Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 08:47
Static task
static1
Behavioral task
behavioral1
Sample
292e18976edfbcc879fe9adf55ab28e6_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
292e18976edfbcc879fe9adf55ab28e6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
292e18976edfbcc879fe9adf55ab28e6_JaffaCakes118.html
-
Size
22KB
-
MD5
292e18976edfbcc879fe9adf55ab28e6
-
SHA1
fda1b838ab6cfb3965bba65a320a22daa44596ec
-
SHA256
6c236a858715ae8b044aee0dde8f9829f9478142ca38d197ae64e676b75c7552
-
SHA512
b4411dbcfd791a9d2b9734a283fcf6c671fbc7946b842ee1fba39ee5cdd129db623b27b99f261aafc678f5f7850a40ca408b5ae1dbabe54f0b5ee42bd0f36ff5
-
SSDEEP
192:uwXSb5nTNnQjxn5Q/inQieBNnSnQOkEnt6gnQTbn5nQmSixEGcYk5xHMBhqnYnQG:HQ/FdxAoGw0M
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1128 msedge.exe 1128 msedge.exe 4440 msedge.exe 4440 msedge.exe 3396 identity_helper.exe 3396 identity_helper.exe 1996 msedge.exe 1996 msedge.exe 1996 msedge.exe 1996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4440 wrote to memory of 2496 4440 msedge.exe 80 PID 4440 wrote to memory of 2496 4440 msedge.exe 80 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1820 4440 msedge.exe 81 PID 4440 wrote to memory of 1128 4440 msedge.exe 82 PID 4440 wrote to memory of 1128 4440 msedge.exe 82 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83 PID 4440 wrote to memory of 4856 4440 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\292e18976edfbcc879fe9adf55ab28e6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff9924847182⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:82⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18230837558869847445,4462685240169724843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3556
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3716
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
6KB
MD54683cbd8fb7810d74d340852caa3c1d9
SHA10aae829f9bf5fb54ce1d1e5c9505b54f68f04f72
SHA256261774a71c31be4b407e156f1f9c069a795aad0e086c1af6d4e1a9c49570e754
SHA5129036326f62088e0f87c6424467608a1092459d0c357727a59bf44ceb6ecfa7774716cb1f077efad94ed6431959e684d8144cbe65f8955de888e8fa91159e2ed2
-
Filesize
6KB
MD5efc396fc76c04968584235e9414e5b73
SHA154b304a3d5a3c035d05b000fcc71eb650d0087c3
SHA2560613e4a1540bb4c4949776583b00781878e77d84975e4b252f7604006324649b
SHA512a0b4d86b96802602082d04f1228e5bc928b02fd55fceb5a1fd90f688d3214306f9f39d1352469afd3357f0b16f60860a5beb74df5ca6b194887e1540599a405f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5069938dd23a59c90d0926cb337f3772d
SHA1c4004493fbe0a6938c8a301c1ef1b0c9d0eb2f7f
SHA256857b8c63efbfbb49837e4ee65ce648f8281c7dd5624b7db5ee2afb508a7e749a
SHA512c744040714fba3db7bd502c960c48d3665d216cb07ba5a88eaf31cdbbd15177d58f7693bd6e9ff4db558122b6b8ae8756a5fe89a7e5f608232132f4852af3749