Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/05/2024, 18:24
Static task
static1
Behavioral task
behavioral1
Sample
35ef5ba5ce3e5d41d57048e458350ff1_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
35ef5ba5ce3e5d41d57048e458350ff1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
35ef5ba5ce3e5d41d57048e458350ff1_JaffaCakes118.html
-
Size
46KB
-
MD5
35ef5ba5ce3e5d41d57048e458350ff1
-
SHA1
0e66faaae69d29875c6ad728066d6a13b7c64d9b
-
SHA256
84f9fbcb980c5c398b74a2e8ed786d247472c9faac7982eacc222cea4d900d62
-
SHA512
84fb1a2d92da057f0e7b616ef43d306d42e7bbe1cc5f60068d63879f5d0aadb05f2ecd6192351a3df99d8c0e1d16790331df559c1656c8287c2399392a9ce942
-
SSDEEP
768:CQ/YWYXR0VBfp0SUeVEq0ryp9hkny0+wn9A:CQ/Yjkfp0SUeVEq0mp9hkn1+wn9A
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 1220 msedge.exe 1220 msedge.exe 368 identity_helper.exe 368 identity_helper.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe 3712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe 1220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1220 wrote to memory of 3504 1220 msedge.exe 81 PID 1220 wrote to memory of 3504 1220 msedge.exe 81 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1412 1220 msedge.exe 82 PID 1220 wrote to memory of 1888 1220 msedge.exe 83 PID 1220 wrote to memory of 1888 1220 msedge.exe 83 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84 PID 1220 wrote to memory of 4324 1220 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\35ef5ba5ce3e5d41d57048e458350ff1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c04047182⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8321693195025431971,3521488245598779724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1968
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
184B
MD545996eb12c5b1a531a2d9a3f56b913ff
SHA1c61935c0ab773fc8ca70f30b06620bd6e304c092
SHA2569f1f531b5d1eb3c957e2a57f0d59533bd7bb5da6f59e230b70b1e942e6dcca33
SHA51206455d33c060be6c22db298dfd4585f15d853d471e7ebee67e35c7fd2526261e400ca536cc3e3b3acf32175ea3b8ed41ee1c0e5bd3fa811e0217d1a078af42da
-
Filesize
6KB
MD512c0791cdb5254fbc59337647d3010be
SHA1f3e26e6cdc70bd3fa5de08849af4d818b55f30ec
SHA256ba8ed98aed597ba446052a117743345c26f8e47ba374640d04881647621aa5d9
SHA512b7a69d4ec2be121c4f96f902e421e7bf80e5c5008425324d934b70d68da90aab4e9e3b4a646374c3c01ae00236b973c6848b4629477f58f82da7d9bb5c627803
-
Filesize
6KB
MD580960f494ada7072d078122d4ebc7fac
SHA1cd6589d45dbee699f663f2217b498ad4bdff86a8
SHA25688c2f690d549dff9b92759e2f6917af85011befd5198398ac719e85de42ac7c5
SHA512a38d58df6822603ad20c2f071df7097a39305f7b8852d25df3a6c651f3073a803864bee948ab8d9285aa232946aabbc1c50f72a0426ced0d3a308686dc5c9b18
-
Filesize
6KB
MD57c6d30deb99e71f1393a1552be96d018
SHA1d55adfd423547e3b72a722569f402437214564ef
SHA2564ba37875c188cf2af059a8a63d4aa8e1b94ae4a0bc04acecac3e2f8c46e229fb
SHA5129c86cf70a3eb835eb91f4c457ceda77ea1c65e55199152c9d24defba737bf82dacdc4f12515854e33a00a2fb1efe04e39d3f9c85c40572cd43b2b8a29b54ec29
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fb018d55580e2622b35f2f1883167cab
SHA1658c72203b02abf32f855deff6899715d3dc550e
SHA256480aed73999997ed09cb2e097b842e9763c70b773315adfdbf33a8224c7b1d43
SHA512a6346368656794b7a5d6eee17895f494bd3ddf33ea309c02b94af994c8bced8b6ad10d03a14f0f57dc8c4f93ce3bfbef2bb9e91710d97b28ee823149eeabd4fd