Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 22:43
Static task
static1
Behavioral task
behavioral1
Sample
2c136517ddc92f4b2e66203f3ff582ef_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c136517ddc92f4b2e66203f3ff582ef_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2c136517ddc92f4b2e66203f3ff582ef_JaffaCakes118.html
-
Size
37KB
-
MD5
2c136517ddc92f4b2e66203f3ff582ef
-
SHA1
2840d8e180b0a2ff96e7865e0a983491d0d31b95
-
SHA256
aa8f077df19a0304a588d294947739bef9588c223984019fc51b5af173ebde1f
-
SHA512
ae31bde2f9ac59497b87046b7e468678516280e7b1d05a3f7a2a13e332c39820b430fb4a3809617e18d883ad2198c40addf48a95424459612e7aaa86bb27056f
-
SSDEEP
192:uwTOb5nWF4nQjxn5Q/RnQiekNn9nQOkEntjXnQTbnJnQOgy9cwqYrEcwqYAz2cwb:jFQ/o2uH248dcgcQ+6kwdnhKFoc5usG1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3856 msedge.exe 3856 msedge.exe 4896 identity_helper.exe 4896 identity_helper.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe 3856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3856 wrote to memory of 4052 3856 msedge.exe 84 PID 3856 wrote to memory of 4052 3856 msedge.exe 84 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3200 3856 msedge.exe 85 PID 3856 wrote to memory of 3676 3856 msedge.exe 86 PID 3856 wrote to memory of 3676 3856 msedge.exe 86 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87 PID 3856 wrote to memory of 5112 3856 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c136517ddc92f4b2e66203f3ff582ef_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6f946f8,0x7ffaa6f94708,0x7ffaa6f947182⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4264156286670164462,13390033621562627193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4020
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
5KB
MD5c8fd30f56ba10b8da1be310e5724f277
SHA17b63b039830123139638f42c8a667cc1390273a5
SHA2562d35f1b6a89e45a84c06f8db2392d0065df24ca1dd0036cd255a804e8105a0dc
SHA512a150c300f60a6a945d7fb0f2baf6170ada76e83bc079bf8ce4739bf3f08a38ddda81dfae02def26474399ccef30dd348e889f235799b525afe9b6c335e533a8c
-
Filesize
6KB
MD5c8f83f897e2563cbc9014c1e7d10dc2c
SHA1238bf7eac410faa96cdb430b4cf1390c6b4548d6
SHA2561c93bba5ccf1d4763f3ba6b96540fb56fe0eafbc5dd9f35e87548892c187f3e0
SHA5121fda760aa417b06bd7c1afabde2b273b72c21f38ba92f5708f2fe248e67ed5606d12e341ce4fc4be280cd3125ed6cc6fccff59dde81fbeac3c2e912a3b0d84fc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bfa82524c14195a542bb889af7d491bd
SHA1daf3f57ba5562d00521650ba48ef726297948f04
SHA2568e61cd2eea149a6b3d4490472d3818edbaa4a5b0f14827e6d80171141053b610
SHA512dd45279a619702aa713e735a2132be3e24f5b71647180ac0a1e72098ad22445fa8f1e27e578245502043e92226cc14e8f3b45c0794fddff056d3e51cb916278a