Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 10:28
Static task
static1
Behavioral task
behavioral1
Sample
3f0915945896bcdca6712c3bec3196bc_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3f0915945896bcdca6712c3bec3196bc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
3f0915945896bcdca6712c3bec3196bc_JaffaCakes118.html
-
Size
460KB
-
MD5
3f0915945896bcdca6712c3bec3196bc
-
SHA1
ea331fff8c84c5544e78042b1f1cb47bcc35e798
-
SHA256
16952d5c245345cfa842bdc37799c09c38c174b25b00ccb56c6f795f213a2e9f
-
SHA512
eecb31612c129912519c56807411fe6e7bed5b0e1bc96fd817ead141b13d484f32269164aaaf0d99681d595aef0a165350d5912021281cbc717160135ad83561
-
SSDEEP
6144:SosMYod+X3oI+YWsMYod+X3oI+YksMYod+X3oI+YLsMYod+X3oI+YQ:/5d+X3u5d+X3A5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2340 msedge.exe 2340 msedge.exe 2196 msedge.exe 2196 msedge.exe 2680 identity_helper.exe 2680 identity_helper.exe 4960 msedge.exe 4960 msedge.exe 4960 msedge.exe 4960 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 1488 2196 msedge.exe 81 PID 2196 wrote to memory of 1488 2196 msedge.exe 81 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 1352 2196 msedge.exe 82 PID 2196 wrote to memory of 2340 2196 msedge.exe 83 PID 2196 wrote to memory of 2340 2196 msedge.exe 83 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84 PID 2196 wrote to memory of 1820 2196 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f0915945896bcdca6712c3bec3196bc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f47182⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:22⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,10605596107805522154,9189851626752584883,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
6KB
MD50d06fa79760f219019ff694b87f5990e
SHA1707886ba0e6a39e1c87e3d05d460fa7f69fbae0c
SHA2567f5eb10a34b512f2a2703e6e1b673977923e1de73a2677992f2b92f7239ea0de
SHA512fb21587990468e6b74d1bb8d378ac88041d16ecd953b1011d3d57f0dca1f6685088942ed8771b4dee8ef3056af08f74f62b79ada2477f92742ac1f39d0cfd851
-
Filesize
6KB
MD5a38b8ad4406eee4b640458a599a8bb9b
SHA1fc1b9a81cf79b9af33a7089ea54c1345e5d19b46
SHA256919535f92ad90f61020467747d6d19108a5d051e757ce32e4c962451b4dc5923
SHA51278dd4b3c4a3af4cc2942eef274171c08544d1550e7ba05776c23c99bcb46627007af8858ae197a75d404e94c8d3895f7417db6778520920fa7c41511609ad6b4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51aa4657ff53df9132ff25383ec433425
SHA1d4b28fb5eee81aad51e64feb31edc3b9bd14a64d
SHA25603f281298779db8b3f4540200128bc0cce036c44d93e68bd2d94c921ff654c98
SHA512d2040e32de0d818e91a1eddb46297889cf8322191af367d66488206d6fb6dde2645e34a968ebd008ab9e55194b53be9d7590f77351bd25194cd4777e0e6432e7