Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
37bc9ecaca96f45b47822b7ed69b70ef_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
37bc9ecaca96f45b47822b7ed69b70ef_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
37bc9ecaca96f45b47822b7ed69b70ef_JaffaCakes118.html
-
Size
2KB
-
MD5
37bc9ecaca96f45b47822b7ed69b70ef
-
SHA1
3a37f6cd8c2f56e21317627bd005fd7bb28360a4
-
SHA256
8d770a438706220d5394fbc4a07edd7b1c704ca7a2d388656cdb62ebf6dbfeb0
-
SHA512
2237a109440b6b9b469507ed0bd98a741b9beda161b76b02f76e7676a5891d89b600ed7ca39e2b60d265dc9831cc065e7ed334efae7c742e01d110388e8cccfb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2888 msedge.exe 2888 msedge.exe 4068 msedge.exe 4068 msedge.exe 4744 identity_helper.exe 4744 identity_helper.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4068 wrote to memory of 4368 4068 msedge.exe 82 PID 4068 wrote to memory of 4368 4068 msedge.exe 82 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2212 4068 msedge.exe 83 PID 4068 wrote to memory of 2888 4068 msedge.exe 84 PID 4068 wrote to memory of 2888 4068 msedge.exe 84 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85 PID 4068 wrote to memory of 4632 4068 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37bc9ecaca96f45b47822b7ed69b70ef_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec5a346f8,0x7ffec5a34708,0x7ffec5a347182⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9488541578066829186,683816528190207079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2344
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD52a6da41cb4783b84d72a409210d28492
SHA1c6ecf1834b1327d92fa26bce53e0305918309b30
SHA256cfaaafe53ab538c6235ab02dc178061846d94ec612425685bb94585d871794d1
SHA512039007ecc045019e3f3abb8063a7fdd91707aead28a1aabd1102203c685045b3d4abcf38ed06c9a4d611c897876ac104e13a3f438f83aa8386b352bf3164c831
-
Filesize
6KB
MD56cbec1b11b866ac9a51db532cd4da035
SHA1639d7d7ffa0ab3c134fd3464a5333ff579b9d04d
SHA2567de4efeaf05f28fd64aa52d5de3d51ec69ae7ce1cfc06b9da31a40889f32cf6a
SHA512c3d34776f9e6cc933e9fe33b5b42bdde8d8e1de513ac378656279174419ff8879de11a50cffe42d60c5f5c5ecdff47130f31dfbf5a1b8e1847717f6cf72113ea
-
Filesize
6KB
MD51f4390ddc37a58db5f4664a9adad5592
SHA102be180f7a418763f406f484bfc0c8c47ee4782f
SHA256048ba881f14983c1e8c3efb000a569a66e602171b7899df804c82b1798e3e099
SHA512b8ec6abaffae36bab15b3d576b0b2b639581d37558840229d13d3fefc65d32fbcc1836daa9841f1955728d8d1d59f9ba8c0a769e6683422f8cd34cd98fe1807a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54d9784e4356035a88c4912ad8e87ec42
SHA14081c45578834d87403edf794b6be8e75290690d
SHA256cc3c7698105a93e0b16b1302b69e8d7c43b467b62d8a6bd7b07a869ba154cf70
SHA5124294310e16d629cc633984b27bbd8b40ca71b97758e92e0aa6a7156128ae3bf033a306dda7f59faed46a60d4e3ffb516120953b296f926b35deebba5810a2004