Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 21:07
Static task
static1
Behavioral task
behavioral1
Sample
3c943e06dde46a539186aae9c18b938f_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
3c943e06dde46a539186aae9c18b938f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
3c943e06dde46a539186aae9c18b938f_JaffaCakes118.html
-
Size
35KB
-
MD5
3c943e06dde46a539186aae9c18b938f
-
SHA1
9618caf3aa20de42f6e77c8fddc3495f3fbc93a6
-
SHA256
5a5f67c5cfe16f361e71d83010bb48971fa8fa27ad5d99b24290cdfbae81311a
-
SHA512
3c706a9c8ccae08a6a467a28ff8a9fb3426ce9c672b75a7c9c923d77a96c45f28a1ef3ff33f433af13d449c5cae4290a33e18145b2dd36ba15c2d67fa86eddf3
-
SSDEEP
768:7lwJMHlC0TCqzN2c/DBIvkCmCz9pI90ilpn9ieO5VE:7lwJMHlCuTD/DBzFCLI90ilJ9ieO5VE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 408 msedge.exe 408 msedge.exe 2256 msedge.exe 2256 msedge.exe 860 identity_helper.exe 860 identity_helper.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe 2256 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2256 wrote to memory of 1112 2256 msedge.exe 82 PID 2256 wrote to memory of 1112 2256 msedge.exe 82 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 4516 2256 msedge.exe 83 PID 2256 wrote to memory of 408 2256 msedge.exe 84 PID 2256 wrote to memory of 408 2256 msedge.exe 84 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85 PID 2256 wrote to memory of 3820 2256 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c943e06dde46a539186aae9c18b938f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6ed46f8,0x7ffea6ed4708,0x7ffea6ed47182⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18100247882425975817,17407415188858500287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
600B
MD5efffe2cda002a488a420f23341edf242
SHA16419c0a2f99392b92ee81c6253458d228a330606
SHA25638bc644db427fed589e40a666744ed8322c2948a30efe2d00cf0b5bdea7e826f
SHA5127b94409616c1a21375d4211ed696328467a4021741a7678ee4388d6a420b1378342d9350abadd80fe785a4a7be258a814b4266bdfda310c21c78c088fa43ba59
-
Filesize
6KB
MD553d72372636613a22e0b13ed25fd3b21
SHA19892dd18c33b761436813cadc0530ce142907292
SHA25635eaa012bc3fbd1d59d69f68467bcc7b7d55d8277216e2b28f676ed273377e63
SHA51260f15276c8b00897bf90d5e55c098a5539f2172a9a803f3aa772a7a6b41840a8522de7fc59e172450ef35d86e67ae6e6e60b8eca6f4ec33bedb1b2dceb5a06d9
-
Filesize
6KB
MD59395c560b94e39be285150c892bc7d20
SHA16e902e09b1d10048d4fbb123ce30f91a979f4854
SHA2562d5eb3e9a5dd3164c7489481b7e4364fe21b896ff241b70d2bcdabd90b209f1f
SHA5124f2a63a8a336795179568ce4d1e032e487d8a4b18971db074a8e5864c970711d9862decbc76c722dd988b605891f216cf98b23aa365504651b0e9d10fa4a013a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5876a0ba4ceaab96210d5de4242b0676d
SHA13c1717d66ce1e1deca4cda57694df81fb78c1339
SHA256fd5b1026a9a446b33f9ce4198448acba6a8c13e64be83459712f6b430761e9ec
SHA512f4bf6fa26efc697d254901e64263ffd8c25f98a24dc0517bb5515bf23c19fa88e0de75638fa5129d1511bbce14217288793cd15cc273e5b98045c2fbef5a12d7