Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
39c579089d83054d59ce5b628d7c5921_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
39c579089d83054d59ce5b628d7c5921_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
39c579089d83054d59ce5b628d7c5921_JaffaCakes118.html
-
Size
461KB
-
MD5
39c579089d83054d59ce5b628d7c5921
-
SHA1
251945944edf690aa9748f0b6eae74ad1535ed5a
-
SHA256
c565d345aa2f49604292722891dcf01f616e88190a29748e2f2e2eb64eb7cbd7
-
SHA512
e3fb9c48c47d8d12dff3271ad761298d65d9e78ff0932f768b939773c34c1dca65b089682bc7880ec952969fadad4b4d1ec9475be2751c7aa9b8699ce6cb138b
-
SSDEEP
6144:SesMYod+X3oI+Y5sMYod+X3oI+YpsMYod+X3oI+YLsMYod+X3oI+YQ:15d+X3/5d+X3L5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1296 msedge.exe 1296 msedge.exe 1404 msedge.exe 1404 msedge.exe 2436 identity_helper.exe 2436 identity_helper.exe 816 msedge.exe 816 msedge.exe 816 msedge.exe 816 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe 1404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1404 wrote to memory of 4856 1404 msedge.exe 82 PID 1404 wrote to memory of 4856 1404 msedge.exe 82 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1052 1404 msedge.exe 83 PID 1404 wrote to memory of 1296 1404 msedge.exe 84 PID 1404 wrote to memory of 1296 1404 msedge.exe 84 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85 PID 1404 wrote to memory of 4704 1404 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39c579089d83054d59ce5b628d7c5921_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c1347182⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16646026597747765994,8282175018117627509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:816
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5b4829bf14fc145d8b9358ca6735aa5eb
SHA1445963617733cb26ebde551f3c0604666da58e4f
SHA256d4a728f230f672cb3fc90c20101502c43a489dc2f817a561e8c4d5fb967799ba
SHA512e3dbc8622acd8743fd3344c9897d85645b5a402c319c6839a1b7825041431f1f32294ac4fb934e3b2fbd273432edf57543e7bb26fc1d1b2766abd91cad7fa724
-
Filesize
5KB
MD5f81aaa2f90b6eb49083592fd6d42f2c6
SHA17fc12e0ea29fb1b170d120a3b946fd98234e01b8
SHA256ef81c75281171ecd1f541c24296e2a4b2f12143823b3341de0bed9b0f1c96a5c
SHA5122ea6bb2253ffda14eaffd3352107506e735658c8b8cad290568d34764429d02b6c159f60fa4386e89ea2a446895e8ab31da10255e847b49ceda3f20469b1ed90
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5878670dda4be0a10b973c2f44c5fc95e
SHA1e738801d1819c800cc405cda515049596c455500
SHA256e6579a5b12ab970ab404ed827dce21e6569def2ae157afd1a0d1ddfbccd81c0f
SHA51292a6b16535f3d9d0c0ec7f084cb4106fda589a40cb96211439991234407a169008ef2128f394b390ab6ee592c0343409d0871eb3309507962eff35260e1b578a