Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
37bd3685eb43e7c5f064de65da9b08f0_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
37bd3685eb43e7c5f064de65da9b08f0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
37bd3685eb43e7c5f064de65da9b08f0_JaffaCakes118.html
-
Size
5KB
-
MD5
37bd3685eb43e7c5f064de65da9b08f0
-
SHA1
0449aa50cade50dab4f9da3b014aebe3967f666b
-
SHA256
fc2951af25b9d831dcf16e7cf2278241b7b139f7f3e1ecf8b76ed73f594c39ae
-
SHA512
a1d808064b903d3a2c1fe2a42ebc27b4b527502c51d9cd28157f2aeddc7fc7a3938d11c37927aefee5bc9a3829222a5982fde01a2e0823eb24b021f8b24969ec
-
SSDEEP
96:eu3Jht0ZDI9W0/+P3vavA4vWuPMfKwEzdUfJz7:V3JhKMToVfJ/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3520 msedge.exe 3520 msedge.exe 4656 msedge.exe 4656 msedge.exe 1276 identity_helper.exe 1276 identity_helper.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4656 wrote to memory of 1436 4656 msedge.exe 81 PID 4656 wrote to memory of 1436 4656 msedge.exe 81 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 4636 4656 msedge.exe 82 PID 4656 wrote to memory of 3520 4656 msedge.exe 83 PID 4656 wrote to memory of 3520 4656 msedge.exe 83 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84 PID 4656 wrote to memory of 2184 4656 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37bd3685eb43e7c5f064de65da9b08f0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff089647182⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9706024376962354690,1557981224569389822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD59e9f602a8edbaf0eabfefd085c492615
SHA1f34e19ee212d00225852bf1ccf6616aadbfb1986
SHA2566234c7c7ff5c2afa6a1579628b7843509d84642a425650965fda1a2ebb99cb9e
SHA512315a1e158edf8dfd7efb0458c266b865bc14f8f33af7fb2e9993dd54e3a40c9dc4fadaa7f93d451fe477b3e9f47138789acbcf737e0cfe56b3cb70a7b5066470
-
Filesize
6KB
MD575acf53b197e1b9a9173422366b1a1d9
SHA185b68c01839af5590e08ac0e6da5418d8c9eedf4
SHA256825749741575bbde10b6058c2574335253fde065c00d119b988e7f5cae2a64b6
SHA512cca96f399590a2c8bd34f77438b0c767377953808259952fe34a7fb267ba9b5f7636e789725d45b4c3827dfd5b69111f39701c808b16b2b2328d2e3afbca57fe
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD53248b7a78539eb72246276276aa21d19
SHA192008d99deaf5cc44bccaf9875202d4eef7ea1e3
SHA256c3d4edfe807486bca8f55c2d78ccf1c4dd52351befe4c2fc59a38539ded8d389
SHA512088a9cf93c3cac51aaade47786c4c4fd0f4191523eb767f427cbf51ab9cf87317e4a1e2e4b014ca9b3ad4e0736e2422e76dfac2d8f2207861711f447a6ad8fc4