Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11/05/2024, 03:31
Static task
static1
Behavioral task
behavioral1
Sample
327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html
-
Size
18KB
-
MD5
327f3af904e53eea88e486265e81e4b8
-
SHA1
14cc23b62d8cd54b9df2fa1f55c66a03817b1a7e
-
SHA256
6d06f369d3046feea550dad9ba22d9adb76866fe9bc5c47d24c9c748a53806a9
-
SHA512
0978ecc9b9ded1ff558add902074371b32b8eaff0bc0827ad04d4bc4fa118140ebb5193084ea41d265b4916c357d26cb372e499e32da7ff07c57910f15eda674
-
SSDEEP
384:q2riISPUi/LHID222riI9jm4RHgN4Vg20BM:q2riIo/joF2riIRm4RHgN4Vg20i
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 264 msedge.exe 264 msedge.exe 3132 identity_helper.exe 3132 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 264 wrote to memory of 2396 264 msedge.exe 83 PID 264 wrote to memory of 2396 264 msedge.exe 83 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 3360 264 msedge.exe 84 PID 264 wrote to memory of 2404 264 msedge.exe 85 PID 264 wrote to memory of 2404 264 msedge.exe 85 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86 PID 264 wrote to memory of 2920 264 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\327f3af904e53eea88e486265e81e4b8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb428446f8,0x7ffb42844708,0x7ffb428447182⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:82⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18013383840029925776,12194088238041387443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:2196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
450B
MD5c16b935f2b947140a46939e6397aa55f
SHA1409d5e0f8a33fdb5bac4d7bbec60e33cd88d8ad9
SHA25689cf41abdb407655ace834fdc063c6a49c700b3fd790429adc8c6bf983e457fe
SHA5123a3259671f672cee859c3b135606d9c914710770a8894e408b037aba71fc4ba5be5a4bfe6c0ba4fbf6703412982a8c5c391b29e124ff52ea2df1c76a4cf018cc
-
Filesize
6KB
MD598672dc241d00efa0dd17780cf01fedf
SHA14be7e9ae5c6ba7140fc732cfc256e66ae12afcbd
SHA256b474bd2423070ee9c54668c1aae15dabf8e95cb61a4c82e872d033d27739c50c
SHA512b87847ba0cb9d1bd9ed1fde622f39244ce0c21c76232d4ad602270167b9af61f029980cb348cfd42bd204e2e3cc647b55d401f107e0a9ab47b9c2a30e86c6c4a
-
Filesize
5KB
MD5926169a6580297383945b6f3c9dc3afd
SHA1a5eaf707d18054ae08d964978dc45076aa536785
SHA256e1146442c8198707954881db24611abe92d952204d24339604d3e5952940d039
SHA5121325bba863b67b51ded99e28daca849814da9207cc593f8c532c5e51b12c28a68aef214cbae76aac16a39932e6f61ad5e85c0bcdd687dda0040c9af1fb6b0c23
-
Filesize
6KB
MD5b131b193f07698830583cbae68ff306d
SHA11dfa53b88b784d04c8343ff2387d89178fe8a970
SHA2569abc06ebd9976c1637c5d1670275462c6487e19b6219f515e992e6b215042818
SHA5127623cdc0a1ecd055bfe20b77115367cb8d223ff03ce8e44c80d1cb531ccd12d4731b4c104f550568702147287bf604fac3084f755db08c20de5943c25a6b06f1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD56946b150dac2578a4ba3ade56c3b9aca
SHA1a87d3a41ced0f973a5a46b2a81718984298ee625
SHA2564673d5a105c036b2044bca1a0718a6d341ee512408996f50a175cb5cd86b4f77
SHA512f6e8bcd07666c770634af486f05984e0f7bec817c7a36533279dc6e5e143b12300e3d2a5d823df3412ef2b2c262d3428d89ed21627e320d1b2f1514c80a86d1f
-
Filesize
11KB
MD5311e7775e88f95841b03e8a38843a312
SHA19785970f01e0b834901691ab25b955d59b7bf60e
SHA256905bbd08cbf5432b7b883f12cdd504908fdca34d9c7e04178d5e41d4e05c552a
SHA512863962a2f41c7810651430b78d7658e1ca2dfdd635f2d5954639981f0990f63d2ab43e19647c55caa777658427fb6b25315cba5d57ef7ec99851c2f1aff34c17