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18422833511907513596,6247809496851811248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
6KB
MD5819859d286b377121c10a82f2b77c9d9
SHA15aa34c0835d9bacf6636713f018d60fc99f41ce9
SHA256d1c9dbfbcd31afcab8b0ee5021f222f188975848a6fc8523d55124e0fbdb2912
SHA512d89bb6a72ae6231dbc6f74837aec015acc186ab0c2b42f61c9dab1ae763c89a4393f79ea3e671c8695775f47557f84f95495dcd0066fafb9ad1858f26dfb5f72
-
Filesize
6KB
MD53439581ef1968a30f80d163a2acbc6a9
SHA16a107cc6f3a0440240b35a04aaaf2ca199169652
SHA256bb8bbbe3b46ac096ba16b6f325b024e5f848444d009e63c72c3cd519a7bbfd0f
SHA512c3370a898c6dacc2c054072ad29dd81b62c965afe326ed173fee27108859d24c4874589aa13e931ffb5ed166f77c0a4307e2e30e64b1b6e6e0c518d797a5fa1a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e2f8e88f08d7a8a55d6d5312e25cdbd7
SHA168b62b53f9477a913e106ebbf4ad6d32ec61455a
SHA256ab6cd58fd282707d7d6e288e39e3e4ac1f36a910b151d517c77d5c11dfc2e1da
SHA5122fcd10ab95869ad332cfc53cebfb5e7ead15e0375ef2e90711e95fb2d998a8785d851b8f70e4837ea89fa54d194e3391263491afd719f838231ee4d2f14bc4cd