Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 09:58
Static task
static1
Behavioral task
behavioral1
Sample
39844581b079e8a1e74c1fefd235e982_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
39844581b079e8a1e74c1fefd235e982_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
39844581b079e8a1e74c1fefd235e982_JaffaCakes118.html
-
Size
211KB
-
MD5
39844581b079e8a1e74c1fefd235e982
-
SHA1
02c3aab177be6c64a4852653573c9f632243f69f
-
SHA256
d1602bbbba960844a5a38af85c353c19de6a27aed3ef57719692d961aa7a9560
-
SHA512
1f381ef9e03216df51c171a3fda82375a83a573a12f4834c254750949d0f4322fc219bb3ae771d36f3f8d9584c1887cdd766d771885538c95b062526b78462cb
-
SSDEEP
6144:/9tLMAils9neSUlb5BFaACjgvl9fhs8TbnCqQV9x:VtLMAn9nzM5BFaAC8fhs8TbnCqQV9x
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 824 msedge.exe 824 msedge.exe 876 msedge.exe 876 msedge.exe 2892 identity_helper.exe 2892 identity_helper.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe 876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 876 wrote to memory of 4876 876 msedge.exe 82 PID 876 wrote to memory of 4876 876 msedge.exe 82 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 2280 876 msedge.exe 84 PID 876 wrote to memory of 824 876 msedge.exe 85 PID 876 wrote to memory of 824 876 msedge.exe 85 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86 PID 876 wrote to memory of 3776 876 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39844581b079e8a1e74c1fefd235e982_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17b046f8,0x7ffd17b04708,0x7ffd17b047182⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16587969735407856659,8079257264295479298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:868
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1616
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
480B
MD52e792f190c9981dd6e477855e81587a8
SHA1711f6394afafd336f866b5e5db9facd8c3d56b24
SHA25669f5b86790d8b79aa3bfbcf3e8613aa63e71137ab13fa8b8c62fd3e47fadec5f
SHA5120cb27bff0003e6288eba4feff0191dbae6cc434266bbd9808ca86586ef7e5dbfedb4d67d54a1d6bec4820476d29c9a4cefa9407b4bb1ab6bec1c5772369ecf74
-
Filesize
6KB
MD5bcb55d0b45c3a8d698a8a4509d0bc0a3
SHA176f9b8abf76b185f601835068534f8c006cacc2c
SHA2565c358c90b03a586dd067287b7ae71319c29a9732630d7a605f13f38d568416b4
SHA51274fe3663e59c16d67f13e68b87ec6e9ed1780e7e9ce4f47f2ee85b6c2a6f844aaaf649da338556a18ed07977a22a5f1da67f8447777bb3e2eebf043c0729db39
-
Filesize
7KB
MD559839485cff565dcb406cd8f667a4740
SHA1b8ab73ef3865a599fcf34ec8e840aa91baeb7581
SHA2564484244ca9df6195464a4b00b1e8d3c1f7c78e1f33eaf7eb9e322785edab3907
SHA512895005bbcf0dc13e1d705dfd9c04c3c324788c4d62a6e6f11ef03e21e8e1c4f98271014243b8891e3e66bbb00395d0beecc481edafbd1019a2da06a47322a659
-
Filesize
6KB
MD5210ba9090dcd1f08ecd42bee9caf9156
SHA184edee7e74dd071c1241595962797ce56d2caeaa
SHA2560a53c8c8857d4be5b6db850ad342f2fbb005ba27384235bf203bb3d6cb5365ad
SHA512b914c9655e0cda9ebef3dca029eb18ae4570d13934f7b3074ee5e4800de72e3731f882fde415abb29d13be5f3889eca434a91740289dfe9970f583424755b28a
-
Filesize
1KB
MD582fa6b5ba3c30bff8b5b8a150c3dd19f
SHA1fa3e5a25bfa3f3ed442502f5c16fa1fbba9b05b6
SHA2564d5cd71e0d1d07692b0cbcbb5fa11015baee546303f9c11749c2fd0d74e20431
SHA512f88c91205ebb9aeb4a522dbff405bebde025ff646582db0144d9df295609a80c274deed6e64f90e2ed36548e012a4080a3a04afcc9ff1492d5ffe32b00efbffc
-
Filesize
1KB
MD516856e4c90dfd16994efc93d24130462
SHA1f78feafa164fc873cbe05207cf664250e39963e0
SHA2569d4f79fc8dec4ae33cf4c799b4c90f9009ea07929ef41a61d46c95996d12e2e3
SHA5123fef5ead24c0502cd208519bd4c51754f30e25ba9e6b62d0c188fbd22d1e97d7c2453b1baac778445236d73b72aa9843393c6be68f579b8debd46c2cb0e1f174
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5c22c7158b9ab0a17e3224a061a2faa1f
SHA16ce5ff32a0576869eefd4612ae8ffa076687f52a
SHA2566ff0694454be2b9cf9d82324a8b07588f8522ba30f1275df8c3894f2ca95ea7c
SHA51219dfe04d8ff4bed9ceac1ea9d7b7d76396c42ef9f8d5ccfc6860b71dc3b3b438dfe1a0991deb584334e5c85814a20abfcbdb3f8547a474335ddf4c499509563c